Ir ao conteúdo
  • Cadastre-se
rodpavao

Vírus Autorun.inf

Recommended Posts

Bom dia amigos!

Com certeza ao acessar o computador da universidade esta semana, na correria de trabalhos, seminários, provas... Meu pendrive foi infectado pelo famoso "autorun.inf". Eis que apareceram os já conhecidos sintomas, criando atalhos em pastas, acontecendo o mesmo no meu celular ao eu coloca-lo no meu notebook...

Buscando topicos similares sobre autorun.inf aqui no fórum não encontrei algum finalizado com sucesso. Resolvi abrir este e eis os logs para análise:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Rodrigo Pavão at 8:56:43 on 2013-09-20

Microsoft Windows 8 Pro 6.2.9200.0.1252.55.1046.18.4044.2719 [GMT -3:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

C:\Windows\system32\AdminService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Windows\system32\dashost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\msiexec.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Rodrigo Pavão\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

C:\Users\Rodrigo Pavão\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Users\Rodrigo Pavão\Documents\PROGRAMAS ANTI-MALWARES\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Ask Shopping Toolbar: {41545533-2D53-4154-00A7-7A786E7484D7} -

BHO: Ask Toolbar: {41545534-2D56-3700-76A7-7A786E7484D7} -

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

TB: Ask Toolbar: {41545534-2D56-3700-76A7-7A786E7484D7} -

TB: Ask Shopping Toolbar: {41545533-2D53-4154-00A7-7A786E7484D7} -

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

uRun: [uTorrent] "C:\Users\Rodrigo Pavão\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [60b] C:\Users\Rodrigo Pavão\AppData\Roaming\76af7\60b.js

uRunOnce: [!UnThreat AntiVirusOnce] C:\Users\Rodrigo Pavão\Downloads\UnThreatFreeSetup.exe

mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Rodrigo Pavão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3232.js

StartupFolder: C:\Users\RODRIG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rodrigo Pavão\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474}\05561636F636B602E4564777F627B6 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474}\841425440225F434B402E45445 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474}\94348435 : DHCPNameServer = 10.56.0.1 200.11.0.52

TCP: Interfaces\{C1603DD7-DE1F-40F2-B5CF-737FE4EF97A9} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rodrigo Pavão\AppData\Roaming\Mozilla\Firefox\Profiles\u9vanjvv.default\

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-5 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]

R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]

R2 APNMCP;Serviço de atualização Ask;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-8-29 164816]

R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2012-8-29 208384]

R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2013-7-1 2358656]

R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-3-29 342632]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]

S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== Created Last 30 ================

.

2013-09-20 11:50:58 -------- d-----w- C:\Users\Rodrigo PavÒo\AppData\Local\Microsoft

2013-09-20 11:43:46 -------- d-----w- C:\Program Files (x86)\FindyKill

2013-09-18 13:54:40 -------- d-sh--w- C:\Users\Rodrigo Pavão\AppData\Roaming\76af7

2013-09-18 13:54:39 -------- d-sh--w- C:\776

2013-09-17 00:00:49 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-09-12 10:11:30 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin

2013-09-05 04:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-08-24 12:42:47 -------- d-----w- C:\Users\Rodrigo Pavão\AppData\Roaming\Mp3tag

2013-08-24 12:40:36 -------- d-----w- C:\Program Files (x86)\Mp3tag

.

==================== Find3M ====================

.

2013-08-10 16:49:16 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll

2013-08-10 16:49:15 312832 ----a-w- C:\Windows\System32\LocationApi.dll

2013-07-27 14:08:33 706250 ----a-w- C:\Users\Rodrigo Pavão\AppData\Roaming\unins000.exe

2013-07-20 04:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-07-20 04:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-07-20 04:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-07-20 04:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-07-18 05:04:48 248632 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys

2013-07-01 04:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

============= FINISH: 8:56:50,03 ===============

------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 01/07/2013 12:09:12

System Uptime: 20/09/2013 08:48:25 (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | N/A | 2301/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 105,384 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\SNY5001\4&1C6E6807&0

Manufacturer:

Name:

PNP Device ID: ACPI\SNY5001\4&1C6E6807&0

Service:

.

==== System Restore Points ===================

.

RP12: 26/08/2013 09:06:55 - Ponto de Verificação Agendado

RP13: 05/09/2013 08:08:54 - Ponto de Verificação Agendado

RP14: 14/09/2013 07:08:47 - Ponto de Verificação Agendado

RP15: 17/09/2013 22:42:52 - Removed Skype™ 4.2

.

==== Installed Programs ======================

.

7-Zip 4.65

Apple Software Update

Arquivo do WinRAR

ASIO4ALL

Ask Shopping Toolbar

Ask Toolbar

µTorrent

aTube Catcher

AVG 2013

CCleaner

ConvertXtoDVD 4.1.9.347

D3DX10

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dic Michaelis - UOL

Doro 1.64

Dropbox

DVD Shrink 3.2

EVEREST Ultimate Edition v5.00

FindyKill

FormatFactory 3.0.1

Free WebM Video Converter version 5.0.28.827

Galeria de Fotos

Google Chrome

Google Update Helper

High-Definition Video Playback 10

Intel® Processor Graphics

K-Lite Mega Codec Pack 5.0.0

Last.fm Scrobbler 2.1.35

Módulo de Proteção Santander 3.2.0.2

Microsoft Access MUI (Portuguese (Brazil)) 2013

Microsoft Application Error Reporting

Microsoft DCF MUI (Portuguese (Brazil)) 2013

Microsoft Excel MUI (Portuguese (Brazil)) 2013

Microsoft Groove MUI (Portuguese (Brazil)) 2013

Microsoft InfoPath MUI (Portuguese (Brazil)) 2013

Microsoft Lync MUI (Portuguese (Brazil)) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (Portuguese (Brazil)) 2013

Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (Portuguese (Brazil)) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013

Microsoft Office Shared MUI (Portuguese (Brazil)) 2013

Microsoft OneNote MUI (Portuguese (Brazil)) 2013

Microsoft Outlook MUI (Portuguese (Brazil)) 2013

Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013

Microsoft Primary Interoperability Assemblies 2005

Microsoft Publisher MUI (Portuguese (Brazil)) 2013

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Word MUI (Portuguese (Brazil)) 2013

Movie Maker

Mozilla Firefox 20.0 (x86 pt-BR)

Mozilla Maintenance Service

Mp3tag v2.57

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT110

MSVCRT110_amd64

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Nokia Connectivity Cable Driver

Nokia PC Suite

Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)

Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)

Pacote de Driver do Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)

PC Connectivity Solution

Photo Common

Photo Gallery

PhotoScape

Picasa 3

QuickTime

Revisores de Texto do Microsoft Office 2013 – Português do Brasil

Security Update for Microsoft Lync 2013 (KB2817465) 64-Bit Edition

Skype Toolbars

Skype™ 4.2

Suporte para Aplicativos Apple

TeamViewer 6

Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition

Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817482) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817489) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817491) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817492) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition

Update for Microsoft Outlook 2013 (KB2817468) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2817469) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2767863) 64-Bit Edition

Update for Microsoft Word 2013 (KB2810086) 64-Bit Edition

Visual Studio 2010 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinMend Auto Shutdown 1.3.0.0

.

==== End Of File ===========================

-----------------------------------------------------------

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-20 09:22:22

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD5000BPVT-55HXZT2 rev.01.01A01 465,76GB

Running: gmer.exe; Driver: C:\Users\RODRIG~1\AppData\Local\Temp\fgtoapog.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -194570869

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\90004ecfcf92

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\90004ecfcf92@bce59f83313c 0x0A 0x07 0x06 0xE4 ...

---- EOF - GMER 2.1 ----

--------------------------------------------------------

Grande abraço e agradeço desde já a ajuda para eliminar este problema!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 01/07/2013 12:09:12

System Uptime: 20/09/2013 08:48:25 (101 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | N/A | 2301/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 92,553 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\SNY5001\4&1C6E6807&0

Manufacturer:

Name:

PNP Device ID: ACPI\SNY5001\4&1C6E6807&0

Service:

.

==== System Restore Points ===================

.

RP13: 05/09/2013 08:08:54 - Ponto de Verificação Agendado

RP14: 14/09/2013 07:08:47 - Ponto de Verificação Agendado

RP15: 17/09/2013 22:42:52 - Removed Skype™ 4.2

.

==== Installed Programs ======================

.

7-Zip 4.65

Apple Software Update

Arquivo do WinRAR

ASIO4ALL

Ask Shopping Toolbar

Ask Toolbar

µTorrent

aTube Catcher

AVG 2013

CCleaner

ConvertXtoDVD 4.1.9.347

D3DX10

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dic Michaelis - UOL

Doro 1.64

Dropbox

DVD Shrink 3.2

EVEREST Ultimate Edition v5.00

FindyKill

FormatFactory 3.0.1

Free WebM Video Converter version 5.0.28.827

Galeria de Fotos

Google Chrome

Google Update Helper

High-Definition Video Playback 10

Intel® Processor Graphics

K-Lite Mega Codec Pack 5.0.0

Last.fm Scrobbler 2.1.35

Módulo de Proteção Santander 3.2.0.2

Malwarebytes Anti-Malware versão 1.75.0.1300

Microsoft Access MUI (Portuguese (Brazil)) 2013

Microsoft Application Error Reporting

Microsoft DCF MUI (Portuguese (Brazil)) 2013

Microsoft Excel MUI (Portuguese (Brazil)) 2013

Microsoft Groove MUI (Portuguese (Brazil)) 2013

Microsoft InfoPath MUI (Portuguese (Brazil)) 2013

Microsoft Lync MUI (Portuguese (Brazil)) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (Portuguese (Brazil)) 2013

Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (Portuguese (Brazil)) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013

Microsoft Office Shared MUI (Portuguese (Brazil)) 2013

Microsoft OneNote MUI (Portuguese (Brazil)) 2013

Microsoft Outlook MUI (Portuguese (Brazil)) 2013

Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013

Microsoft Primary Interoperability Assemblies 2005

Microsoft Publisher MUI (Portuguese (Brazil)) 2013

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Word MUI (Portuguese (Brazil)) 2013

Movie Maker

Mozilla Firefox 20.0 (x86 pt-BR)

Mozilla Maintenance Service

Mp3tag v2.57

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT110

MSVCRT110_amd64

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Nokia Connectivity Cable Driver

Nokia PC Suite

Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)

Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)

Pacote de Driver do Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)

PC Connectivity Solution

Photo Common

Photo Gallery

PhotoScape

Picasa 3

QuickTime

Revisores de Texto do Microsoft Office 2013 – Português do Brasil

Security Update for Microsoft Lync 2013 (KB2817465) 64-Bit Edition

Skype Toolbars

Skype™ 4.2

Suporte para Aplicativos Apple

TeamViewer 6

Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition

Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817482) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817489) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817491) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817492) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition

Update for Microsoft Outlook 2013 (KB2817468) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2817469) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2767863) 64-Bit Edition

Update for Microsoft Word 2013 (KB2810086) 64-Bit Edition

Visual Studio 2010 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinMend Auto Shutdown 1.3.0.0

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Rodrigo Pavão at 13:34:35 on 2013-09-24

Microsoft Windows 8 Pro 6.2.9200.0.1252.55.1046.18.4044.1564 [GMT -3:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

C:\Windows\system32\AdminService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Windows\system32\dashost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Rodrigo Pavão\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\system32\wwahost.exe

C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\syswow64\wwahost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Rodrigo Pavão\Documents\PROGRAMAS ANTI-MALWARES\dds.scr

C:\Windows\system32\msiexec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Ask Shopping Toolbar: {41545533-2D53-4154-00A7-7A786E7484D7} -

BHO: Ask Toolbar: {41545534-2D56-3700-76A7-7A786E7484D7} -

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

TB: Ask Toolbar: {41545534-2D56-3700-76A7-7A786E7484D7} -

TB: Ask Shopping Toolbar: {41545533-2D53-4154-00A7-7A786E7484D7} -

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

uRun: [uTorrent] "C:\Users\Rodrigo Pavão\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [60b] C:\Users\Rodrigo Pavão\AppData\Roaming\76af7\60b.js

mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\Rodrigo Pavão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3232.js

StartupFolder: C:\Users\RODRIG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rodrigo Pavão\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474}\05561636F636B602E4564777F627B6 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474}\841425440225F434B402E45445 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5AA71434-278B-4E86-B3B0-7D2B626D1474}\94348435 : DHCPNameServer = 10.56.0.1 200.11.0.52

TCP: Interfaces\{C1603DD7-DE1F-40F2-B5CF-737FE4EF97A9} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [unThreat] "C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe" -silent

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rodrigo Pavão\AppData\Roaming\Mozilla\Firefox\Profiles\u9vanjvv.default\

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-5 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]

R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]

R2 APNMCP;Serviço de atualização Ask;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-8-29 164816]

R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2012-8-29 208384]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]

R2 avgwd;Watchdog do AVG;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-22 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-22 701512]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2013-7-1 2358656]

R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]

R3 gfiark;gfiark;C:\Windows\System32\Drivers\gfiark.sys [2013-9-20 39504]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-22 25928]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-3-29 342632]

S?2 UTSvcManager3;UnThreat Service Manager;C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe [2013-9-20 2804016]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]

S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

.

=============== Created Last 30 ================

.

2013-09-22 12:02:15 -------- d-----w- C:\Users\Rodrigo Pavão\AppData\Roaming\Malwarebytes

2013-09-22 12:02:07 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2013-09-22 12:02:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-09-22 12:02:05 -------- d-----w- C:\ProgramData\Malwarebytes

2013-09-22 12:02:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-20 19:03:11 39504 ----a-w- C:\Windows\System32\drivers\gfiark.sys

2013-09-20 17:36:21 -------- d-----w- C:\ProgramData\UnThreat

2013-09-20 17:36:15 47496 ----a-w- C:\Windows\SysWow64\sbbd.exe

2013-09-20 17:24:26 -------- d-----w- C:\Program Files (x86)\UnThreat AntiVirus

2013-09-20 11:50:58 -------- d-----w- C:\Users\Rodrigo PavÒo\AppData\Local\Microsoft

2013-09-20 11:43:46 -------- d-----w- C:\Program Files (x86)\FindyKill

2013-09-18 13:54:40 -------- d-sh--w- C:\Users\Rodrigo Pavão\AppData\Roaming\76af7

2013-09-18 13:54:39 -------- d-sh--w- C:\776

2013-09-17 00:00:49 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2013-09-12 10:11:30 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin

2013-09-05 04:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

.

==================== Find3M ====================

.

2013-08-10 16:49:16 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll

2013-08-10 16:49:15 312832 ----a-w- C:\Windows\System32\LocationApi.dll

2013-07-27 14:08:33 706250 ----a-w- C:\Users\Rodrigo Pavão\AppData\Roaming\unins000.exe

2013-07-20 04:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-07-20 04:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-07-20 04:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-07-20 04:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-07-18 05:04:48 248632 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys

2013-07-01 04:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

============= FINISH: 13:36:10,52 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-24 16:07:16

Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD5000BPVT-55HXZT2 rev.01.01A01 465,76GB

Running: gmer.exe; Driver: C:\Users\RODRIG~1\AppData\Local\Temp\fgtoapog.sys

---- Processes - GMER 2.1 ----

Library C:\Program Files (x86)\AVG\AVG2013\avgsysa.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 000007f9f88b0000

Library C:\Program Files (x86)\AVG\AVG2013\avgsea.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 000007f9ee6e0000

Library C:\Program Files (x86)\AVG\AVG2013\avgntopenssla.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 000007f9e7250000

Library C:\Program Files (x86)\AVG\AVG2013\avgloga.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2052] 000007f9e70f0000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -194570869

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@ImagePath \??\C:\Windows\system32\drivers\aswFW.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@DisplayName avast! TDI Firewall Driver

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@Group TDI

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@Description avast! TDI Firewall Driver

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW@Tag 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFW

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@DisplayName aswKbd

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Group Keyboard Port

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Description avast! keyboard filter driver (aswKbd)

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Tag 7

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag 10

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@ImagePath "C:\Program Files\AVAST Software\Avast\afwServ.exe"

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@DisplayName avast! Firewall

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall@Description Implements main functionality for avast! Firewall

Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Firewall

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\90004ecfcf92

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\90004ecfcf92@bce59f83313c 0x0A 0x07 0x06 0xE4 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{40CB150B-D284-4DEC-9B06-C4B306F8417D}@InterfaceName isatap.{C1603DD7-DE1F-40F2-B5CF-737FE4EF97A9}

Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{40CB150B-D284-4DEC-9B06-C4B306F8417D}@ReusableType 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3351

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1754

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro rodpavao

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego_Moicano, obrigado pelas orientações.

Bom, antes de ver esta sua mensagem, eu a dias atras, ja havia usado o "MalwareBytes", "Findykill" e um escaneamento do "Avast 8", onde foi encontrado nos 3 alguns exe suspeitos e removi, sendo assim, testei colocando dispositivos removiveis e nao houve mais os problemas de aparecer o autorun.inf e pastas virando atalhos (com as originais ficando em oculto). Não tenho absoluta certeza se o notebook ja está totalmente desinfectado, mas está funcionando ok.

Diante disto, voce prefere que eu apresente 2 logs atualizados do DDS e do GMER, ou use estas ferramentas que voce citou mesmo assim?

Obs: (eu conheço o combofix, mas não o usei).

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Não tenho absoluta certeza se o notebook ja está totalmente desinfectado, mas está funcionando ok.
de acordo com os logs acima, ainda está ;)
Diante disto, voce prefere que eu apresente 2 logs atualizados do DDS e do GMER,
Se você executou os scan antes do meu pedido aí pode continuar com as etapas de meu último post, agora se foi depois, aí preciso de novos logs :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v3.005 - Relatório criado 30/09/2013 às 14:00:03

# Atualizado 22/09/2013 por Xplode

# Sistema Operacional : Windows 8 Pro (64 bits)

# Usuário : Rodrigo Pavão - PAVÃO

# Executando de : C:\Users\Rodrigo Pavão\Downloads\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : APNMCP

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn

Pasta Deletada : C:\ProgramData\AskPartnerNetwork

Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Deletedo : HKCU\Software\APN PIP

Chave Deletedo : HKCU\Software\AskPartnerNetwork

Chave Deletedo : HKCU\Software\Softonic

Chave Deletedo : HKLM\Software\AskPartnerNetwork

Chave Deletedo : HKLM\Software\PIP

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v20.0 (pt-BR)

[ Arquivo : C:\Users\Rodrigo Pavão\AppData\Roaming\Mozilla\Firefox\Profiles\u9vanjvv.default\prefs.js ]

-\\ Google Chrome v29.0.1547.76

[ Arquivo : C:\Users\Rodrigo Pavão\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2341 octets] - [30/09/2013 13:58:50]

AdwCleaner[s0].txt - [2076 octets] - [30/09/2013 14:00:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2136 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×