Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

por rodrigoleandro Qua 27 Nov 2013, 10:27

Caros,

Preciso da ajuda de vcs. O antivirus avast está detectando a cada 1 min a existência de um vírus vindo dessa página: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
A última vez que utilizei um pendrive no meu pc foi a 4 dias atrás. Então não sei se está relacionado a esse vírus.

Segui as instruções iniciais do fórum, instalei o HijackThis e segue abaixo o relatório.

Obrigado

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:20 AM, on 11/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Users\rodrigoleandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\rodrigoleandro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\rodrigoleandro\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.1\pdfforgeToolbarIE.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehabn.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: GbIehAbn Gbp - {F0F193C7-B211-4866-8A91-18DFA9726C53} - C:\ProgramData\gbpsvs.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\7.1\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [PCTD Service Activation] "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\fd7deffe-909a-455e-ac50-36c8f3c93bec.exe /check
O4 - HKCU\..\Run: [Google Update] "C:\Users\rodrigoleandro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnService] C:\ProgramData\msns.exe
O4 - HKCU\..\Run: [Copy] "C:\Users\rodrigoleandro\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [Microsoft] wscript.exe //B "C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = rodrigoleandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft.vbe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Translate this web page with Babylon - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2013/04/17 23:48:03 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Energy Server Service (ESRV_SVC) - Unknown owner - C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: User Energy Server Service (USER_ESRV_SVC) - Unknown owner - C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19974 bytes

por Wings [In Memoriam] Qua 27 Nov 2013, 10:39

Olá rodrigoleandro

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 772309

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...da Linha Defensiva) e salve-o no desktop (Área de Trabalho)

*Clique com o botão direito do mouse no Bankerfix, selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]e clique [Sim] > [OK]

*Clique [Cancelar]

*Execute o arquivo C:\LinhaDefensiva\Iniciar-BankerFix.vbs e clique [Sim]

*Clique [OK] se não houver atualização disponível

*Clique [OK] e tecle [ENTER]

*Ao finalizar, tecle [ENTER] e cole o relatório C:\LinhaDefensiva\relatorios\ano_mês_dia.txt

por rodrigoleandro Qua 27 Nov 2013, 10:47

Só apreceu isso no relatório:

-------------------------------------------------------
BankerFix 3.5 VALKYRIE - Banker Trojan Remover
Linha Defensiva | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-------------------------------------------------------
Date: 2013-11-27 - 10:44
-------------------------------------------------------
Version: 2012-08-22-1 | CORE: 2012-08-22-6
=======================================================

----- End -------------------------

por Wings [In Memoriam] Qua 27 Nov 2013, 10:49

OK..

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Aceite o contrato, clique [Scan] e ao término clique [OK] > [OK]

*Cole ou anexe os relatórios FRST.txt e Addition.txt criados no Desktop

por rodrigoleandro Qua 27 Nov 2013, 11:04

Wings,

Obrigado pela ajuda. Segue em anexo os relatórios.

por Wings [In Memoriam] Qua 27 Nov 2013, 11:21

Baixe o arquivo fixlist.txt e salve-o no Desktop

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Fix] e cole ou anexe o relatório Fixlog.txt criado no Desktop

*Reinicie o PC para que sejam efetuadas as alterações

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 772309

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt

por rodrigoleandro Qua 27 Nov 2013, 11:33

Primeiro o fixlog abaixo. (apareceu tb um arquivo no desktop com dizeres em chinês!)
Agora vou proceder com a 2a etapa

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013
Ran by rodrigoleandro at 2013-11-27 11:27:36 Run:1
Running from C:\Users\rodrigoleandro\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\msns.exe
C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
C:\Users\rodrigoleandro\AppData\Local\Temp\Microsoft.vbe
HKLM\...\Run: [Microsoft] - C:\Users\rodrigoleandro\AppData\Local\Temp\Microsoft.vbe
HKCU\...\Run: [MsnService] - C:\ProgramData\msns.exe
HKCU\...\Run: [Microsoft] - C:\Users\rodrigoleandro\AppData\Local\Temp\Microsoft.vbe
HKCU\...\Winlogon: [Shell] explorer.exe [2871808 2011-05-26] (Microsoft Corporation)
Startup: C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction
C:\ProgramData\gbpsvs.dll
C:\Users\rodrigoleandro\AppData\Local\Temp\.gbas.dll
C:\Users\rodrigoleandro\AppData\Local\Temp\*.exe

*****************

"C:\ProgramData\msns.exe" => File/Directory not found.
C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe => Moved successfully.
Could not move "C:\Users\rodrigoleandro\AppData\Local\Temp\Microsoft.vbe" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MsnService => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
Startup: C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe not found.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\gbpsvs.dll => Moved successfully.
C:\Users\rodrigoleandro\AppData\Local\Temp\.gbas.dll => Moved successfully.
C:\Users\rodrigoleandro\AppData\Local\Temp\*.exe => Moved successfully.

por Wings [In Memoriam] Qua 27 Nov 2013, 11:37

OK...aguardando o segundo procedimento.

por rodrigoleandro Qua 27 Nov 2013, 11:40

Wings, segue o log do AdwCleaner. Aparentemente o Avast parou de ficar alertando... Smile

# AdwCleaner v3.013 - Report created 27/11/2013 at 11:36:10
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : rodrigoleandro - HOMELAPTOP
# Running from : C:\Users\rodrigoleandro\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\rodrigoleandro\AppData\Local\Babylon
Folder Deleted : C:\Users\RODRIG~1\AppData\Local\Temp\Babylon
Folder Deleted : C:\Users\rodrigoleandro\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\rodrigoleandro\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\rodrigoleandro\AppData\Roaming\Babylon
Folder Deleted : C:\Users\rodrigoleandro\AppData\Roaming\pdfforge
File Deleted : C:\Users\Public\Desktop\Babylon.lnk
File Deleted : C:\Users\rodrigoleandro\AppData\Roaming\Mozilla\Firefox\Profiles\s3wop84m.default\.autoreg
File Deleted : C:\Users\rodrigoleandro\AppData\Roaming\Mozilla\Firefox\Profiles\s3wop84m.default\searchplugins\Askcom.xml
File Deleted : C:\Users\rodrigoleandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\rodrigoleandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\.bof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mathtype_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mathtype_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{928FE5E7-D557-46B7-8AF6-17ACCE1FB4ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\rodrigoleandro\AppData\Roaming\Mozilla\Firefox\Profiles\s3wop84m.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\rodrigoleandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [9004 octets] - [27/11/2013 11:35:24]
AdwCleaner[S0].txt - [8934 octets] - [27/11/2013 11:36:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8994 octets] ##########

por Wings [In Memoriam] Qua 27 Nov 2013, 11:43

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Run] e cole o relatório apresentado

por rodrigoleandro Qua 27 Nov 2013, 11:50

# DelFix v10.6 - Logfile created 27/11/2013 at 11:49:03
# Updated 11/11/2013 by Xplode
# Username : rodrigoleandro - HOMELAPTOP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\rodrigoleandro\Desktop\Addition.txt
Deleted : C:\Users\rodrigoleandro\Desktop\AdwCleaner.exe
Deleted : C:\Users\rodrigoleandro\Desktop\Fixlog.txt
Deleted : C:\Users\rodrigoleandro\Desktop\FRST.txt
Deleted : C:\Users\rodrigoleandro\Desktop\FRST64.exe
Deleted : C:\Users\rodrigoleandro\Downloads\HijackThis.exe
Deleted : C:\Users\rodrigoleandro\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #191 [Windows Update | 11/08/2013 19:24:45]
Deleted : RP #192 [Windows Update | 11/12/2013 13:16:12]
Deleted : RP #193 [Windows Update | 11/15/2013 05:00:31]
Deleted : RP #194 [Windows Update | 11/19/2013 22:39:43]
Deleted : RP #195 [Installed Rapport | 11/25/2013 11:49:06]
Deleted : RP #196 [Windows Update | 11/26/2013 12:02:55]
Deleted : RP #197 [Windows Update | 11/27/2013 03:11:12]

New restore point created !

########## - EOF - ##########

por Wings [In Memoriam] Qua 27 Nov 2013, 11:53

Delete o DelFix e o arquivo C:\DelFix.txt

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 772309

Delete o bankerfix e a pasta C:\LinhaDefensiva

O PC está limpo.

Um abraço... Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 960671

por rodrigoleandro Qua 27 Nov 2013, 11:58

Pô, muito muito obrigado Wings. :rindo_atoa:

Essa infecção pode ter sido causada pelo pendrive que usei no sábado em outro computador e depois no meu? Eu vi q outros usuários relataram o mesmo problema. Só acho estranho ter dado problema apenas hoje de manhã. Ontem a noite eu só usei a internet. Só queria saber para evitar da próxima vez.

Obrigado novamente. Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 404338

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 404338

por Wings [In Memoriam] Qua 27 Nov 2013, 12:01

Geralmente é causado pelo autorun. Podemos investigar se há algo no pen drive.

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 772309

Clique Iniciar > Painel de Controle > Hardware e Sons > Reprodução Automática

*Desmarque Usar Reprodução Automática em todas as mídias e dispositivos

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*No final da página, clique [Salvar]

*Reinicie o PC

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 772309

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de El desaparecido) e salve-o no Desktop (Área de Trabalho)

*Conecte o pen drive no PC

*Clique com o botão direito do mouse no UsbFix e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Execute-o, clique [Pesquisa] e cole ou anexe o relatório apresentado (C:\UsbFix[Scan 1].txt)

por rodrigoleandro Qua 27 Nov 2013, 12:13

Wing,

Vc nao vai acreditar? Eu fiz o primeiro procedimento, reiniciei e... o Avast voltou a alertar sobre o Malware. Shocked

Eu fiz os procedimentos que vc pediu, deletei todos os arquivos e programas e acessei o fórum novamente.

por Wings [In Memoriam] Qua 27 Nov 2013, 12:14

Faça o procedimento do UsbFix.

por rodrigoleandro Qua 27 Nov 2013, 12:38

Demorou o procedimento mas foi. Eu scaneei 2 dispositivos: 1 pendrive e 1 HD externo. Tem mais 1 no trabalho, mas ai eu scaneio a noite se for necessário. Segue o log do Usbfix

############################## | UsbFix V 7.152 | [Research]

User: rodrigoleandro (Administrator) # HOMELAPTOP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 12:21:23 | 27/11/2013

Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
RAM -> [Total : 6060 | Free : 4306]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 454 Gb (322 Mb free - 71%) [] # NTFS
D:\ -> Removable drive # 2 Gb (802 Mb free - 42%) [] # FAT32
E:\ -> CD-ROM
F:\ -> Fixed drive # 466 Gb (394 Mb free - 84%) [SAMSUNG] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 560 |ParentID: 420)
C:\Windows\system32\wininit.exe (ID: 652 |ParentID: 420)
C:\Windows\system32\csrss.exe (ID: 660 |ParentID: 644)
C:\Windows\system32\services.exe (ID: 716 |ParentID: 652)
C:\Windows\system32\lsass.exe (ID: 732 |ParentID: 652)
C:\Windows\system32\lsm.exe (ID: 740 |ParentID: 652)
C:\Windows\system32\winlogon.exe (ID: 772 |ParentID: 644)
C:\Windows\system32\svchost.exe (ID: 876 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1020 |ParentID: 716)
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (ID: 576 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 1076 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 1108 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1132 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1160 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1256 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1380 |ParentID: 716)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1604 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1864 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 1192 |ParentID: 716)
C:\Windows\SysWOW64\svchost.exe (ID: 2052 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 2104 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 2184 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 2756 |ParentID: 716)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3468 |ParentID: 876)
C:\Windows\system32\wbem\unsecapp.exe (ID: 3728 |ParentID: 876)
C:\Windows\system32\svchost.exe (ID: 4448 |ParentID: 716)
C:\Windows\system32\svchost.exe (ID: 4652 |ParentID: 716)
C:\Windows\system32\Dwm.exe (ID: 3436 |ParentID: 1108)
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (ID: 5280 |ParentID: 5176)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 6024 |ParentID: 876)
C:\Windows\system32\wbem\unsecapp.exe (ID: 6104 |ParentID: 876)
C:\Program Files\AVAST Software\Avast\avastui.exe (ID: 2552 |ParentID: 5268)
C:\Windows\System32\svchost.exe (ID: 6308 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 4704 |ParentID: 716)
C:\Windows\explorer.exe (ID: 4384 |ParentID: 772)
C:\PROGRA~2\GbPlugin\GbpSv.exe (ID: 1664 |ParentID: 716)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 8180 |ParentID: 716)
C:\Windows\System32\WUDFHost.exe (ID: 900 |ParentID: 1108)
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (ID: 6656 |ParentID: 716)
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (ID: 3900 |ParentID: 6656)
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (ID: 2268 |ParentID: 6656)
C:\Windows\SysWOW64\DllHost.exe (ID: 8600 |ParentID: 876)
C:\Windows\SysWOW64\DllHost.exe (ID: 8936 |ParentID: 876)
C:\Windows\System32\svchost.exe (ID: 7644 |ParentID: 716)
C:\Windows\system32\SearchIndexer.exe (ID: 3060 |ParentID: 716)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4008 |ParentID: 716)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1228 |ParentID: 716)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 7880 |ParentID: 1228)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5792 |ParentID: 716)
C:\Windows\system32\taskeng.exe (ID: 9108 |ParentID: 1160)
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe (ID: 1512 |ParentID: 9108)
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (ID: 9144 |ParentID: 9108)
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (ID: 8212 |ParentID: 9108)
C:\Program Files\Sony\VAIO Update\VUAgent.exe (ID: 1432 |ParentID: 716)
C:\Program Files\Sony\VAIO Care\VCService.exe (ID: 2128 |ParentID: 716)
C:\Windows\System32\spoolsv.exe (ID: 8760 |ParentID: 716)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 5960 |ParentID: 716)
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (ID: 8748 |ParentID: 716)
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (ID: 7132 |ParentID: 716)
C:\Windows\System32\vds.exe (ID: 7992 |ParentID: 716)
C:\Windows\System32\svchost.exe (ID: 9000 |ParentID: 716)
C:\UsbFix\Go.exe (ID: 5256 |ParentID: 8016)
c:\program files\windows defender\MpCmdRun.exe (ID: 2856 |ParentID: 7520)
C:\Windows\system32\RunDll32.exe (ID: 5456 |ParentID: 6292)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
04 - HKLM\SOFTWARE | Run : [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
04 - HKLM\SOFTWARE | Run : [PCTD Service Activation] - "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter
04 - HKLM\SOFTWARE | Run : [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\fd7deffe-909a-455e-ac50-36c8f3c93bec.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [PCTD Service Activation] - "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter
04 - HKLM\SOFTWARE\wow6432Node | Run : [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\fd7deffe-909a-455e-ac50-36c8f3c93bec.exe /check
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\SOFTWARE | Run : [Google Update] - "C:\Users\rodrigoleandro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\SOFTWARE | Run : [Copy] - "C:\Users\rodrigoleandro\AppData\Roaming\Copy\CopyAgent.exe"
04 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Found ! C:\Users\rodrigoleandro\AppData\Roaming\unins000.exe
Found ! C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe
Found ! C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Found ! D:\Microsoft.vbe
Found ! D:\Gabarito ANPEC 2014 - Estatística (1).lnk
Found ! D:\Gabarito ANPEC 2014 - Estatística 2.lnk
Found ! D:\Gabarito ANPEC 2014 - Estatística 2 (1).lnk
Found ! D:\Gabarito ANPEC 2014 - Estatística.lnk
Found ! D:\Estatistica Inclusoes e Correçoes Cap 1.lnk
Found ! D:\STDBSTR.lnk
Found ! D:\STDBDATA.lnk
Found ! D:\RAMLIST.lnk
Found ! D:\SETTINGS.lnk

################## | Reference of comparison MD5 |

Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> D:\Microsoft.vbe
Md5 : 45D18DC0CA53BFFAA11F992BEF63280D -> C:\Users\rodrigoleandro\AppData\Roaming\unins000.exe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe

################## | Comparison MD5 |

Found ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\rodrigoleandro\AppData\Local\Temp\Microsoft.vbe
Found ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Found ! Md5 : 45D18DC0CA53BFFAA11F992BEF63280D -> C:\Users\rodrigoleandro\AppData\Roaming\unins000.exe
Found ! Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> D:\Microsoft.vbe

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 1
Found ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 1
Found ! HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Found ! HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Found ! HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |

por Wings [In Memoriam] Qua 27 Nov 2013, 12:44

A origem da contaminação está no pen drive. A presença da chave abaixo no registro, não foi encontrada em nenhum relatório. Ela pode ter sido o motivo da detecção do Avast:

04 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe"

Ou ao conectar o pen drive no PC a contaminação retornou.

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 772309

Mantenha conectado o pen drive no PC

*Clique com o botão direito do mouse no UsbFix e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Supressão] e cole o relatório apresentado

por rodrigoleandro Qua 27 Nov 2013, 12:59

'Tá em ingles, eu cliquei em Deletion (certo?). Ele tá varrendo, mas é meio lento, tá em 26%...

por Wings [In Memoriam] Qua 27 Nov 2013, 13:00

rodrigoleandro escreveu:'Tá em ingles, eu cliquei em Deletion (certo?). Ele tá varrendo, mas é meio lento, tá em 26%...

OK...correto. Seu Windows não deve ser pt-BR.

por rodrigoleandro Qua 27 Nov 2013, 13:03

############################## | UsbFix V 7.152 | [Deletion]

User: rodrigoleandro (Administrator) # HOMELAPTOP
Updated 20/11/2013 by El Desaparecido - Team SosVirus
Started at 12:56:27 | 27/11/2013

Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

PC: Sony Corporation (VAIO)
CPU: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
RAM -> [Total : 6060 | Free : 3905]
Bios: INSYDE
Boot: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428
WB: Google Chrome : 31.0.1650.57
WB: Mozilla Firefox : 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 454 Gb (322 Mb free - 71%) [] # NTFS
D:\ -> Removable drive # 2 Gb (802 Mb free - 42%) [] # FAT32
E:\ -> CD-ROM
F:\ -> Fixed drive # 466 Gb (394 Mb free - 84%) [SAMSUNG] # NTFS

################## | Stopped processes |

Stopped! C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (ID: 576 |ParentID: 716)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1604 |ParentID: 716)
Stopped! C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (ID: 5280 |ParentID: 5176)
Stopped! C:\Program Files\AVAST Software\Avast\avastui.exe (ID: 2552 |ParentID: 5268)
Stopped! C:\Windows\explorer.exe (ID: 4508 |ParentID: 772)
Stopped! C:\Windows\System32\rundll32.exe (ID: 5036 |ParentID: 876)
Stopped! C:\PROGRA~2\GbPlugin\GbpSv.exe (ID: 3736 |ParentID: 716)
Stopped! C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (ID: 5824 |ParentID: 716)
Stopped! C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (ID: 2536 |ParentID: 5824)
Stopped! C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (ID: 4324 |ParentID: 5824)
Stopped! C:\Windows\SysWOW64\DllHost.exe (ID: 2696 |ParentID: 876)
Stopped! C:\Windows\SysWOW64\DllHost.exe (ID: 8648 |ParentID: 876)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 4164 |ParentID: 716)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 6088 |ParentID: 716)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 8740 |ParentID: 716)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 3760 |ParentID: 716)
Stopped! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 6712 |ParentID: 4508)
Stopped! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 1348 |ParentID: 6712)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 4400 |ParentID: 716)
Stopped! C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (ID: 2448 |ParentID: 716)
Stopped! C:\Windows\System32\vds.exe (ID: 964 |ParentID: 716)
Stopped! C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (ID: 5556 |ParentID: 716)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 3024 |ParentID: 716)
Stopped! C:\Windows\system32\taskeng.exe (ID: 8436 |ParentID: 1160)
Stopped! C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (ID: 8760 |ParentID: 8436)
Stopped! C:\Program Files\Sony\VAIO Update\VUAgent.exe (ID: 3064 |ParentID: 716)
Stopped! C:\Program Files\Sony\VAIO Care\VCService.exe (ID: 6068 |ParentID: 716)
Stopped! C:\Users\rodrigoleandro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (ID: 8856 |ParentID: 2848)
Stopped! C:\Windows\System32\WUDFHost.exe (ID: 7356 |ParentID: 1108)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
04 - HKLM\SOFTWARE | Run : [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
04 - HKLM\SOFTWARE | Run : [PCTD Service Activation] - "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter
04 - HKLM\SOFTWARE | Run : [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\fd7deffe-909a-455e-ac50-36c8f3c93bec.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [PCTD Service Activation] - "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter
04 - HKLM\SOFTWARE\wow6432Node | Run : [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\fd7deffe-909a-455e-ac50-36c8f3c93bec.exe /check
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\SOFTWARE | Run : [Google Update] - "C:\Users\rodrigoleandro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\SOFTWARE | Run : [Copy] - "C:\Users\rodrigoleandro\AppData\Roaming\Copy\CopyAgent.exe"
04 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\SOFTWARE | Run : [Microsoft] - wscript.exe //B "C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Deleted ! C:\Users\rodrigoleandro\AppData\Roaming\unins000.exe
Deleted ! C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe
Deleted ! C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Deleted ! D:\Microsoft.vbe
Deleted ! D:\Gabarito ANPEC 2014 - Estatística (1).lnk
Deleted ! D:\Gabarito ANPEC 2014 - Estatística 2.lnk
Deleted ! D:\Gabarito ANPEC 2014 - Estatística 2 (1).lnk
Deleted ! D:\Gabarito ANPEC 2014 - Estatística.lnk
Deleted ! D:\Estatistica Inclusoes e Correçoes Cap 1.lnk
Deleted ! D:\STDBSTR.lnk
Deleted ! D:\STDBDATA.lnk
Deleted ! D:\RAMLIST.lnk
Deleted ! D:\SETTINGS.lnk

(!) Temporary files deleted.

################## | Reference of comparison MD5 |

Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> D:\Microsoft.vbe
Md5 : 45D18DC0CA53BFFAA11F992BEF63280D -> C:\Users\rodrigoleandro\AppData\Roaming\unins000.exe
Md5 : D052FDF9CFFCAA72B3CBC131B97ADCF3 -> C:\Users\rodrigoleandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe

################## | Comparison MD5 |

################## | Registry |

Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Repaired ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 0
Repaired ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 0
Deleted ! HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\Software\Microsoft\Windows\CurrentVersion\Run|MICROSOFT
Deleted ! HKU\S-1-5-21-1936609884-2516521256-3717987380-1000\Software\.\.\.\.\Mountpoints2\{ad30eea9-48ae-11e1-b0b1-60d819e1f583}

################## | Listing |

[05/02/2012 - 20:11:51 | SHD ] C:\$Recycle.Bin
[27/04/2013 - 14:21:46 | D ] C:\Arquivos de Programas RFB
[02/12/2012 - 13:55:50 | D ] C:\Cambridge
[25/11/2013 - 09:51:23 | HD ] C:\Config.Msi
[27/09/2011 - 00:12:29 | D ] C:\Documentation
[14/07/2009 - 03:08:56 | SHD ] C:\Documents and Settings
[07/01/2012 - 18:04:49 | D ] C:\e7106b8be94c9d8632a082747cc578dd
[27/11/2013 - 12:07:28 | ASH | 4765667328] C:\hiberfil.sys
[26/09/2011 - 23:22:54 | D ] C:\Intel
[06/01/2012 - 06:39:25 | RHD ] C:\MSOCache
[27/11/2013 - 12:07:31 | ASH | 6354223104] C:\pagefile.sys
[14/07/2009 - 01:20:08 | D ] C:\PerfLogs
[27/11/2013 - 11:36:22 | D ] C:\Program Files
[27/11/2013 - 11:36:22 | D ] C:\Program Files (x86)
[27/11/2013 - 11:39:18 | HD ] C:\ProgramData
[26/09/2011 - 23:28:45 | N | 2175] C:\RHDSetup.log
[04/03/2012 - 16:13:47 | D ] C:\sw55
[27/11/2013 - 11:49:45 | SHD ] C:\System Volume Information
[28/04/2012 - 15:35:44 | D ] C:\temp
[12/11/2013 - 12:17:35 | N | 85297] C:\test.xml
[21/10/2013 - 13:31:49 | D ] C:\Update
[27/11/2013 - 13:02:30 | D ] C:\UsbFix
[27/11/2013 - 13:02:40 | A | 10338] C:\UsbFix [Clean 1] HOMELAPTOP.txt
[27/11/2013 - 12:17:46 | N | 14231] C:\UsbFix [Scan 1] HOMELAPTOP.txt
[27/11/2013 - 12:55:17 | N | 11862] C:\UsbFix [Scan 2] HOMELAPTOP.txt
[06/01/2012 - 06:02:38 | RD ] C:\Users
[27/09/2011 - 00:50:50 | D ] C:\VAIO Sample Contents
[27/11/2013 - 10:58:39 | D ] C:\Windows
[12/01/2013 - 12:30:44 | D ] C:\Working
[27/09/2011 - 00:12:29 | D ] C:\_FS_SWRINFO
[27/12/2002 - 18:44:58 | N | 4194304] D:\STDBSTR.DAT
[27/12/2002 - 18:44:58 | N | 8192] D:\STDBSTR.IDX
[27/12/2002 - 18:44:58 | N | 3883008] D:\STDBDATA.DAT
[27/12/2002 - 18:44:58 | N | 848] D:\STDBDATA.IDX
[27/12/2002 - 18:44:58 | D ] D:\Record
[27/12/2002 - 18:44:58 | N | 1192065] D:\RAMLIST.DAT
[27/12/2002 - 18:44:58 | N | 708] D:\SETTINGS.DAT
[20/11/2013 - 18:51:28 | D ] D:\Arquivos
[15/10/2008 - 17:03:18 | D ] D:\Aaron Keyes
[08/10/2008 - 22:56:20 | D ] D:\Delirious
[08/10/2008 - 23:42:12 | D ] D:\Hillsong
[09/05/2010 - 23:27:26 | D ] D:\Various Artists
[10/05/2010 - 00:13:28 | D ] D:\Michael W. Smith
[21/11/2010 - 20:37:52 | D ] D:\FRED ARRAIS
[21/11/2010 - 21:10:30 | D ] D:\Bowing Down
[03/02/2011 - 12:11:10 | D ] D:\Jason Lee Jones & Richest of Fare
[03/02/2011 - 11:44:30 | D ] D:\Davi Silva
[03/02/2011 - 12:31:48 | D ] D:\Antonio Cirilo
[07/02/2011 - 11:17:30 | D ] D:\Santa geração 14
[07/02/2011 - 11:29:14 | D ] D:\Coracoes Ardentes
[29/10/2013 - 23:11:14 | D ] D:\VOA
[29/10/2013 - 23:16:24 | D ] D:\NPR
[20/11/2013 - 14:30:16 | N | 530687] D:\Gabarito ANPEC 2014 - Estatística 2.docx
[20/11/2013 - 14:31:38 | N | 530687] D:\Gabarito ANPEC 2014 - Estatística 2 (1).docx
[20/11/2013 - 14:32:26 | N | 495865] D:\Gabarito ANPEC 2014 - Estatística.docx
[20/11/2013 - 14:32:36 | N | 501560] D:\Gabarito ANPEC 2014 - Estatística (1).docx
[20/11/2013 - 15:17:34 | N | 21115] D:\Estatistica Inclusoes e Correçoes Cap 1.docx
[18/11/2013 - 17:31:42 | D ] E:\Rodrigo Leandro
[30/09/2013 - 18:24:03 | D ] F:\$RECYCLE.BIN
[06/05/2013 - 22:38:24 | N | 56] F:\.dropbox.device
[28/08/2013 - 16:53:33 | N | 2019715] F:\Avaliação de contratação de profissional na área quantitativa 28-08-2013.pptx
[06/05/2013 - 19:04:05 | D ] F:\Backup
[25/04/2013 - 12:38:30 | D ] F:\Censo
[07/06/2013 - 13:54:32 | D ] F:\Censo Escolar
[13/06/2013 - 10:55:22 | D ] F:\Informality_Dico
[17/05/2013 - 19:13:17 | D ] F:\IR
[30/09/2013 - 18:25:34 | D ] F:\PNAD
[24/04/2013 - 16:36:10 | D ] F:\Samsung Software
[26/04/2013 - 17:42:53 | SHD ] F:\System Volume Information

################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |

por Wings [In Memoriam] Qua 27 Nov 2013, 13:14

Desconecte o pen drive

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo 772309

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de OldTimer) e salve-o no Desktop (Área de Trabalho)

*Execute-o, copie e cole as linhas em marrom no espaço abaixo de Exames Personalizados/Correções. Se o Windows estiver na linguagem inglesa: Custom Scans/Fixes

:OTL
O4 - HKU\S-1-5-21-1936609884-2516521256-3717987380-1000..\Run: [Microsoft] wscript.exe //B "C:\Users\RODRIG~1\AppData\Local\Temp\Microsoft.vbe"

:Commands
[emptytemp]

*Clique [Consertar] ou [Run Fix]

*Clique [OK] para reiniciar o PC

*Ao reiniciar, caso o UAC esteja ativado, surgirá uma janela de Aviso de Segurança do Windows perguntando se deseja executar o OTL. Clique [Executar]

*Cole o relatório C:\_OTL\MovedFiles\mêsdiaano_horaminutossegundos.log

Informe se foi rersolvido

por rodrigoleandro Qua 27 Nov 2013, 13:29

Wings,

Segue o relatório.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1936609884-2516521256-3717987380-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft not found.
File move failed. C:\Windows\SysWow64\wscript.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: rodrigoleandro
->Temp folder emptied: 1621423578 bytes
->Temporary Internet Files folder emptied: 264187267 bytes
->Java cache emptied: 1610738 bytes
->FireFox cache emptied: 96696074 bytes
->Google Chrome cache emptied: 273309796 bytes
->Flash cache emptied: 36563 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 869970303 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42420509 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 759 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.023,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11272013_131731

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWow64\wscript.exe scheduled to be moved on reboot.
C:\Users\rodrigoleandro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\rodrigoleandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

por Wings [In Memoriam] Qua 27 Nov 2013, 13:30

Informe se foi resolvido.

por rodrigoleandro Qua 27 Nov 2013, 13:33

Obrigado Wings.

Eu acho q sim pois o Avast não está mais alertando. Muito obrigado mesmo pela ajuda. :rindo_ate_agor

por Conteúdo patrocinado

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Re: Avast detectando http://pthacker.no-ip.org:8080/is-ready o tempo todo

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31