[Resolvido]PC e Pen driver com Vírus

junior.note · Dezembro 2, 2010

Boa noite gostarai que analisassem meu log, pois o PC e o PenDriver está com vírus:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:26:48, on 01/12/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Raphael\AppData\Local\Temp\Rtr.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\diskpart.exe

C:\Users\Raphael\Pictures\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=14784&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

O4 - HKCU\..\Run: [JP595IR86O] C:\Users\Raphael\AppData\Local\Temp\Rtr.exe

O4 - HKCU\..\Run: [qoeowo] C:\Users\Raphael\qoeowo.exe /E

O4 - HKCU\..\Run: [sauve] C:\Users\Raphael\sauve.exe /N

O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\Users\Raphael\AppData\Local\Temp\Rts.exe

O4 - HKCU\..\Run: [teeameb] C:\Users\Raphael\teeameb.exe /Y

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: QuestBrowser Service - Unknown owner - C:\ProgramData\QuestBrowser\questbrowser119.exe

--

End of file - 4832 bytes

Aguardo resposta!!

RenatoMejias · Dezembro 4, 2010

1. Faça o download do DDS e salve no desktop.

Links Alternativos

Link2

Temporariamente desative seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve os resultados e cole-os no seu tópico.

junior.note · Dezembro 4, 2010

Bom dia, como solicitado, seguem abaixo os resultados:

DDS (Ver_10-11-27.01) - NTFSx86

Run by Raphael at 11:24:49,30 on 04/12/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1016.387 [GMT -2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\ProgramData\QuestBrowser\questbrowser119.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\QuestBrowser\questbrowser.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\msiexec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Raphael\Pictures\Downloads\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=

mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=

uWinlogon: Shell=c:\users\raphael\appdata\roaming\hotfix.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

uRun: [JP595IR86O] c:\users\raphael\appdata\local\temp\Rtr.exe

uRun: [qoeowo] c:\users\raphael\qoeowo.exe /E

uRun: [sauve] c:\users\raphael\sauve.exe /N

uRun: [NtWqIVLZEWZU] c:\users\raphael\appdata\local\temp\Rts.exe

uRun: [teeameb] c:\users\raphael\teeameb.exe /Y

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

mPolicies-system: EnableInstallerDetection = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\raphael\appdata\roaming\mozilla\firefox\profiles\7jmfwp3c.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\users\raphael\appdata\roaming\mozilla\firefox\profiles\7jmfwp3c.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: QuestBrowser: {B9B81A55-9C8B-4FD5-B140-714613DED7B6} - c:\program files\mozilla firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}

FF - Extension: MÃ³dulo de SeguranÃ§a - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - c:\users\raphael\appdata\roaming\mozilla\firefox\profiles\7jmfwp3c.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-1 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-1 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-1 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384]

R2 QuestBrowser Service;QuestBrowser Service;c:\programdata\questbrowser\questbrowser119.exe [2010-12-1 61712]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2010-11-17 18004]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-19 1343400]

=============== Created Last 30 ================

2010-12-01 17:36:56 -------- d-----w- c:\progra~2\Panda Security

2010-12-01 17:36:47 -------- d-----w- c:\program files\Panda USB Vaccine

2010-12-01 17:24:02 -------- d-----w- c:\progra~2\Autorun Eater

2010-12-01 17:10:18 -------- d-----w- C:\PenClean

2010-12-01 17:00:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-01 16:48:31 -------- d-----w- C:\LinhaDefensiva

2010-12-01 14:44:52 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2010-12-01 13:24:18 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-12-01 13:23:52 38848 ----a-w- c:\windows\avastSS.scr

2010-12-01 13:23:49 -------- d-----w- c:\progra~2\Alwil Software

2010-12-01 12:47:29 190464 ----a-w- c:\windows\Rwizob.exe

2010-12-01 03:27:36 234 ----a-w- c:\users\raphael\appdata\roaming\agtyjkj.bat

2010-12-01 03:18:37 -------- d-----w- c:\program files\QuestBrowser

2010-12-01 03:18:37 -------- d-----w- c:\progra~2\QuestBrowser

2010-12-01 02:00:07 190464 ----a-w- c:\windows\Rwizoa.exe

2010-11-30 19:25:42 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll

2010-11-22 02:14:13 -------- d-----w- c:\progra~2\McAfee Security Scan

2010-11-22 02:14:11 -------- d-----w- c:\program files\McAfee Security Scan

2010-11-22 02:14:08 -------- d-----w- c:\users\raphael\appdata\local\Adobe

2010-11-19 22:47:44 -------- d-----w- c:\windows\system32\Wat

2010-11-19 04:05:26 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-19 04:03:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-19 04:03:18 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-19 04:03:18 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-19 04:03:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-19 04:03:18 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-19 04:00:17 1002008 ----a-w- c:\windows\system32\igxpun.exe

2010-11-19 04:00:17 -------- d-----w- c:\windows\system32\x64

2010-11-19 03:52:26 -------- d-----w- c:\windows\CheckSur

2010-11-19 03:04:36 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-11-19 03:04:36 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-11-19 02:53:01 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-11-19 02:51:58 2048 ----a-w- c:\windows\system32\tzres.dll

2010-11-19 02:51:55 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-11-19 02:51:38 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-11-19 02:51:30 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-11-19 02:50:53 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-11-19 02:50:53 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-11-19 02:50:52 507568 ----a-w- c:\windows\system32\winload.exe

2010-11-19 02:50:52 442920 ----a-w- c:\windows\system32\winresume.exe

2010-11-19 02:49:27 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-11-19 02:46:31 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-11-19 02:46:31 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-11-19 02:46:06 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-11-19 02:45:58 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-19 02:45:58 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-11-19 02:42:23 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-11-19 02:41:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-11-19 02:41:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-11-19 02:41:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-11-19 02:41:06 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-11-19 02:41:06 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-11-19 02:41:06 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-11-19 02:41:03 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2010-11-19 02:41:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-11-19 02:41:02 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-11-19 02:38:41 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-11-19 02:38:41 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-11-19 02:38:40 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-11-19 02:38:40 2614272 ----a-w- c:\windows\explorer.exe

2010-11-19 02:38:03 224256 ----a-w- c:\windows\system32\schannel.dll

2010-11-19 02:38:02 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-11-19 02:37:09 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-11-19 02:32:25 -------- d-----w- c:\users\raphael\appdata\local\Ares

2010-11-19 02:32:18 -------- d-----w- c:\program files\Ares

2010-11-19 02:30:45 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2010-11-19 02:30:44 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-11-19 02:28:58 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-11-19 02:28:50 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-11-19 02:28:25 -------- d-----w- c:\progra~2\GbPlugin

2010-11-19 02:00:46 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-11-19 02:00:39 132608 ----a-w- c:\windows\system32\cabview.dll

2010-11-18 00:55:14 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

2010-11-18 00:55:13 3056008 ----a-w- c:\program files\common files\AskToolbarInstaller.exe

2010-11-18 00:55:12 -------- d-----w- c:\program files\VDownloader

2010-11-18 00:36:05 -------- d-----w- c:\windows\Panther

2010-11-18 00:35:57 -------- d-sh--w- C:\Boot

2010-11-18 00:30:57 -------- d-----w- c:\windows\system32\directx

2010-11-18 00:19:42 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2010-11-17 23:53:21 -------- d-----w- c:\windows\PCHEALTH

2010-11-17 23:51:33 -------- d-----w- c:\windows\SHELLNEW

2010-11-17 23:51:26 -------- d-----w- c:\users\raphael\appdata\local\Microsoft Help

2010-11-17 23:51:22 -------- d-sh--w- c:\windows\Installer

2010-11-17 23:50:31 -------- d-----w- c:\windows\system32\wbem\Performance

2010-11-17 23:47:38 18004 ----a-w- c:\windows\system32\drivers\slnt.sys

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 11:25:15,37 ===============

######################################################################

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 17/11/2010 21:42:13

System Uptime: 12/04/2010 11:20:16 (5664 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 8I945GZME-RH

Processor: Intel® Core2 CPU 4300 @ 1.80GHz | Socket 775 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 45,616 GiB free.

D: is FIXED (NTFS) - 98 GiB total, 38,412 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.0 - Português

Ares 2.1.7

avast! Free Antivirus

Intel® Graphics Media Accelerator Driver

McAfee Security Scan Plus

Media Player Classic - Home Cinema v1.4.2499.0

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.12)

Panda USB Vaccine 1.0.1.4

Recuva

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB2288953)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Outlook 2007 Junk Email Filter (KB2443839)

VDownloader 3.0.721

Visual C++ 8.0 CRT (x86) WinSXS mesmo

==== End Of File ===========================

Aguardando resposta...

RenatoMejias · Dezembro 14, 2010

Leia as instruções contidas neste link:

##### "Como usar o ComboFix" #####

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:
- Link
- Link alternativo
Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
Duplo clique no icone que está no desktop.
Leia e aceite as condições, digitando 1 e enter.
Computadores com Windows XP deverão instalar o Console de Recuperação:
- Se o seu computador tem instaldo o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
- Clique em "OK" ao EULA.
- Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
O ComboFix será executado, por favor seja paciente e aguarde.
Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

junior.note · Dezembro 16, 2010

ComboFix 10-12-16.02 - Raphael 16/12/2010 21:35:53.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1016.398 [GMT -2:00]

Executando de: c:\users\Raphael\Pictures\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}

c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\chrome\questbrowser.jar

c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\defaults\preferences\prefs.js

c:\program files\Mozilla Firefox\extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6}\install.rdf

c:\program files\QuestBrowser

c:\program files\QuestBrowser\questbrowser.dll

c:\program files\QuestBrowser\questbrowser.exe

c:\programdata\QuestBrowser

c:\programdata\QuestBrowser\questbrowser119.exe

c:\users\Raphael\AppData\Roaming\agtyjkj.bat

c:\users\Raphael\AppData\Roaming\completescan

c:\users\Raphael\AppData\Roaming\install

c:\windows\Rwizoa.exe

c:\windows\Rwizob.exe

c:\windows\system32\Startup.exe

c:\windows\system32\tcpip.sys

c:\windows\system32\wl.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_QuestBrowser Service

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-16 to 2010-12-16 ))))))))))))))))))))))))))))

.

2010-12-16 23:39 . 2010-12-16 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-15 21:28 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-15 21:27 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-12-15 21:27 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-12-15 21:27 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-12-15 21:27 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-12-15 21:27 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-12-15 21:27 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-12-15 21:24 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-12-15 21:24 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-12-15 21:24 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll

2010-12-15 21:23 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-14 01:19 . 2010-12-14 01:35 -------- d-----w- c:\program files\PDF Editor 2

2010-12-14 01:19 . 2010-12-14 01:19 75776 ----a-w- c:\windows\cadkasdeinst01e.exe

2010-12-01 17:36 . 2010-12-01 17:36 -------- d-----w- c:\programdata\Panda Security

2010-12-01 17:36 . 2010-12-01 17:36 -------- d-----w- c:\program files\Panda USB Vaccine

2010-12-01 17:24 . 2010-12-01 17:46 -------- d-----w- c:\programdata\Autorun Eater

2010-12-01 17:10 . 2010-12-01 17:12 -------- d-----w- C:\PenClean

2010-12-01 17:00 . 2009-11-25 14:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-01 16:48 . 2010-12-01 16:50 -------- d-----w- C:\LinhaDefensiva

2010-12-01 14:44 . 1998-06-18 02:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2010-12-01 13:24 . 2010-09-07 13:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-12-01 13:24 . 2010-09-07 13:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-12-01 13:24 . 2010-09-07 13:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-12-01 13:24 . 2010-09-07 13:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-12-01 13:24 . 2010-09-07 13:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-12-01 13:23 . 2010-09-07 14:12 38848 ----a-w- c:\windows\avastSS.scr

2010-12-01 13:23 . 2010-09-07 14:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-12-01 13:23 . 2010-12-01 13:23 -------- d-----w- c:\programdata\Alwil Software

2010-12-01 13:23 . 2010-12-01 13:23 -------- d-----w- c:\program files\Alwil Software

2010-12-01 02:09 . 2010-12-01 02:09 -------- d-----w- c:\program files\Recuva

2010-11-30 19:25 . 2010-11-30 19:25 -------- d-----w- c:\programdata\Hewlett-Packard

2010-11-30 19:25 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll

2010-11-22 02:15 . 2010-11-22 02:15 -------- d-----w- c:\program files\Common Files\Adobe

2010-11-22 02:14 . 2010-11-22 02:14 -------- d-----w- c:\programdata\McAfee

2010-11-22 02:14 . 2010-11-22 02:14 -------- d-----w- c:\programdata\McAfee Security Scan

2010-11-22 02:14 . 2010-11-23 16:10 -------- d-----w- c:\program files\McAfee Security Scan

2010-11-19 22:47 . 2010-11-19 22:47 -------- d-----w- c:\windows\system32\Wat

2010-11-19 04:05 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-11-19 04:04 . 2010-11-19 04:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2010-11-19 04:03 . 2009-11-25 14:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-11-19 04:03 . 2009-11-25 14:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-11-19 04:03 . 2009-11-25 14:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-11-19 04:03 . 2009-11-25 14:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-11-19 04:03 . 2009-11-25 14:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-11-19 04:00 . 2010-11-19 04:00 -------- d-----w- c:\windows\system32\x64

2010-11-19 04:00 . 2009-09-23 21:30 1002008 ----a-w- c:\windows\system32\igxpun.exe

2010-11-19 03:52 . 2010-11-19 03:52 -------- d-----w- c:\windows\CheckSur

2010-11-19 03:04 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-11-19 03:04 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-11-19 02:53 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-11-19 02:51 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-11-19 02:51 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-11-19 02:51 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-11-19 02:50 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-11-19 02:50 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-11-19 02:50 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe

2010-11-19 02:50 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe

2010-11-19 02:49 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-11-19 02:46 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-11-19 02:46 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-11-19 02:46 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll

2010-11-19 02:45 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-19 02:45 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-11-19 02:42 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-11-19 02:41 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-11-19 02:41 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-11-19 02:41 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-11-19 02:41 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-11-19 02:41 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2010-11-19 02:41 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-11-19 02:41 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-11-19 02:38 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-11-19 02:38 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-11-19 02:38 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe

2010-11-19 02:38 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

2010-11-19 02:38 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll

2010-11-19 02:38 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-11-19 02:37 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-11-19 02:32 . 2010-11-19 02:32 -------- d-----w- c:\program files\Ares

2010-11-19 02:30 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2010-11-19 02:30 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-11-19 02:29 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-11-19 02:29 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll

2010-11-19 02:29 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll

2010-11-19 02:29 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-11-19 02:29 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-11-19 02:29 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll

2010-11-19 02:29 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-11-19 02:29 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll

2010-11-19 02:29 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-11-19 02:29 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-11-19 02:29 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-11-19 02:29 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-11-19 02:28 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-11-19 02:28 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-11-19 02:28 . 2010-11-19 02:28 -------- d-----w- c:\programdata\GbPlugin

2010-11-19 02:00 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-11-19 02:00 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2010-11-18 01:10 . 2010-12-09 21:28 -------- d-----w- c:\users\Gabriel

2010-11-18 00:55 . 2010-01-26 12:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2010-11-18 00:55 . 2010-10-16 13:50 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe

2010-11-18 00:55 . 2010-11-18 00:55 -------- d-----w- c:\program files\VDownloader

2010-11-18 00:36 . 2010-11-17 23:42 -------- d-----w- c:\windows\Panther

2010-11-18 00:35 . 2010-11-18 00:35 -------- d-----w- C:\Boot

2010-11-18 00:22 . 2010-11-18 00:22 -------- d-----w- c:\windows\system32\Macromed

2010-11-18 00:19 . 2010-11-18 00:33 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2010-11-17 23:53 . 2010-11-20 16:21 -------- d-----w- c:\program files\Microsoft Works

2010-11-17 23:53 . 2010-11-17 23:53 -------- d-----w- c:\windows\PCHEALTH

2010-11-17 23:53 . 2010-11-17 23:53 -------- d-----w- c:\program files\Microsoft.NET

2010-11-17 23:51 . 2010-11-17 23:51 -------- d-----w- c:\windows\SHELLNEW

2010-11-17 23:51 . 2010-12-16 01:35 -------- d-----w- c:\programdata\Microsoft Help

2010-11-17 23:51 . 2010-12-16 01:35 -------- d-sh--w- c:\windows\Installer

2010-11-17 23:51 . 2010-11-17 23:51 -------- d-----r- C:\MSOCache

2010-11-17 23:50 . 2010-12-16 23:35 -------- d-----w- c:\windows\system32\wbem\Performance

2010-11-17 23:47 . 2003-11-20 14:58 18004 ----a-w- c:\windows\system32\drivers\slnt.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-19 1343400]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2003-11-20 18004]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ DPS BFE mpssvc WwanSvc

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\7jmfwp3c.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: MÃ³dulo de SeguranÃ§a - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Sidebar - %ProgramFiles%\Windows Sidebar\Sidebar.exe

HKCU-Run-qoeowo - c:\users\Raphael\qoeowo.exe

HKCU-Run-sauve - c:\users\Raphael\sauve.exe

HKCU-Run-teeameb - c:\users\Raphael\teeameb.exe

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Panda USB Vaccine\USBVaccine.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-12-16 21:43:03 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-12-16 23:43

Pré-execução: 48.588.357.632 bytes disponíveis

Pós execução: 49.431.072.768 bytes disponíveis

- - End Of File - - A3A11D982CA6AF57AA1865599A210F7A

RenatoMejias · Dezembro 17, 2010

Leia atentamente toda a instrução abaixo antes de executar o programa.

Faça download do Kaspersky Removal Tool e salve em seu desktop.

Instale o programa normalmente, seguindo todas as instruções.
Uma pasta chamada Virus Removal Tool será criada no desktop.
Na tela do programa clique nas opções:
- Meu computador
- Hidden Startup objects
- Disk boot sectors
- System Memory
Clique no botão Start Scan.
Seja paciente, o scan é demorado!
Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.
Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:
- Desinfection (quando possível)
- Delete
- Skip
Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
- Autoscan
- Group by result
- All Events
Expanda Autoscan clicando no sinal ao lado de +
Expanda Result: Detected.
Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.
Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.
Abra o Bloco de Notas e cole (ctrl + v)
Dê um nome para o arquivo e salve numa pasta de sua preferência.
Feche o resultado clicando no botão Exit.
Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.
Reinicie o computador quando for pedido.
Poste o conteúdo desse arquivo em sua próxima resposta.

OBSERVAÇÃO1:

Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,

verde
:
baixo risco
amarelo
:
médio risco
vermelho
:
alto risco

Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em

Skip

.

OBSERVAÇÃO2:

Se no resultado final do scan apenas tiver

Result:

OK

, não precisa gerar um relatório, apenas informe deste.

OBSERVAÇÃO3:

Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:

c:\

QooBox

. Caso isto aconteça escolha a opção

Skip

, pois a mesma pertence ao

ComboFix

e será removida quando o mesmo for desinstalado.

junior.note · Dezembro 18, 2010

Verificação automática: concluído 2 minutos atrás (eventos: 218778, objetos: 216267, hora: 01:09:08)

Resultado: OK (eventos: 213493)

Resultado: Detectados (eventos: 8)

18/12/2010 11:34:36 C:\Qoobox\Quarantine\C\Windows\Rwizoa.exe.vir Ação padrão selecionada

18/12/2010 11:34:36 C:\Qoobox\Quarantine\C\Windows\Rwizob.exe.vir Ação padrão selecionada

18/12/2010 11:34:37 C:\Qoobox\Quarantine\C\Program Files\QuestBrowser\questbrowser.dll.vir Ação padrão selecionada

18/12/2010 11:41:09 C:\Windows\System32\Revelation.exe Informações

18/12/2010 11:41:09 C:\Windows\System32\RevelationHelper.dll Informações

18/12/2010 11:41:30 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z78MF0J9\upgrade[1].cab/upgrade.exe/# Ação padrão selecionada

18/12/2010 11:45:46 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z78MF0J9\upgrade[1].cab/upgrade.exe/# Informações

18/12/2010 12:17:10 D:\Meus documentos\Vdownloader\VDownloader.exe/UPX Informações

Resultado: Arquivar (eventos: 4779)

Resultado: Compactado (eventos: 487)

Resultado: Não neutralizado (eventos: 4)

Resultado: Não processado (eventos: 3)

Resultado: Protegido por senha (eventos: 2)

Resultado: Tarefa iniciada (eventos: 1)

Resultado: Tarefa concluída (eventos: 1)

RenatoMejias · Dezembro 19, 2010

Como tem estado o computador?

junior.note · Dezembro 27, 2010

OK, agora sim o computador está normal. Obrigado pela ajuda!!!

RenatoMejias · Dezembro 28, 2010

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

Faça download do OTCleanIt by OldTimer

Salve no seu desktop (área/ambiente de trabalho).
Duplo-clique no icone do OTC.
Clique no botão "Cleanup"
Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

Abra o programa e clique em Executar Limpeza;
Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

RenatoMejias · Dezembro 28, 2010

Caso Resolvido.

Caso o autor queira a reabertura do tópico, envie uma MP com o link para um moderador da seção.

Entrar

[Resolvido]PC e Pen driver com Vírus

Pergunta

Link para o comentário

Compartilhar em outros sites

10 respostass a esta questão

Posts Recomendados

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Link para o comentário

Compartilhar em outros sites

Estatísticas dos Fóruns