UsbFix... Nossa, realmente tinha infecção.... e o infeliz do MalwareByte não excluiu... e inclusive eu acabei de fazer uma varredura com o Malwarebytes e ele ainda está acusando esse HKLM no meu note.
<strong>############################## | UsbFix V 7.999.97 | [Limpar]</strong>
Usuário: asus (Administrador) # PC3
Atualizado em 26/07/2015 por El Desaparecido - SosVirus
Começou em 22:39:19 | 26/07/2015
Site : <a href="http://www.pt.usbfix.net/" target="_blank">http://www.pt.usbfix.net/</a>
Changelog : <a href="http://www.usbfix.net/maj/" target="_blank">http://www.usbfix.net/maj/</a>
Asistencia : <a href="http://www.sos-virus.net/" target="_blank">http://www.sos-virus.net/</a>
Detecção en vivo : <a href="http://www.como-remover.com/category/usb-virus/" target="_blank">http://www.como-remover.com/category/usb-virus/</a>
Contato : <a href="http://www.pt.usbfix.net/contato/" target="_blank">http://www.pt.usbfix.net/contato/</a>
<strong>################## | System information |</strong>
MB: ASUSTeK COMPUTER INC. (S400CA)
CPU: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
GC: Intel(R) HD Graphics 4000
RAM -> [Total : 3982 Mo | Free : 1712 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft™ Windows 8 Single Language (6.2.9200 64-Bit)
WB: Internet Explorer : 10.00.9200.16384
WB: Google Chrome : 44.0.2403.107
<strong>################## | Security Information |</strong>
AV: Windows Defender [<strong>(!) Não ativo</strong> |Atualizado]
AV: avast! Antivirus [<strong>(!) Não ativo</strong> |Atualizado]
AS: Windows Defender [<strong>(!) Não ativo</strong> |Atualizado]
AS: avast! Antivirus [<strong>(!) Não ativo</strong> |Atualizado]
FW: avast! Antivirus [<strong>(!) Não ativo</strong>]
AS: Malwarebytes Anti-Malware : 2.1.8.1057
FW: Windows Firewall [Ativo]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]
<strong>################## | Disk Information |</strong>
C:\ (%SystemDrive%) -> Disco fixo # 186 Gb (127 Gb livre - 68%) [OS] # NTFS
D:\ -> Disco fixo # 258 Gb (258 Gb livre - 100%) [Data] # NTFS
E:\ -> CD-ROM # 15 Mb (0 Mb livre - 0%) [Mobile Partner] # CDFS
F:\ -> Disco removível # 2 Gb (1 Gb livre - 67%) [SÁVILA CEL] # FAT
G:\ -> Disco removível # 4 Gb (10 Mb livre - 0%) [] # FAT
<strong>################## | Procura genérica |</strong>
Supprimido! C:\Windows\SysWOW64\ASUS.scr
Supprimido! C:\Program Files\ASUS\ASUS Screen Saver\data\ASUS.scr
(!) Ficheiros temporários suprimido. (25.8210439682007 MB)
<strong>################## | Startup |</strong>
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
04 - HKLM\..\Run : [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
04 - HKLM\..\Run : [ATLauncher] "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
04 - HKLM\..\Run : [ATUninstallIcon] "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [DptfPolicyLpmServiceHelper] C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
04 - [x64] HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
<strong>################## | UsbFix - Informação |</strong>
Info : <a href="'https://www.youtube.com/watch?v=vUZYYASd7FE'" target="_blank">Como remover o vírus do atalho no disco flash (Vídeo)</a>
Info : <a href="'http://www.pt.usbfix.net/2015/03/como-remover-o-virus-que-transforma-pastas-e-arquivos-em-atalhos/'" target="_blank">Como remover o vírus que transforma pastas e arquivos em atalhos ?</a>
Detecção en vivo : <a href="http://www.como-remover.com/category/usb-virus/" target="_blank">http://www.como-remover.com/category/usb-virus/</a>
<strong>################## | C:\ %SystemDrive% - Disco fixo (NTFS) |</strong>
[26/07/2015 - 12:26:27 | ASH | 3261808 Ko] - C:\hiberfil.sys
[26/07/2015 - 12:26:28 | ASH | 1900544 Ko] - C:\pagefile.sys
[26/07/2015 - 12:26:28 | ASH | 262144 Ko] - C:\swapfile.sys
[14/05/2013 - 05:12:56 | N | 6146 Ko] - C:\S400CA.BIN
[12/06/2015 - 00:35:13 | SHD] - C:\$Recycle.Bin
[05/06/2015 - 14:55:02 | D] - C:\$Windows.~BT
[02/06/2012 - 11:30:55 | N | 0 Ko] - C:\BOOTNXT
[26/07/2012 - 00:44:30 | RASH | 389 Ko] - C:\bootmgr
[26/07/2012 - 04:22:08 | SHD] - C:\Documents and Settings
[26/07/2012 - 04:33:46 | D] - C:\PerfLogs
[25/04/2013 - 20:30:56 | SHD] - C:\Boot
[21/05/2015 - 14:55:45 | D] - C:\Intel
[21/05/2015 - 15:09:11 | D] - C:\eSupport
[21/05/2015 - 15:09:38 | D] - C:\AsusVibeData
[21/05/2015 - 16:41:32 | RD] - C:\Users
[22/06/2015 - 00:07:25 | D] - C:\sources
[23/06/2015 - 12:37:01 | RHD] - C:\MSOCache
[24/07/2015 - 21:37:34 | RD] - C:\Program Files (x86)
[24/07/2015 - 23:27:54 | RD] - C:\Program Files
[25/07/2015 - 23:31:32 | D] - C:\Windows
[26/07/2015 - 12:13:25 | HD] - C:\ProgramData
[26/07/2015 - 12:26:34 | D] - C:\FRST
[26/07/2015 - 22:38:33 | D] - C:\UsbFix
<strong>################## | D:\ - Disco fixo (NTFS) |</strong>
[24/07/2015 - 23:35:07 | SHD] - D:\$RECYCLE.BIN
[24/07/2015 - 21:18:46 | D] - D:\FFOutput
<strong>################## | F:\ - Disco removível (FAT) |</strong>
[26/05/2015 - 12:28:02 | D] - F:\LOST.DIR
[01/07/2015 - 01:13:42 | A | 40 Ko] - F:\CV_ADM.doc
[29/06/2015 - 21:51:30 | A | 44 Ko] - F:\CV_ELÉTRICA.doc
[24/07/2015 - 16:59:32 | A | 644914 Ko] - F:\Rec012.avi
<strong>################## | G:\ - Disco removível (FAT) |</strong>
[05/10/2012 - 19:59:52 | D] - G:\autorun.inf
[22/04/2009 - 11:28:24 | A | 104 Ko] - G:\setup.exe
[03/09/2013 - 22:50:34 | A | 13 Ko] - G:\A imigração Italiana para o Brasil tornou.docx
[11/10/2013 - 01:39:40 | A | 28 Ko] - G:\curriculo andré (1).doc
[29/06/2015 - 21:51:30 | A | 44 Ko] - G:\CV_ELÉTRICA.doc
[24/07/2015 - 15:45:56 | A | 1025142 Ko] - G:\Rec011.avi
[23/07/2015 - 15:56:34 | A | 1102330 Ko] - G:\Rec008.avi
[23/07/2015 - 17:00:32 | A | 378433 Ko] - G:\Rec009.avi
[24/07/2015 - 14:59:06 | A | 1383893 Ko] - G:\Rec010.avi
[1356/1356/18384 - 63176:180:6824 | A | 0 Ko] - G:\autorun.inf\con
[1356/1356/18360 - 63176:180:7112 | A | 0 Ko] - G:\autorun.inf\Nul.protected
<strong>################## | Vaccin |</strong>
C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
F:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
G:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
<strong>################## | E.O.F | <a href="http://www.sosvirus.net/" target="_blank">http://www.sosvirus.net/</a> | <a href="http://www.pt.usbfix.net/" target="_blank">http://www.pt.usbfix.net/</a> |</strong>