Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Ramalho89

vírus de pendrive no PC e lentidão

Recommended Posts

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego desculpa a demora também, obrigado por me ajudar na remoção dos vírus, segue os logs solicitados DDS, ATTACH e GMER atual

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2

Run by RAMALHO at 10:13:50 on 2013-09-23

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.991.306 [GMT -3:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\Wcescomm.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\sistray.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmsrvc.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com.br/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\arquivos de programas\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [H/PC Connection Agent] "c:\arquivos de programas\microsoft activesync\Wcescomm.exe"

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [iSUSPM Startup] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [PPort11reminder] "c:\arquivos de programas\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\dados de aplicativos\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [siSUSBRG] c:\windows\SiSUSBrg.exe

mRun: [AVG_UI] "c:\arquivos de programas\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [NPSStartup] <no file>

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:36

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquivos de programas\microsoft activesync\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquivos de programas\microsoft activesync\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{21181EA5-2445-425F-A832-6B566DDF87F2} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{4AF8744A-71E9-46EF-A944-3A50F0B50CD4} : DHCPNameServer = 192.168.1.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\arquivos de programas\arquivos comuns\pure networks shared\platform\puresp4.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\arquivos de programas\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ramalho\dados de aplicativos\mozilla\firefox\profiles\2j1nd9ul.default\

FF - prefs.js: browser.startup.homepage - google.com.br

FF - prefs.js: keyword.enabled - false

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\arquivos de programas\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\arquivos de programas\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\arquivos de programas\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\arquivos de programas\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 246072]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-9-5 68352]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 171320]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-7 33112]

R2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]

R2 avgwd;Watchdog do AVG;c:\arquivos de programas\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]

S3 BprotectEx;Baidu ProtectEx;\??\c:\windows\system32\drivers\bprotectex.sys --> c:\windows\system32\drivers\BprotectEx.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-3-3 36608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-20 40776]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2011-8-1 627072]

.

=============== Created Last 30 ================

.

2013-09-20 19:06:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-09-18 19:25:45 -------- d-----w- c:\documents and settings\ramalho\aTubeCatcher

2013-09-15 18:29:45 -------- d-----w- c:\arquivos de programas\DOSBox-0.74

2013-09-15 11:47:49 165232 ---ha-w- c:\documents and settings\ramalho\dados de aplicativos\microsoft\virtual pc\VPCKeyboard.dll

2013-09-15 11:25:20 -------- d-----w- c:\arquivos de programas\Microsoft Virtual PC

2013-09-14 01:19:25 -------- d-sh--w- c:\documents and settings\ramalho\IECompatCache

2013-09-13 18:26:11 -------- d--h--w- c:\windows\system32\GroupPolicy

2013-09-08 15:27:46 -------- d-----w- c:\documents and settings\ramalho\dados de aplicativos\VideoDownloadConverter_4z

2013-09-08 15:21:59 -------- d-----w- C:\AdwCleaner

2013-09-07 16:54:23 466008 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-09-07 16:54:12 -------- d-----w- c:\documents and settings\ramalho\dados de aplicativos\DAEMON Tools Lite

2013-09-07 16:54:07 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2013-09-07 16:49:18 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\DAEMON Tools Lite

2013-09-05 17:55:04 -------- d-----w- c:\documents and settings\ramalho\dados de aplicativos\PowerISO

2013-09-05 17:37:57 68352 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-09-05 17:37:26 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Baidu Security

2013-09-05 17:36:49 -------- d-----w- c:\arquivos de programas\Baidu Security

2013-09-05 17:36:48 -------- d-----w- c:\documents and settings\ramalho\dados de aplicativos\Baidu Security

2013-08-25 13:44:36 -------- d-----w- c:\arquivos de programas\Video Download Converter

.

==================== Find3M ====================

.

2013-09-19 21:20:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-19 21:20:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-10 04:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-05 04:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-20 04:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-20 04:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-20 04:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 04:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-12 18:01:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-12 18:01:47 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-12 18:01:47 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-12 18:01:47 144896 ----a-w- c:\windows\system32\javacpl.cpl

.

============= FINISH: 10:15:19,64 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/4/2012 12:48:02

System Uptime: 23/9/2013 09:58:25 (1 hours ago)

.

Motherboard: PCCHIPS | | M871G

Processor: AMD Sempron Processor 3000+ | CPU 1 | 1796/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 36,991 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP133: 26/6/2013 17:57:57 - Removido AVG 2013

RP134: 27/6/2013 19:07:05 - Ponto de verificação do sistema

RP135: 29/6/2013 10:38:02 - Ponto de verificação do sistema

RP136: 29/6/2013 14:22:03 - Installed Windows XP Wdf01009.

RP137: 30/6/2013 19:07:33 - Ponto de verificação do sistema

RP138: 5/7/2013 15:04:53 - Ponto de verificação do sistema

RP139: 6/7/2013 18:13:36 - Ponto de verificação do sistema

RP140: 12/7/2013 12:05:12 - Ponto de verificação do sistema

RP141: 12/7/2013 15:01:00 - Removed Java 7 Update 21

RP142: 12/7/2013 15:01:40 - Instalado Java 7 Update 25

RP143: 14/7/2013 12:33:58 - Ponto de verificação do sistema

RP144: 15/7/2013 17:01:12 - Ponto de verificação do sistema

RP145: 19/7/2013 18:30:41 - Ponto de verificação do sistema

RP146: 20/7/2013 22:03:58 - Ponto de verificação do sistema

RP147: 23/7/2013 12:24:53 - Ponto de verificação do sistema

RP148: 24/7/2013 17:08:15 - Removido AVG 2013

RP149: 27/7/2013 10:33:44 - Ponto de verificação do sistema

RP150: 29/7/2013 11:05:53 - Ponto de verificação do sistema

RP151: 31/7/2013 15:19:57 - Ponto de verificação do sistema

RP152: 4/8/2013 12:34:13 - Ponto de verificação do sistema

RP153: 5/8/2013 21:33:28 - Ponto de verificação do sistema

RP154: 9/8/2013 18:37:45 - Removido AVG 2013

RP155: 14/8/2013 15:53:29 - Removido AVG 2013

RP156: 17/8/2013 12:50:53 - Ponto de verificação do sistema

RP157: 19/8/2013 18:16:52 - Ponto de verificação do sistema

RP158: 21/8/2013 11:43:21 - Ponto de verificação do sistema

RP159: 25/8/2013 18:50:32 - Ponto de verificação do sistema

RP160: 27/8/2013 15:49:08 - Ponto de verificação do sistema

RP161: 31/8/2013 09:22:23 - Removido AVG 2013

RP162: 4/9/2013 19:02:08 - Ponto de verificação do sistema

RP163: 5/9/2013 14:33:54 - livia

RP164: 6/9/2013 19:13:43 - Ponto de verificação do sistema

RP165: 7/9/2013 13:54:22 - SPTD setup V1.83

RP166: 12/9/2013 17:56:43 - Removido AVG 2013

RP167: 13/9/2013 15:19:14 - Windows XP KB942288-v3 instalado.

RP168: 14/9/2013 22:16:02 - Ponto de verificação do sistema

RP169: 15/9/2013 08:25:17 - Instalado Microsoft Virtual PC 2007

RP170: 16/9/2013 14:27:53 - Ponto de verificação do sistema

RP171: 17/9/2013 14:53:40 - Ponto de verificação do sistema

RP172: 19/9/2013 14:59:47 - Ponto de verificação do sistema

RP173: 20/9/2013 15:13:49 - Instalado VDMSound 2.0.4

RP174: 20/9/2013 20:44:20 - Removido VDMSound 2.0.4

RP175: 22/9/2013 16:08:11 - Ponto de verificação do sistema

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Apple Software Update

Ares 2.1.7

µTorrent

aTube Catcher

AVG 2013

Brother MFL-Pro Suite DCP-165C

C-Media 3D Audio

C-Media WDM Audio Driver

CCleaner

Chess 0.9

DAEMON Tools Lite

DVD Shrink 3.2

Foxit Reader 5.0

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix para Windows XP (KB942288-v3)

Java 7 Update 25

Java Auto Updater

Java SE Development Kit 7 Update 21

Linksys Wireless Manager

Malwarebytes Anti-Malware versão 1.75.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft Virtual PC 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSVC90_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Nero 7 Ultra Edition

neroxml

Nokia Connectivity Cable Driver

Nokia PC Suite

On-line Help Console

Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)

Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)

Pacote de Driver do Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)

PaperPort Image Printer

PC Connectivity Solution

PowerDVD

Pure Networks Platform

QuickTime

REALTEK Gigabit and Fast Ethernet NIC Driver

SAMSUNG USB Driver for Mobile Phones

ScanSoft PaperPort 11

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

SiS 900 PCI Fast Ethernet Adapter Driver

SiS VGA Utilities

SiSAGP driver

Suporte para Aplicativos Apple

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update Manager

WebFldrs XP

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Format Runtime

WinRAR 4.01 (32-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-23 12:34:22

Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK200-04 74,56GB

Running: gmer.exe; Driver: C:\DOCUME~1\RAMALHO\CONFIG~1\Temp\pwryrpow.sys

---- System - GMER 2.1 ----

SSDT Bhbase.sys ZwAssignProcessToJobObject [0xF74B6A10]

SSDT Bhbase.sys ZwCreateFile [0xF74B41A0]

SSDT Bhbase.sys ZwCreateKey [0xF74B39C0]

SSDT Bhbase.sys ZwCreateProcess [0xF74B60C0]

SSDT Bhbase.sys ZwCreateProcessEx [0xF74B5F60]

SSDT Bhbase.sys ZwCreateSection [0xF74B5520]

SSDT Bhbase.sys ZwCreateSymbolicLinkObject [0xF74B5B90]

SSDT Bhbase.sys ZwCreateThread [0xF74B4AB0]

SSDT Bhbase.sys ZwDeleteFile [0xF74B52A0]

SSDT Bhbase.sys ZwDeleteKey [0xF74B4450]

SSDT Bhbase.sys ZwDeleteValueKey [0xF74B4590]

SSDT Bhbase.sys ZwDeviceIoControlFile [0xF74B4EA0]

SSDT Bhbase.sys ZwDuplicateObject [0xF74B4C10]

SSDT Bhbase.sys ZwEnumerateValueKey [0xF74B4960]

SSDT Bhbase.sys ZwLoadDriver [0xF74B4D60]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF78435D0]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF7843700]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF7843010]

SSDT Bhbase.sys ZwOpenSection [0xF74B53E0]

SSDT Bhbase.sys ZwOpenThread [0xF74B6220]

SSDT Bhbase.sys ZwProtectVirtualMemory [0xF74B5A40]

SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF76D31AE]

SSDT Bhbase.sys ZwQueueApcThread [0xF74B6CB0]

SSDT Bhbase.sys ZwReadVirtualMemory [0xF74B7080]

SSDT Bhbase.sys ZwRenameKey [0xF74B5E20]

SSDT Bhbase.sys ZwRequestWaitReplyPort [0xF74B46D0]

SSDT Bhbase.sys ZwRestoreKey [0xF74B6E00]

SSDT Bhbase.sys ZwSetContextThread [0xF74B5CE0]

SSDT Bhbase.sys ZwSetInformationFile [0xF74B3C50]

SSDT Bhbase.sys ZwSetSecurityObject [0xF74B6F40]

SSDT Bhbase.sys ZwSetSystemInformation [0xF74B5160]

SSDT Bhbase.sys ZwSetValueKey [0xF74B3F00]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF7843300]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF78433E0]

SSDT Bhbase.sys ZwSystemDebugControl [0xF74B58F0]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF7843120]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF7843210]

SSDT Bhbase.sys ZwUnmapViewOfSection [0xF74B68D0]

SSDT Bhbase.sys ZwWriteFile [0xF74B3DA0]

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF78434D0]

INT 0x62 ? 85FD1CC8

INT 0x74 ? 8565BCC8

INT 0x82 ? 85FD1CC8

INT 0x83 ? 85FA6CC8

INT 0x84 ? 8565BCC8

INT 0xA4 ? 8565BCC8

INT 0xB4 ? 8565BCC8

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [00, 33, 84, F7, E0, 33, 84, ...]

.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF7387346]

? C:\WINDOWS\System32\Drivers\aip3bn2m.SYS suspicious PE modification

? C:\DOCUME~1\RAMALHO\CONFIG~1\Temp\mbr.sys A sintaxe do nome do arquivo, pasta ou nome do volume está incorreta. !

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 85FA11F8

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys

Device \FileSystem\Fastfat \FatCdrom 8543D430

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys

Device \Driver\usbohci \Device\USBPDO-0 8562C1F8

Device \Driver\usbohci \Device\USBPDO-1 8562C1F8

Device \Driver\usbohci \Device\USBPDO-2 8562C1F8

Device \Driver\usbehci \Device\USBPDO-3 856061F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys

Device \Driver\Cdrom \Device\CdRom0 8562E1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 85FD11F8

Device \Driver\atapi \Device\Ide\IdePort0 85FD11F8

Device \Driver\atapi \Device\Ide\IdePort1 85FD11F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 85FD11F8

Device \Driver\Cdrom \Device\CdRom1 8562E1F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 853C5430

Device \Driver\PCI_PNP9912 \Device\0000004b sptd.sys

Device \Driver\PCI_PNP9912 \Device\0000004b sptd.sys

Device \Driver\NetBT \Device\NetbiosSmb 853C5430

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

Device \Driver\usbohci \Device\USBFDO-0 8562C1F8

Device \Driver\usbohci \Device\USBFDO-1 8562C1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85507430

Device \Driver\usbohci \Device\USBFDO-2 8562C1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 85507430

Device \Driver\usbehci \Device\USBFDO-3 856061F8

Device \Driver\SiSRaid \Device\Scsi\SiSRaid1 85FA21F8

Device \Driver\aip3bn2m \Device\Scsi\aip3bn2m1 856051F8

Device \Driver\aip3bn2m \Device\Scsi\aip3bn2m1Port3Path0Target0Lun0 856051F8

Device \FileSystem\Fastfat \Fat 8543D430

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys

Device \FileSystem\Cdfs \Cdfs 853D6430

---- Trace I/O - GMER 2.1 ----

Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85fd11f8]<< 85fd11f8

Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f83ab8] 85f83ab8

Trace 3 CLASSPNP.SYS[f750305b] -> nt!IofCallDriver -> \Device\00000067[0x85f6f478] 85f6f478

Trace 5 ACPI.sys[f7262620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85f74940] 85f74940

Trace \Driver\atapi[0x85f5a6d8] -> IRP_MJ_CREATE -> 0x85fd11f8 85fd11f8

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xFC 0xD7 0x15 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0xB9 0xD1 0x2B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x7E 0x9A 0xF7 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xFC 0xD7 0x15 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7F 0xB9 0xD1 0x2B ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5C 0x7E 0x9A 0xF7 ...

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Ramalho89

Insira o pendrive, remova seus documentos para o Desktop, formate-o, e ainda mantenha-o conectado e execute o que se pede abaixo:

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, tudo bem? como estás? continuando a remoção dos vírus, segue o log do combofix, fico no aguardo de nova instruções, um abraço

ComboFix 13-09-24.02 - RAMALHO 25/09/2013 13:21:07.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.991.568 [GMT -3:00]

Executando de: c:\documents and settings\RAMALHO\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Dados de aplicativos\1E61481525.sys

c:\documents and settings\RAMALHO\WINDOWS

c:\windows\IsUn0416.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\328cf4037b7c6e10.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\wininit.ini

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-25 to 2013-09-25 ))))))))))))))))))))))))))))

.

.

2013-09-24 13:12 . 2013-09-24 16:22 -------- d-----w- C:\game

2013-09-20 19:06 . 2013-09-20 19:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-09-18 19:25 . 2013-09-18 19:25 -------- d-----w- c:\documents and settings\RAMALHO\aTubeCatcher

2013-09-15 18:54 . 2013-09-15 18:54 -------- d-----w- c:\documents and settings\RAMALHO\Configurações locais\Dados de aplicativos\DOSBox

2013-09-15 18:29 . 2013-09-20 18:06 -------- d-----w- c:\arquivos de programas\DOSBox-0.74

2013-09-15 11:47 . 2013-09-15 17:35 165232 ---ha-w- c:\documents and settings\RAMALHO\Dados de aplicativos\Microsoft\Virtual PC\VPCKeyboard.dll

2013-09-15 11:25 . 2013-09-15 11:25 -------- d-----w- c:\arquivos de programas\Microsoft Virtual PC

2013-09-14 01:19 . 2013-09-14 01:19 -------- d-sh--w- c:\documents and settings\RAMALHO\IECompatCache

2013-09-13 18:26 . 2013-09-13 18:26 -------- d--h--w- c:\windows\system32\GroupPolicy

2013-09-08 15:27 . 2013-09-08 15:27 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\VideoDownloadConverter_4z

2013-09-08 15:21 . 2013-09-08 15:23 -------- d-----w- C:\AdwCleaner

2013-09-07 16:54 . 2013-09-07 16:54 466008 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-09-07 16:54 . 2013-09-07 17:12 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\DAEMON Tools Lite

2013-09-07 16:54 . 2013-09-07 16:54 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2013-09-07 16:49 . 2013-09-07 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2013-09-05 17:55 . 2013-09-05 17:55 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\PowerISO

2013-09-05 17:37 . 2013-08-27 09:56 68352 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-09-05 17:37 . 2013-09-05 17:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Baidu Security

2013-09-05 17:36 . 2013-09-05 17:36 -------- d-----w- c:\arquivos de programas\Baidu Security

2013-09-05 17:36 . 2013-09-05 17:36 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-19 21:20 . 2012-10-18 01:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-19 21:20 . 2011-08-07 13:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-10 04:34 . 2012-09-21 05:45 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-05 04:43 . 2012-09-14 05:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-20 04:51 . 2012-09-21 05:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-20 04:50 . 2012-09-21 05:45 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-20 04:50 . 2012-09-13 05:11 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 04:50 . 2012-10-02 05:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-12 18:01 . 2013-07-12 18:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-12 18:01 . 2013-07-12 18:02 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-07-12 18:01 . 2013-05-15 18:24 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-12 18:01 . 2013-05-15 18:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-01 04:45 . 2012-10-05 05:26 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2004-09-02 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"PPort11reminder"="c:\arquivos de programas\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2011-8-1 331776]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-18 19:08 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-11 23:56 59280 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2010-10-27 09:00 1015808 ----a-w- c:\arquivos de programas\Ares\Ares.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2008-02-19 11:22 1089536 ------r- c:\arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-12-21 20:57 86016 ------w- c:\arquivos de programas\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2013-08-01 13:13 3673696 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-10-11 22:01 46368 ----a-w- c:\arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-04-08 11:56 1647912 ----a-w- c:\arquivos de programas\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 10:27 570664 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-10-11 22:03 29984 ----a-w- c:\arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-11-25 18:03 421888 ----a-w- c:\arquivos de programas\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 12:03 210472 ----a-w- c:\arquivos de programas\Arquivos comuns\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-03-12 10:32 253816 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2012-11-16 11:43 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [21/9/2012 02:45 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/9/2012 02:46 246072]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/9/2012 02:05 39224]

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [5/9/2013 14:37 68352]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13/9/2012 02:11 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/9/2012 02:45 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/10/2012 02:30 171320]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/9/2012 02:46 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/3/2013 16:42 33112]

R2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [4/7/2013 15:53 4939312]

R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [23/7/2013 19:09 283136]

S3 BprotectEx;Baidu ProtectEx;\??\c:\windows\System32\drivers\BprotectEx.sys --> c:\windows\System32\drivers\BprotectEx.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3/3/2013 22:48 36608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/9/2013 16:06 40776]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/8/2011 19:55 627072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-22 16:29 1177552 ----a-w- c:\arquivos de programas\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 21:20]

.

2013-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:57]

.

2013-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 11:42]

.

2013-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 11:42]

.

2013-09-24 c:\windows\Tasks\User_Feed_Synchronization-{F89A709F-BB52-41E3-8186-A960382F471F}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = https://www.google.com.br/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\RAMALHO\Dados de aplicativos\Mozilla\Firefox\Profiles\2j1nd9ul.default\

FF - prefs.js: browser.startup.homepage - google.com.br

FF - prefs.js: keyword.enabled - false

FF - prefs.js: network.proxy.type - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-Locked - (no file)

Toolbar-{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{48586425-6BB7-4F51-8DC6-38C88E3EBB58} - (no file)

HKLM-Run-Cmaudio - cmicnfg.cpl

HKLM-Run-NPSStartup - (no file)

MSConfigStartUp-Linksys Wireless Manager - c:\arquivos de programas\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe

MSConfigStartUp-nmctxth - c:\arquivos de programas\Arquivos comuns\Pure Networks Shared\Platform\nmctxth.exe

MSConfigStartUp-PC Suite Tray - c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

MSConfigStartUp-uTorrent - c:\arquivos de programas\uTorrent\uTorrent.exe

AddRemove-01_Simmental - c:\arquivos de programas\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\arquivos de programas\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\arquivos de programas\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\arquivos de programas\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\arquivos de programas\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\arquivos de programas\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\arquivos de programas\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\arquivos de programas\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\arquivos de programas\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\arquivos de programas\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\arquivos de programas\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\arquivos de programas\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\arquivos de programas\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\arquivos de programas\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\arquivos de programas\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\arquivos de programas\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\arquivos de programas\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-25 13:33

Windows 5.1.2600 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2013-09-25 13:36:56

ComboFix-quarantined-files.txt 2013-09-25 16:36

.

Pré-execução: 13 pasta(s) 39.149.912.064 bytes disponíveis

Pós execução: 17 pasta(s) 39.479.709.696 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5FE24209211522153749F127103C83AF

239FC8B1C26D5286165A956F5A98D8D7

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Ramalho89

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\windows\system32\drivers\Bhbase.sys
c:\windows\System32\drivers\BprotectEx.sys

Driver::
Bhbase
BprotectEx


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, tudo bem?, continuando, estou enviando os Logs, muito obrigado pela ajuda, um abraço

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.3 (09.27.2013:1)

OS: Microsoft Windows XP x86

Ran by RAMALHO on sex 27/09/2013 at 15:19:22,93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\RAMALHO\Dados de aplicativos\videodownloadconverter_4z"

Successfully deleted: [Folder] "C:\Arquivos de programas\video download converter"

~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\RAMALHO\Dados de aplicativos\mozilla\firefox\profiles\2j1nd9ul.default\extensions\4zffxtbr@videodownloadconverter_4z.com

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\4zffxtbr@videodownloadconverter_4z.com

Successfully deleted the following from C:\Documents and Settings\RAMALHO\Dados de aplicativos\mozilla\firefox\profiles\2j1nd9ul.default\prefs.js

user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=77fd53fc&p2=^HJ^xpi000^YYA^");

user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);

user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");

user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013090812");

user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xpi000^YYA^");

user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");

user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);

user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);

user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);

user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);

user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);

user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");

user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

Emptied folder: C:\Documents and Settings\RAMALHO\Dados de aplicativos\mozilla\firefox\profiles\2j1nd9ul.default\minidumps [3 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on sex 27/09/2013 at 15:26:35,46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.005 - Relatório criado 27/09/2013 às 15:38:49

# Atualizado 22/09/2013 por Xplode

# Sistema Operacional : Microsoft Windows XP Service Pack 2 (32 bits)

# Usuário : RAMALHO - RAMALHOS

# Executando de : C:\Documents and Settings\RAMALHO\Desktop\AdwCleaner(1).exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Documents and Settings\RAMALHO\Dados de aplicativos\Mozilla\Firefox\Profiles\2j1nd9ul.default\prefs.js ]

-\\ Google Chrome v29.0.1547.76

[ Arquivo : C:\Documents and Settings\RAMALHO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [12590 octets] - [08/09/2013 12:22:04]

AdwCleaner[R1].txt - [1250 octets] - [27/09/2013 15:37:26]

AdwCleaner[s0].txt - [12429 octets] - [08/09/2013 12:23:25]

AdwCleaner[s1].txt - [1166 octets] - [27/09/2013 15:38:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1226 octets] ##########

ComboFix 13-09-24.02 - RAMALHO 27/09/2013 16:03:06.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.991.512 [GMT -3:00]

Executando de: c:\documents and settings\RAMALHO\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\RAMALHO\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

FILE ::

"c:\windows\system32\drivers\Bhbase.sys"

"c:\windows\System32\drivers\BprotectEx.sys"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BHBASE

-------\Legacy_BPROTECTEX

-------\Service_Bhbase

-------\Service_BprotectEx

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-27 to 2013-09-27 ))))))))))))))))))))))))))))

.

.

2013-09-24 13:12 . 2013-09-25 16:54 -------- d-----w- C:\game

2013-09-20 19:06 . 2013-09-20 19:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-09-18 19:25 . 2013-09-18 19:25 -------- d-----w- c:\documents and settings\RAMALHO\aTubeCatcher

2013-09-15 18:54 . 2013-09-15 18:54 -------- d-----w- c:\documents and settings\RAMALHO\Configurações locais\Dados de aplicativos\DOSBox

2013-09-15 18:29 . 2013-09-20 18:06 -------- d-----w- c:\arquivos de programas\DOSBox-0.74

2013-09-15 11:47 . 2013-09-15 17:35 165232 ---ha-w- c:\documents and settings\RAMALHO\Dados de aplicativos\Microsoft\Virtual PC\VPCKeyboard.dll

2013-09-15 11:25 . 2013-09-15 11:25 -------- d-----w- c:\arquivos de programas\Microsoft Virtual PC

2013-09-14 01:19 . 2013-09-14 01:19 -------- d-sh--w- c:\documents and settings\RAMALHO\IECompatCache

2013-09-13 18:26 . 2013-09-13 18:26 -------- d--h--w- c:\windows\system32\GroupPolicy

2013-09-08 15:21 . 2013-09-27 18:38 -------- d-----w- C:\AdwCleaner

2013-09-07 16:54 . 2013-09-07 16:54 466008 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-09-07 16:54 . 2013-09-07 17:12 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\DAEMON Tools Lite

2013-09-07 16:54 . 2013-09-07 16:54 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2013-09-07 16:49 . 2013-09-07 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2013-09-05 17:55 . 2013-09-05 17:55 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\PowerISO

2013-09-05 17:37 . 2013-08-27 09:56 68352 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-09-05 17:37 . 2013-09-05 17:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Baidu Security

2013-09-05 17:36 . 2013-09-05 17:36 -------- d-----w- c:\arquivos de programas\Baidu Security

2013-09-05 17:36 . 2013-09-05 17:36 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-19 21:20 . 2012-10-18 01:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-19 21:20 . 2011-08-07 13:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-10 04:34 . 2012-09-21 05:45 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-05 04:43 . 2012-09-14 05:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-20 04:51 . 2012-09-21 05:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-20 04:50 . 2012-09-21 05:45 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-20 04:50 . 2012-09-13 05:11 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 04:50 . 2012-10-02 05:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-12 18:01 . 2013-07-12 18:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-12 18:01 . 2013-07-12 18:02 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-07-12 18:01 . 2013-05-15 18:24 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-12 18:01 . 2013-05-15 18:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-01 04:45 . 2012-10-05 05:26 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2004-09-02 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"PPort11reminder"="c:\arquivos de programas\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2011-8-1 331776]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-18 19:08 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-11 23:56 59280 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2010-10-27 09:00 1015808 ----a-w- c:\arquivos de programas\Ares\Ares.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2008-02-19 11:22 1089536 ------r- c:\arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-12-21 20:57 86016 ------w- c:\arquivos de programas\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2013-08-01 13:13 3673696 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-10-11 22:01 46368 ----a-w- c:\arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-04-08 11:56 1647912 ----a-w- c:\arquivos de programas\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 10:27 570664 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-10-11 22:03 29984 ----a-w- c:\arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-11-25 18:03 421888 ----a-w- c:\arquivos de programas\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 12:03 210472 ----a-w- c:\arquivos de programas\Arquivos comuns\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-03-12 10:32 253816 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2012-11-16 11:43 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [21/9/2012 02:45 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/9/2012 02:46 246072]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/9/2012 02:05 39224]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13/9/2012 02:11 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/9/2012 02:45 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/10/2012 02:30 171320]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/9/2012 02:46 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/3/2013 16:42 33112]

R2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [4/7/2013 15:53 4939312]

R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [23/7/2013 19:09 283136]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3/3/2013 22:48 36608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/9/2013 16:06 40776]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/8/2011 19:55 627072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-22 16:29 1177552 ----a-w- c:\arquivos de programas\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 21:20]

.

2013-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:57]

.

2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 11:42]

.

2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 11:42]

.

2013-09-26 c:\windows\Tasks\User_Feed_Synchronization-{F89A709F-BB52-41E3-8186-A960382F471F}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = https://www.google.com.br/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\RAMALHO\Dados de aplicativos\Mozilla\Firefox\Profiles\2j1nd9ul.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-VDC_is1 - c:\arquivos de programas\Video Download Converter\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-27 16:23

Windows 5.1.2600 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(3316)

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroSearchBar.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\MFC71U.DLL

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre7\bin\jqs.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquiv~1\MI3AA1~1\rapimgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-09-27 16:29:13 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-09-27 19:29

ComboFix2.txt 2013-09-25 16:36

.

Pré-execução: 16 pasta(s) 43.400.749.056 bytes disponíveis

Pós execução: 17 pasta(s) 43.323.310.080 bytes disponíveis

.

- - End Of File - - 0919F1B716DD9158B7D5E55E2D664ABB

239FC8B1C26D5286165A956F5A98D8D7

:rolleyes:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Ramalho89

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Folder::
c:\documents and settings\All Users\Dados de aplicativos\Baidu Security
c:\arquivos de programas\Baidu Security
c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, tudo bem? segue os logs do Combofix e Malwarebytes, um abraço

ComboFix 13-09-24.02 - RAMALHO 30/09/2013 12:57:37.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.991.572 [GMT -3:00]

Executando de: c:\documents and settings\RAMALHO\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\RAMALHO\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\Baidu Security

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ie8-windowsxp-kb971961-x86-ptb_2b8ac10ec3d4b742f3efa3dc46edd35cc093cda2.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ie8-windowsxp-kb978207-x86-ptb_5d12086978de47f4d9909b99efe96388bdb7d39d.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ie8-windowsxp-kb981332-x86-ptb_a20800625128c8b25d31e91726ca1ce0844e1602.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ie8-windowsxp-kb982381-x86-ptb_7b23a17bcd73ae5bf28f4911206aceb5263d93dd.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp20sp2-kb2604092-x86_8ffc64599603264e79a0caaaf51e3393942fae06.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp20sp2-kb2729450-x86_2e3100a991fc67b39350d431055bb005f9bb0487.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp20sp2-kb2742596-x86_a0b11aaa133b0a15295bde2ec77680314f3200cc.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp20sp2-kb2789643-x86_252af3b6f715b2446fac3b169b1aa9711bce6bfd.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp20sp2-kb2804577-x86_7481153ea9bf91d69fda639c3ca405c42e628944.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp20sp2-kb2833940-x86_1421c5648e03a03f8b376897e0568ff322ec2308.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp20sp2-kb2844285-v2-x86_b2407fdad98f8c0a682ca61825804022cc35cde0.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp30sp2-kb2756918-x86_0171f9344ff6aef983e78241b4463190c77d847a.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp30sp2-kb2832411-x86_5a169c4c0ca3819fe7745faf894e50708008efd1.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp35sp1-kb2736416-x86_93368f49226c00b8ddb32723196ddfbb275c8765.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\ndp35sp1-kb2840629-x86_3a7890d49029e2383d7887b5abbd771cea442edf.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\silverlight_9537e817a99b2a1e2522fd60dbb85a3f4c5037c8.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsmedia-kb911564-x86-ptb_f92eee2feaba9f92cc6dea07e58dc6807b537ea3.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsmedia6-kb925398-v2-x86-ptb_0a48116b0b132e4d8a4269d2a7426e86a6e3de1f.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsmedia9-kb936782-x86-ptb_1850571d09659d8163fe574f0329f9bb2b39b283.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb2229593-x86-ptb_7566dc02b305dd1ea9f618051ab0b3bd59f68830.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb873339-x86-ptb_e6c767d538444e651cb622b85a52aad7796bc497.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb885835-x86-ptb_3a2616fea920641f56904c39418828b708452f81.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb885836-x86-ptb_67ca928dd6bce71642d2d91cc27c3d99016b3b4a.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb888302-x86-ptb_d772f28627cfc226723e8f702101afa6c80a360e.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb890859-x86-ptb_4e012005fd9018c1e18fc7941020d300512560a8.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb891781-x86-ptb_a4210679d7a86d17b3cb6774a21c151d449aad84.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb893756-x86-ptb_dbd84d0e8601c056f0dd2bc8d67ce0abd7929d1a.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb896358-x86-ptb_d937cf48bda48933ba137b3affacb15c93dd6789.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb896423-x86-ptb_72bdc6d5b1dcef4924f5f9d747fd9ffc1c6476d9.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb900725-x86-ptb_c23138476deee728908aeb8c1b0c183059720293.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb901017-x86-ptb_cb9bf4c969897da429a3d241ae1a71977ccf5a26.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb901214-x86-ptb_fd544b82151aeac5ead79d1ec60601e41d48e249.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb902400-x86-ptb_50cbd0b3e6284cb7778f616958a0c2739f0762aa.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb905749-x86-ptb_e767d60a7c7d46b85ddfb548e1d6cebe99aa5984.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb908519-x86-ptb_e25efc107a8a8d8ba5c3d698258427631d5bb07a.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb908531-v2-x86-ptb_d169a75ae3f64cd86f69cfe4c3563cd792b5fa89.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb911280-v2-x86-ptb_b5a6fbcc5141fe6c633ad671eeaf8503dfc8eeb3.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb911562-x86-ptb_198397b9ecacc325756d7434ee66d30562e01bd8.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb911927-x86-ptb_4d4d856e4e66d2c792de4159643e694dc945c818.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb914388-x86-ptb_ec39e25e9ff4f5549c65b25b60da8fce3713fba6.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb914389-x86-ptb_c8229dd39b13a6ce2f3919083d950885bcf5c1ea.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb918118-x86-ptb_b53a8d102143faf9575d9880eb40c6ef82e5e2f8.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb920213-x86-ptb_368f5709b9aa927a717a36f372b28c8add886b71.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb920670-x86-ptb_490018a308b9defc1e1f23d198b5d34b2660b65c.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb920683-x86-ptb_b4dd08d10a5f083ead1043cdeb399e6a2a5c1171.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb923191-x86-ptb_7668c92d1160ca635a2e3879c2ab6385036293d8.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb923561-x86-ptb_0cf1c64e354f2240a215b6a2176a9e62a2b40835.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb923980-x86-ptb_d987c6b5a5d590f7355ea6b51302d98311f08f2e.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb924270-x86-ptb_7314474f76c83d239083f25ce6e7f058413e135c.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb924667-x86-ptb_3c607d554a8fdd0ae8f1f4926a1573069ab7362b.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb925902-x86-ptb_efa2545b5c2a41fe8b4c3b677adf5c98b28bf5b3.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb926255-x86-ptb_6d13790b832497b54a04bffcb2d6b44d80b6bebe.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb926436-x86-ptb_c5f83fbc33ff43558cf72db11827c4c6ffbb2f16.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb927779-x86-ptb_53a766f5908f013083bdec2a92f1a04e905a860f.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb927802-x86-ptb_1846f96b4ec8c4fee2d36a94298349235173fafe.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb928255-x86-ptb_ff96b3a4f1ba8fdb082163cc854b3f806f9ea5eb.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb928843-x86-ptb_a4d6c7a6ccd61d17700867dd73ae84256ffe3f40.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb929123-x86-ptb_4de1af6d4b5058f105fd2e77737e0750e52fc6e7.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb930178-x86-ptb_5dc9a933c1a5df2353572e8f98fc34bce77d15dd.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb931261-x86-ptb_1696f4aa560bb7f66237a68e7d34ade8223342ed.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb932168-x86-ptb_865346bcdc746d65bff28935d5b1de4bb093d90c.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb933729-x86-ptb_7bf455c7237a8b3afd58bc945f3141ae874a91a7.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb937894-x86-ptb_35baf8c55c879c93cfc4e467c67b87104dc3a75b.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb941569-x86-ptb_ab4dd1ab9a976fd443e85a2ba5aed026e50ba172.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb943055-x86-ptb_0ad4eeb594a64ec7a636eb6765542408d7cdbc1d.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb943460-x86-ptb_bb7f1e4eb1c8c1b15aad55a59c7ccb70204abfbe.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb944653-x86-ptb_63aece948749c259b83a4c9daa18a552c7fec0b2.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb945553-x86-ptb_2b6524f5a60e60dcfa21ee4527eee3bbeab52416.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb946026-x86-ptb_267403c94d6a9089160be79d4b49374d2eeb7a09.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb950749-x86-ptb_536056e53dd201a4b69eeb2e478f029a8b2d53aa.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb950762-x86-ptb_a96cdf0c3f35e17bd49c7d6e82aa7f8776f10ec2.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb950974-x86-ptb_225d8f046359f56f63aa587447fadcf1d8f358c0.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb951376-v2-x86-ptb_448420b90ab9a8f576b0de9e5ba198dcd780109d.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb951748-x86-ptb_cda7587f04d8a8b95771ca8a632d86c934328274.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb952004-x86-ptb_4098d5a0ab60d66e3a73915a43d0c9150b04e91d.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb952954-x86-ptb_d2bcc08f31feaaf8177520960e7be9015c2f890a.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb955069-x86-ptb_7cd49a9008f990245a144e9790d6f95a097742f4.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb956572-x86-ptb_dcb2550d19d187880fdea0137b065fa90f78c635.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb956802-x86-ptb_4ebf39e2df929832ff862a4f9542f0ac1a92a0b8.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb956803-x86-ptb_41fc52d91a9750d9087a714163b396dd381e2020.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb956844-x86-ptb_35f16b92b50b2ba36fbd1bca625c53a02f5fcfc0.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb958470-x86-ptb_ef6de4bd4dccce2502162babf7a49c2bc7f2103e.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb958644-x86-ptb_bf82bda995dfd3fdecf7a0bd9bb3102b74b21866.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb958869-x86-ptb_c7e81f423df7963bbdd6dca9146b9aca988b5a38.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb960225-x86-ptb_c66f71d00fe304b9d4ed4e262c248dea52855e60.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb960803-x86-ptb_05f993a032b7fa73c93f26e69ba2613032973247.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb960859-x86-ptb_c280319b33a78d44ac22ee54b6185e35996dd518.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb961501-x86-ptb_e3130dfffae17a22aeba4e8c151ac9c4a614cded.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb969059-x86-ptb_7837cb711dd72a95e98ed222d818dcaa8a509a70.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb970238-x86-ptb_e37c17f17326fb474346e11041e0f65130abd44e.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb971032-x86-ptb_1ac3b754d940d80873c429cbc51e1d13d4b0ed2d.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb971468-x86-ptb_14028efed8fa9ada6b7a351d1980daeef0303386.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb971657-x86-ptb_5dfac7645ea5fae9f32197d75d6f60968838ccd1.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb972270-x86-ptb_b22cc7594dc58b068c74c050da5fca1a7bf5d640.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb973507-x86-ptb_9f21df92db0ada1f7fd5cfe5ea29276a13549395.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb973815-x86-ptb_e5b1509e794c14faa99b31a61ded17e422f34314.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb973869-x86-ptb_86864d2ece9a85e5460d400b5163158b30f57158.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb973904-x86-ptb_a633819ce0fa494b670ac72c22163fe9104cee02.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb974112-x86-ptb_446be62540d81733bd8392d2e9667a00a4dd6dd2.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb974318-x86-ptb_26411602b9fd982c3388999730fad0f951c95371.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb974392-x86-ptb_ac1a72c868f029e5592afcbbfe5119a1b5df0666.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb974571-x86-ptb_3686ffcc53c4fedeb4fbe24996bc8d9d4957e52c.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb975025-x86-ptb_118beb604da2c208aaecbb73161fba68045aad58.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb975560-x86-ptb_6fbe3ade07299ab6df7b13ab91c449592f09775a.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb975561-x86-ptb_cde40c0dc3e04346ec6755e6dd0ae0d5a5d00b14.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb975562-x86-ptb_0c166f7474fbcc2076a6ca3c59b352f9bce3e610.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb975713-x86-ptb_92187fc5fcdfb6c7092aee9c0ed6fc22fc729099.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb977816-x86-ptb_88d9353194898503551f7ee6917705e38e7cb3a0.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb977914-x86-ptb_2efef4436cbb3ef7674d4f755413e2fde7a7fae7.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb978037-x86-ptb_5a336d766c2b66fb5b3c2048ee14c93a20bd8b72.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb978542-x86-ptb_bc299db5d61d0c187bc007d4fe57cd2fc675a35a.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb978601-x86-ptb_f5ad266b7091005901a512d149052e285015723c.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb979309-x86-ptb_6c4540330ce8b165d0642a4d97f7b4ba523f3cd3.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb979482-x86-ptb_a39d4f8ec0106090d2702221a4aa66c556ad1200.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb979559-x86-ptb_079e5925c717f7b9b5979ce98c5cde63780843c8.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb979683-x86-ptb_b295853306d0dd8444f182caad77b34ec9ab16c9.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb980218-x86-ptb_0babc78d1fa1d59458e878e6f3d9ee01d21e01ee.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windowsxp-kb980232-x86-ptb_1ffe68377e79e359cea6f98ac34f4d552f66cbc2.exe

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\sysopt\optbt.dat

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\sysopt\opthis.dat

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\sysopt\user_process_list

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\sysopt\user_schtask_list

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\sysopt\user_service_list

c:\documents and settings\All Users\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\sysopt\user_startrun_list

c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security

c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\Communication.dll

c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\InstallUtility.dll

c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\log.dll

c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\Communication.dll

c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\InstallUtility.dll

c:\documents and settings\RAMALHO\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\log.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-28 to 2013-09-30 ))))))))))))))))))))))))))))

.

.

2013-09-24 13:12 . 2013-09-30 14:33 -------- d-----w- C:\game

2013-09-20 19:06 . 2013-09-20 19:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-09-18 19:25 . 2013-09-18 19:25 -------- d-----w- c:\documents and settings\RAMALHO\aTubeCatcher

2013-09-15 18:54 . 2013-09-15 18:54 -------- d-----w- c:\documents and settings\RAMALHO\Configurações locais\Dados de aplicativos\DOSBox

2013-09-15 18:29 . 2013-09-20 18:06 -------- d-----w- c:\arquivos de programas\DOSBox-0.74

2013-09-15 11:47 . 2013-09-15 17:35 165232 ---ha-w- c:\documents and settings\RAMALHO\Dados de aplicativos\Microsoft\Virtual PC\VPCKeyboard.dll

2013-09-15 11:25 . 2013-09-15 11:25 -------- d-----w- c:\arquivos de programas\Microsoft Virtual PC

2013-09-14 01:19 . 2013-09-14 01:19 -------- d-sh--w- c:\documents and settings\RAMALHO\IECompatCache

2013-09-13 18:26 . 2013-09-13 18:26 -------- d--h--w- c:\windows\system32\GroupPolicy

2013-09-08 15:21 . 2013-09-27 18:38 -------- d-----w- C:\AdwCleaner

2013-09-07 16:54 . 2013-09-07 16:54 466008 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-09-07 16:54 . 2013-09-07 17:12 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\DAEMON Tools Lite

2013-09-07 16:49 . 2013-09-07 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2013-09-05 17:55 . 2013-09-05 17:55 -------- d-----w- c:\documents and settings\RAMALHO\Dados de aplicativos\PowerISO

2013-09-05 17:37 . 2013-08-27 09:56 68352 ----a-w- c:\windows\system32\drivers\Bhbase.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-19 21:20 . 2012-10-18 01:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-19 21:20 . 2011-08-07 13:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-10 04:34 . 2012-09-21 05:45 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-05 04:43 . 2012-09-14 05:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-20 04:51 . 2012-09-21 05:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-20 04:50 . 2012-09-21 05:45 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-20 04:50 . 2012-09-13 05:11 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 04:50 . 2012-10-02 05:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-12 18:01 . 2013-07-12 18:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-12 18:01 . 2013-07-12 18:02 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-07-12 18:01 . 2013-05-15 18:24 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-12 18:01 . 2013-05-15 18:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"PPort11reminder"="c:\arquivos de programas\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]

"AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2011-8-1 331776]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\arquiv~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-18 19:08 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-10-11 23:56 59280 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2010-10-27 09:00 1015808 ----a-w- c:\arquivos de programas\Ares\Ares.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2008-02-19 11:22 1089536 ------r- c:\arquivos de programas\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-12-21 20:57 86016 ------w- c:\arquivos de programas\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-10-11 22:01 46368 ----a-w- c:\arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-04-08 11:56 1647912 ----a-w- c:\arquivos de programas\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 10:27 570664 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-10-11 22:03 29984 ----a-w- c:\arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-11-25 18:03 421888 ----a-w- c:\arquivos de programas\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

2004-09-02 05:47 49152 ----a-r- c:\windows\system32\SiSPower.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 12:03 210472 ----a-w- c:\arquivos de programas\Arquivos comuns\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-03-12 10:32 253816 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2012-11-16 11:43 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [21/9/2012 02:45 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/9/2012 02:46 246072]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/9/2012 02:05 39224]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13/9/2012 02:11 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/9/2012 02:45 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/10/2012 02:30 171320]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/9/2012 02:46 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/3/2013 16:42 33112]

R2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [4/7/2013 15:53 4939312]

R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [23/7/2013 19:09 283136]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3/3/2013 22:48 36608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/9/2013 16:06 40776]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/8/2011 19:55 627072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-22 16:29 1177552 ----a-w- c:\arquivos de programas\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 21:20]

.

2013-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:57]

.

2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 11:42]

.

2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-11-16 11:42]

.

2013-09-30 c:\windows\Tasks\User_Feed_Synchronization-{F89A709F-BB52-41E3-8186-A960382F471F}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = https://www.google.com.br/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\RAMALHO\Dados de aplicativos\Mozilla\Firefox\Profiles\2j1nd9ul.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKCU-Run-AVG-Secure-Search-Update_0913b - c:\documents and settings\RAMALHO\Dados de aplicativos\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe

MSConfigStartUp-DAEMON Tools Lite - c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-30 13:15

Windows 5.1.2600 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2013-09-30 13:20:12

ComboFix-quarantined-files.txt 2013-09-30 16:20

ComboFix2.txt 2013-09-27 19:29

ComboFix3.txt 2013-09-25 16:36

.

Pré-execução: 16 pasta(s) 42.233.606.144 bytes disponíveis

Pós execução: 17 pasta(s) 41.960.570.880 bytes disponíveis

.

- - End Of File - - 1C3DF8CEFEFCBFA011B8CDCD8EF4C59C

239FC8B1C26D5286165A956F5A98D8D7

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.09.30.06

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

RAMALHO :: RAMALHOS [administrador]

30/9/2013 13:25:04

mbam-log-2013-09-30 (13-25-04).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 188256

Tempo decorrido: 16 minuto(s), 16 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

:rolleyes:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Ramalho89

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, beleza, continuando segue o log do Kaspersky (bem pequeno o log!), ele detectou este trojan, estou mandando em anexo também uma imagem do disco local C: mostrando a pasta do recycler e autorun.info, um abração amigo

Status: Detected (events: 1)

4/10/2013 11:41:37 Detected Trojan program Packed.Win32.Krap.hc C:\System Volume Information\_restore{3F7809EF-83AC-48A5-8020-9FE73807A697}\RP165\A0076386.exe High

:rolleyes:

post-1063593-13884966855952_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Ramalho89

Faça o download do SystemLook em seu desktop.

Link Alternativo

  • Clique duas vezes no ícone 4119586963_6274067071_o.gif
  • Clique em executar;
  • Copie (ctrl+c) conteúdo abaixo:

:dir /s

C:\autorun.inf
C:\Recycler

:contents
C:\autorun.inf

E cole (ctrl+v) no espaço indicado na imagem:

4120361504_f66dd92e95_o.jpg

  • Clique em 4119586997_32a5666660_o.jpg
  • Aguarde;
  • Ao término será aberto o log do scan;
  • Clique em 4120361454_3c264d5fca_o.jpg
  • Poste todo o conteúdo em sua próxima resposta.

Note:
O log também pode ser encontrado no desktop com o nome:
SystemLook.
txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como vai Diego, tudo beleza, segue o log do SystemLook, não demorou não, foi rapidinho, um abraço

SystemLook 30.07.11 by jpshortstuff

Log created at 13:04 on 07/10/2013 by RAMALHO

Administrator - Elevation successful

Invalid Context: dir /s

No Context: C:\autorun.inf

No Context: C:\Recycler

========== contents ==========

C:\autorun.inf - Unable to open file.

-= EOF =-

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego como estás, na verdade eu já uso o flash desinfector a algum tempo, mesmo ante de começar a remoção com vocês, eu tentei deletar e apareceu estas mensagens (está em anexo em jpeg) dê uma olhada na imagens: agradeço pela paciência

:huh:

post-1063593-1388496686113_thumb.jpg

post-1063593-13884966861927_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então, o flash desinfector ele vacina o PC e cria esses arquivos para que os mesmos não sejam deletados e/ou modificados por malware, caso queira realmente excluí-los, creio que deva fazer isso em Modo Seguro e como Administrador ;)

Ok quanto a isso? Podemos continuar?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok Diego vamos continuar, acho que passando um programa tipo o Hijackthis ou outro (você é quem manda) só pra saber se está limpo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Ramalho89

Ok... então podemos dar como log limpo :)

>>>> De resto domo está o computador?

# Etapa nº 1 #

Vamos desinstalar o ComboFix:

Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

Ou se preferir vá em,

iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

# Etapa nº 2 #

Faça download do OTC by OldTimer e salve em seu desktop.

  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.

# Etapa nº 3 #

  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.

# Etapa nº 4 #
O seu Java está desatualizado.
Atenção: Desinstale TODAS as versões antigas do Java.
  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

# Etapa nº 5 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego tudo bem? acredito que de vírus tá limpo, só que depois de passar o OTC começou a aparecer uma mensagem do windows Installer (veja a imagem), e outro probleminha que já estava antes da remoção é que ele demora muito para inicializar veja na imagem se é algum desse programas afeta, um abraço amigo

post-1063593-13884966870233_thumb.jpg

post-1063593-13884966871156_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você teria o CD/DVD de instalação do Windows? Caso não, tente atualizar o Windows :rolleyes:

é que ele demora muito para inicializar veja na imagem se é algum desse programas afeta
Deixe apenas serviços do sistema ;)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok Diego (não sei se é aqui que finaliza o tópico), quero agradecer a você e a equipe do Clube do Hardware por me ajuda na remoção dos vírus, valeu pela paciência, um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×