[Resolvido] &nbspvirus de pendriver infectou maquina

[Edvan 30]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:43:21, on 10/08/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\windows\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\HiJackThis.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ETDWare] "%ProgramFiles%\Elantech\ETDCtrl.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

 

--

End of file - 6951 bytes

[wings 22]

Olá Edvan

 

 

:seta: Baixe o OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

*Clique [Verificar]

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[Edvan 30]

1. OTL http://mydoc.tk/3/2206OTL.Txt

2. EXTRAS http://mydoc.tk/3/8017Extras.Txt

[wings 22]

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções:

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)

O33 - MountPoints2\{6b83b601-b67b-11e1-97a7-0024544b2d97}\Shell - "" = AutoRun

O33 - MountPoints2\{6b83b601-b67b-11e1-97a7-0024544b2d97}\Shell\AutoRun\command - "" = E:\.\Start.exe

O33 - MountPoints2\{7f19588f-819f-11e1-a29e-b4749f6474b9}\Shell - "" = AutoRun

O33 - MountPoints2\{7f19588f-819f-11e1-a29e-b4749f6474b9}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{7f195952-819f-11e1-a29e-b4749f6474b9}\Shell - "" = AutoRun

O33 - MountPoints2\{7f195952-819f-11e1-a29e-b4749f6474b9}\Shell\AutoRun\command - "" = F:\AutoRun.exe

 

:Commands

[emptytemp]

*Clique [Consertar]

 

 

*Clique [OK] para reiniciar o PC

 

 

*Cole o relatório criado em C:\_OTL\MovedFiles\data_hora.txt

 

 

 

*Desative temporariamente seu antivírus

 

:seta: Baixe o ComboFix (...de sUBs) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Usuários do Windows XP: Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação. Após a instalação do Console, clique [sim].

 

*Aceite o contrato

 

 

*Aguarde a extração dos arquivos

 

 

*Aguarde a conclusão das etapas...pode demorar!

 

 

*Evite usar o mouse e o teclado. Não use nenhum outro programa até que o ComboFix termine![/b]

 

*Aguarde o término e cole o relatório apresentado

[Edvan 30]

All processes killed

========== OTL ==========

Service ZTEusbser6k stopped successfully!

Service ZTEusbser6k deleted successfully!

File system32\DRIVERS\ZTEusbser6k.sys not found.

Service ZTEusbnmea stopped successfully!

Service ZTEusbnmea deleted successfully!

File system32\DRIVERS\ZTEusbnmea.sys not found.

Service ZTEusbmdm6k stopped successfully!

Service ZTEusbmdm6k deleted successfully!

File system32\DRIVERS\ZTEusbmdm6k.sys not found.

Service huawei_enumerator stopped successfully!

Service huawei_enumerator deleted successfully!

File system32\DRIVERS\ew_jubusenum.sys not found.

Service huawei_cdcacm stopped successfully!

Service huawei_cdcacm deleted successfully!

File system32\DRIVERS\ew_jucdcacm.sys not found.

Service ew_hwusbdev stopped successfully!

Service ew_hwusbdev deleted successfully!

File system32\DRIVERS\ew_hwusbdev.sys not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b83b601-b67b-11e1-97a7-0024544b2d97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b83b601-b67b-11e1-97a7-0024544b2d97}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b83b601-b67b-11e1-97a7-0024544b2d97}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b83b601-b67b-11e1-97a7-0024544b2d97}\ not found.

File E:\.\Start.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f19588f-819f-11e1-a29e-b4749f6474b9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f19588f-819f-11e1-a29e-b4749f6474b9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f19588f-819f-11e1-a29e-b4749f6474b9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f19588f-819f-11e1-a29e-b4749f6474b9}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f195952-819f-11e1-a29e-b4749f6474b9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f195952-819f-11e1-a29e-b4749f6474b9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f195952-819f-11e1-a29e-b4749f6474b9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f195952-819f-11e1-a29e-b4749f6474b9}\ not found.

File F:\AutoRun.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Eduardo Ferreira

->Temp folder emptied: 26118560 bytes

->Temporary Internet Files folder emptied: 31884900 bytes

->FireFox cache emptied: 121200478 bytes

->Google Chrome cache emptied: 18780263 bytes

->Flash cache emptied: 635 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4482003 bytes

RecycleBin emptied: 1042012 bytes

 

Total Files Cleaned = 194.00 mb

 

 

OTL by OldTimer - Version 3.2.57.0 log created on 08162012_121944

 

Files\Folders moved on Reboot...

File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

[2012/08/16 12:25:37 | 000,000,000 | ---- | M] () C:\windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

 

Registry entries deleted on Reboot...

 

 

 

 

 

 

 

ComboFix 12-08-16.01 - Eduardo Ferreira 16/08/2012 12:37:32.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.1013.229 [GMT -3:00]

Executando de: c:\users\Eduardo Ferreira\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-16 to 2012-08-16 ))))))))))))))))))))))))))))

.

.

2012-08-16 16:03 . 2012-08-16 16:03 -------- d-----w- c:\users\Eduardo Ferreira\AppData\Local\temp

2012-08-16 16:03 . 2012-08-16 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-16 15:19 . 2012-08-16 15:19 -------- d-----w- C:\_OTL

2012-08-13 20:38 . 2012-08-13 20:44 -------- d-----w- c:\users\Eduardo Ferreira\AppData\Local\Google

2012-08-13 20:38 . 2012-08-13 20:38 -------- d-----w- c:\users\Eduardo Ferreira\AppData\Local\Apps

2012-08-13 20:38 . 2012-08-13 20:38 -------- d-----w- c:\users\Eduardo Ferreira\AppData\Local\Deployment

2012-08-10 16:40 . 2012-08-10 16:41 388608 ----a-w- C:\HiJackThis.exe

2012-08-10 16:15 . 2012-08-10 16:15 -------- d-----w- c:\users\Eduardo Ferreira\AppData\Roaming\Malwarebytes

2012-08-10 16:14 . 2012-08-10 16:14 -------- d-----w- c:\programdata\Malwarebytes

2012-08-10 16:14 . 2012-07-03 16:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 16:14 . 2012-08-10 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-18 00:51 . 2012-07-18 00:51 -------- d-----w- c:\users\Eduardo Ferreira\AppData\Local\Macromedia

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 15:15 . 2012-04-18 02:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-16 15:15 . 2012-04-18 02:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 16:21 . 2012-05-26 02:33 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-05-26 02:33 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2012-05-26 02:33 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2012-05-26 02:33 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-03 16:21 . 2012-05-26 02:33 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2012-05-26 02:33 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2012-05-26 02:32 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2012-05-26 02:32 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-01 00:21 . 2012-07-08 08:10 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2012-06-01 00:21 . 2012-07-08 08:10 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2012-06-01 00:21 . 2012-07-08 08:08 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2012-05-31 15:25 . 2012-05-24 04:01 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 03:41 . 2012-07-08 07:29 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{942B38BA-B09C-4708-915F-42414B837E94}\mpengine.dll

2012-05-06 05:49 . 2012-04-11 22:57 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-19 173592]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-19 141848]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-19 150552]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

.

c:\users\Eduardo Ferreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 836896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 fcusbser;Wireless Network USB Device for Legacy Serial Communication FC;c:\windows\system32\DRIVERS\fcusbser.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 15:15]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2190984065-3680493698-2619012717-1000Core.job

- c:\users\Eduardo Ferreira\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 20:38]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2190984065-3680493698-2619012717-1000UA.job

- c:\users\Eduardo Ferreira\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 20:38]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Eduardo Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\oxad2sqp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: network.proxy.type - 0

FF - user.js: general.useragent.extra.brc -

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\05C3E32DC552CD7468DDAB40951FE14C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\244F2594A1C5BE83C8321BE8EF772EC0\SourceList\Media]

@DACL=(02 0000)

"103"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\4A3FC9E53BDA08038AFB79A682437085\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\52CE121365979F2449539816E7B8C192\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"101"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\7CD6922331248314F9770AC26567A1F7\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"102"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\7D9BBE18C3713E234B7741C9D80E574E\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\8AE88CE9EBA4C39378DB09AEBBC1C4B9\SourceList\Media]

@DACL=(02 0000)

"107"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\93BE2EC28C544D23A89955923CF8B199\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\CA1699D599C72A63E90F4376A8DE3548\SourceList\Media]

@DACL=(02 0000)

"104"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\DDED13BD59FB7E139A7B450865C1FE3F\SourceList\Media]

@DACL=(02 0000)

"102"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\E7CFEDD816C011D3FA6C45412FADDF10\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\076CFAAAB965F2A4284B2449E5D03EFE\SourceList]

@DACL=(02 0000)

"PackageName"="Writer.msi"

"LastUsedSource"=expand:"n;1;c:\\Program Files\\Common Files\\Windows Live\\.cache\\4e6c05801cb862d93\\"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5C1093C35543A0E32A41B090A305076A\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0100000010\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="READER9;[1]"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\75751A024EA428C3791168C348FA6EAA\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8994BF104C33134458DE70E9E3FE7ED5\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\97B0E634BFC2F5E439081EC7B1520D5C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FCE752AE27F516448B09593949CD0D78\SourceList\Media]

@DACL=(02 0000)

"1"=";"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-08-16 13:14:54

ComboFix-quarantined-files.txt 2012-08-16 16:14

.

Pré-execução: 50.582.691.840 bytes disponíveis

Pós execução: 50.607.718.400 bytes disponíveis

.

- - End Of File - - 3E87D459C98B70F98B7B5D9EE111511A

[wings 22]

OK...o PC está limpo.

 

 

:seta: Renomei o Combofix para Uninstall

 

*Execute-o, aguarde a mensagem ComboFix foi desinstalado e clique [OK]

 

 

*Delete o arquivo C:\Combofix.txt

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.