Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
rafamaceno

Remoção de virus

Recommended Posts

Olá, começou a abrir uma propagandas completamente diferentes aqui.. acabam até prejudicando o layout de qualquer site que eu entro...

 

Provavelmente algum plugin invasor foi instalado enquanto eu instalava algo e não estava atento.

 

logs:

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.51.2
Run by Sonia at 17:31:26 on 2014-05-29
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2013.898 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\ProgramData\IePluginService\PluginService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BlockAndSurf-soft\BlockAndSurfC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1
mStart Page = hxxp://www.v9.com/?type=hp&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1
mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1&q={searchTerms}
mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1
mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1&q={searchTerms}
uProxyServer = hxxp=127.0.0.1:49455;https=127.0.0.1:49455
uProxyOverride = <-loopback>
BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - c:\program files\mediaplayerplus\MediaPlayerplus-bho.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files\suptab\SupTab.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
TCP: Interfaces\{36FFB24E-F763-4950-B949-E2980042FD6E} : NameServer = 172.16.0.1 187.17.173.34
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sonia\appdata\roaming\mozilla\firefox\profiles\qvm829ln.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.v9.com/?type=hppp&ts=1400357889&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=342ada80f
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\sonia\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.shownSelectionUI - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-2-21 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-2-21 180632]
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys [2014-5-7 52920]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-2-21 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-2-21 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-6 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-2-21 67824]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-6 50344]
R2 IePluginService;IePlugin Service;c:\programdata\iepluginservice\pluginservice.exe -service --> c:\programdata\iepluginservice\PluginService.exe -service [?]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2014-2-21 8192]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-4-1 4971840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2014-4-11 67624]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-5-6 68312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-05-07 19:59:50    --------    d-----w-    c:\program files\YouTiube2Avi
2014-05-07 10:34:58    52920    ----a-w-    c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
2014-05-07 10:13:46    --------    d-----w-    c:\programdata\2308189059
2014-05-07 02:54:27    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-05-07 02:54:25    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-05-07 02:54:19    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-07 02:43:06    --------    d-----w-    c:\programdata\9d293b6c671d20c7
2014-05-07 02:42:59    --------    d-----w-    c:\programdata\YouTiube2Avi
2014-05-07 02:20:16    --------    d-----w-    c:\users\sonia\appdata\roaming\Baidu
2014-05-07 02:20:02    --------    d-----w-    c:\programdata\Baidu Security
2014-05-07 02:19:56    --------    d-----w-    c:\programdata\baidu
2014-05-07 02:19:54    --------    d-----w-    c:\program files\Baidu Security
2014-05-07 02:15:28    --------    d-----w-    c:\program files\BlockAndSurf-soft
2014-05-07 02:14:10    --------    d-----w-    c:\program files\webget
2014-05-07 02:14:06    --------    d-----w-    c:\users\sonia\appdata\roaming\raidcall
2014-05-07 02:14:02    --------    d-----w-    c:\program files\RaidCall.BR
2014-05-07 02:12:08    --------    d-----w-    c:\users\sonia\appdata\local\com
2014-05-06 22:11:54    --------    d-----w-    c:\users\sonia\appdata\roaming\SupTab
2014-05-06 22:11:54    --------    d-----w-    c:\programdata\IePluginService
2014-05-06 22:11:53    --------    d-----w-    c:\program files\SupTab
2014-05-06 22:07:34    --------    d-----w-    c:\users\sonia\appdata\roaming\v9
2014-05-06 22:06:53    1745440    ----a-w-    c:\users\sonia\appdata\local\nst1C3A.tmp
2014-05-06 22:04:39    --------    d-----w-    c:\users\sonia\appdata\local\SearchProtect
2014-04-30 12:48:55    --------    d-----w-    c:\users\sonia\appdata\roaming\Eurobattle.net
.
==================== Find3M  ====================
.
2014-05-23 19:01:34    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-23 19:01:34    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-15 10:03:33    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-07 02:54:20    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-05-07 02:54:20    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400148213922
2014-05-07 02:54:20    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-05-07 02:54:20    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-07 02:54:20    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1400148213922
2014-05-07 02:54:20    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-04-12 04:29:44    801792    ----a-w-    c:\windows\system32\FntCache.dll
2014-04-12 04:29:44    728448    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-04-12 04:29:44    442880    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-04-12 04:29:44    3181568    ----a-w-    c:\windows\system32\mf.dll
2014-04-12 04:29:44    283648    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-04-12 04:29:44    219008    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2014-04-12 04:29:44    196608    ----a-w-    c:\windows\system32\mfreadwrite.dll
2014-04-12 04:29:44    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2014-04-12 04:29:44    1495040    ----a-w-    c:\windows\system32\ExplorerFrame.dll
2014-04-12 04:29:44    135168    ----a-w-    c:\windows\system32\XpsRasterService.dll
2014-04-12 04:29:44    107520    ----a-w-    c:\windows\system32\cdd.dll
2014-04-11 18:46:55    44    ----a-w-    c:\windows\wawx_dumpreg64.dll
2014-03-31 12:35:10    231584    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:31:52,34 ===============
 

 

Attach

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 21/02/2014 16:41:25
System Uptime: 29/05/2014 15:04:35 (2 hours ago)
.
Motherboard: MSI |  | G41M-S01 (MS-7592)
Processor: Pentium® Dual-Core  CPU      E5700  @ 3.00GHz | CPU 1 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 129,44 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Baidu Protect
Device ID: ROOT\LEGACY_BPROTECT\0000
Manufacturer:
Name: Baidu Protect
PNP Device ID: ROOT\LEGACY_BPROTECT\0000
Service: Bprotect
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Túnel Teredo da Microsoft
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Baidu NetDefense
Device ID: ROOT\LEGACY_BNDEF\0000
Manufacturer:
Name: Baidu NetDefense
PNP Device ID: ROOT\LEGACY_BNDEF\0000
Service: Bndef
.
==== System Restore Points ===================
.
RP29: 12/04/2014 01:17:44 - Windows Update
RP30: 22/04/2014 19:21:55 - Ponto de Verificação Agendado
RP31: 30/04/2014 11:55:21 - Ponto de Verificação Agendado
RP33: 06/05/2014 23:49:58 - avast! antivirus system restore point
RP34: 14/05/2014 15:09:03 - Ponto de Verificação Agendado
RP35: 22/05/2014 19:09:08 - Ponto de Verificação Agendado
.
==== Installed Programs ======================
.
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)  MUI
µTorrent
AutoCAD 2014 - English
AutoCAD 2014 Language Pack - English
Autodesk 360
Autodesk App Manager
Autodesk AutoCAD 2014 - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Featured Apps
Autodesk Material Library 2014
Autodesk Material Library Base Resolution Image Library 2014
Autodesk ReCap
Autodesk ReCap Language Pack-English
avast! Free Antivirus
Broadcom 802.11n Network Adapter
CCleaner
Eurobattle.net
FARO LS 1.1.501.0
Garena HostBot v6.0
Garena Plus
Google Chrome
Intel® Graphics Media Accelerator Driver
Java 7 Update 51
Java Auto Updater
K-Lite Mega Codec Pack 8.7.0
Legendas 2.32
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
Nero 8 Lite 8.2.8.0
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
PhotoScape
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SketchUp Import for AutoCAD 2014
Skype™ 6.14
System Requirements Lab for Intel
TeamViewer 9
UltraISO Premium V9.52
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
WinRAR 5.01 (32-bit)
.
==== End Of File ===========================
 

 

Gmer

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-29 17:42:07
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD5000AVVS-63H0B1 rev.05.04C05 465,76GB
Running: 61796cjp.exe; Driver: C:\Users\Sonia\AppData\Local\Temp\ugloypod.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwAddBootEntry [0x8D847AA0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwAssignProcessToJobObject [0x8D84857E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateEvent [0x8D8545C8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateEventPair [0x8D854614]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateIoCompletion [0x8D8547AE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateMutant [0x8D854536]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwCreateSection [0x8D8FE6D2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateSemaphore [0x8D85457E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateThread [0x8D848AB4]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateThreadEx [0x8D848CD0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateTimer [0x8D854768]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDebugActiveProcess [0x8D84936C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDeleteBootEntry [0x8D847B06]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDuplicateObject [0x8D84CB40]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwLoadDriver [0x8D8476F2]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwMapViewOfSection [0x8D8FE7B2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwModifyBootEntry [0x8D847B6C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwNotifyChangeKey [0x8D84CF36]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwNotifyChangeMultipleKeys [0x8D849E54]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenEvent [0x8D8545F2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenEventPair [0x8D854636]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenIoCompletion [0x8D8547D2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenMutant [0x8D85455C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenProcess [0x8D84C43A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenSection [0x8D8546E6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenSemaphore [0x8D8545A6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenThread [0x8D84C822]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenTimer [0x8D85478C]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwProtectVirtualMemory [0x8D8FE556]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwQueryObject [0x8D849CC8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwQueueApcThreadEx [0x8D8499D6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetBootEntryOrder [0x8D847BD2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetBootOptions [0x8D847C38]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwSetContextThread [0x8D8FE8AE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetSystemInformation [0x8D84778C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetSystemPowerState [0x8D84795E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwShutdownSystem [0x8D8478EC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSuspendProcess [0x8D849536]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSuspendThread [0x8D849698]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSystemDebugControl [0x8D8479E6]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwTerminateProcess [0x8D8FE624]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwTerminateThread [0x8D8491C6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwVdmControl [0x8D847C9E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwWriteVirtualMemory [0x8D8485DA]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                          8284D829 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             82872132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!RtlSidHashLookup + 224                                                                82879904 4 Bytes  [A0, 7A, 84, 8D]
.text  ntkrnlpa.exe!RtlSidHashLookup + 2AC                                                                8287998C 4 Bytes  [7E, 85, 84, 8D]
.text  ntkrnlpa.exe!RtlSidHashLookup + 300                                                                828799E0 8 Bytes  [C8, 45, 85, 8D, 14, 46, 85, ...]
.text  ntkrnlpa.exe!RtlSidHashLookup + 30C                                                                828799EC 4 Bytes  [AE, 47, 85, 8D]
.text  ntkrnlpa.exe!RtlSidHashLookup + 328                                                                82879A08 4 Bytes  [36, 45, 85, 8D]
.text  ...                                                                                                
?      C:\Users\Sonia\AppData\Local\Temp\mbr.sys                                                          O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[388] kernel32.dll!GetBinaryTypeW + 70       75847934 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[428] kernel32.dll!GetBinaryTypeW + 70                                75847934 1 Byte  [62]
.text  C:\Windows\system32\wininit.exe[476] kernel32.dll!GetBinaryTypeW + 70                              75847934 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[488] kernel32.dll!GetBinaryTypeW + 70                                75847934 1 Byte  [62]
.text  C:\Windows\system32\services.exe[524] kernel32.dll!GetBinaryTypeW + 70                             75847934 1 Byte  [62]
.text  ...                                                                                                
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1260] kernel32.dll!SetUnhandledExceptionFilter  75833122 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1260] kernel32.dll!GetBinaryTypeW + 70          75847934 1 Byte  [62]
.text  C:\ProgramData\IePluginService\PluginService.exe[1416] kernel32.dll!GetBinaryTypeW + 70            75847934 1 Byte  [62]
.text  C:\Windows\system32\Dwm.exe[1572] kernel32.dll!GetBinaryTypeW + 70                                 75847934 1 Byte  [62]
.text  C:\Windows\System32\spoolsv.exe[1636] kernel32.dll!GetBinaryTypeW + 70                             75847934 1 Byte  [62]
.text  C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetBinaryTypeW + 70                             75847934 1 Byte  [62]
.text  ...                                                                                                
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[1828] kernel32.dll!SetUnhandledExceptionFilter   75833122 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[1828] kernel32.dll!GetBinaryTypeW + 70           75847934 1 Byte  [62]
.text  C:\Windows\system32\taskhost.exe[1844] kernel32.dll!GetBinaryTypeW + 70                            75847934 1 Byte  [62]
.text  C:\Windows\system32\taskeng.exe[1860] kernel32.dll!GetBinaryTypeW + 70                             75847934 1 Byte  [62]
.text  C:\Windows\system32\taskeng.exe[1944] kernel32.dll!GetBinaryTypeW + 70                             75847934 1 Byte  [62]
.text  C:\Program Files\BlockAndSurf-soft\BlockAndSurfC.exe[1992] kernel32.dll!GetBinaryTypeW + 70        75847934 1 Byte  [62]
.text  ...                                                                                                

---- EOF - GMER 2.1 ----
 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-06-08 23:57:53
    Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD5000AVVS-63H0B1 rev.05.04C05 465,76GB
    Running: 61796cjp.exe; Driver: C:\Users\Sonia\AppData\Local\Temp\ugloypod.sys


    ---- System - GMER 2.1 ----

    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwAddBootEntry [0x8D618AA0]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwAssignProcessToJobObject [0x8D61957E]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateEvent [0x8D6255C8]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateEventPair [0x8D625614]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateIoCompletion [0x8D6257AE]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateMutant [0x8D625536]
    SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwCreateSection [0x8D6CF6D2]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateSemaphore [0x8D62557E]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateThread [0x8D619AB4]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateThreadEx [0x8D619CD0]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwCreateTimer [0x8D625768]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDebugActiveProcess [0x8D61A36C]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDeleteBootEntry [0x8D618B06]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwDuplicateObject [0x8D61DB40]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwLoadDriver [0x8D6186F2]
    SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwMapViewOfSection [0x8D6CF7B2]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwModifyBootEntry [0x8D618B6C]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwNotifyChangeKey [0x8D61DF36]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwNotifyChangeMultipleKeys [0x8D61AE54]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenEvent [0x8D6255F2]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenEventPair [0x8D625636]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenIoCompletion [0x8D6257D2]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenMutant [0x8D62555C]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenProcess [0x8D61D43A]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenSection [0x8D6256E6]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenSemaphore [0x8D6255A6]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenThread [0x8D61D822]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwOpenTimer [0x8D62578C]
    SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwProtectVirtualMemory [0x8D6CF556]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwQueryObject [0x8D61ACC8]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwQueueApcThreadEx [0x8D61A9D6]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetBootEntryOrder [0x8D618BD2]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetBootOptions [0x8D618C38]
    SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwSetContextThread [0x8D6CF8AE]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetSystemInformation [0x8D61878C]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSetSystemPowerState [0x8D61895E]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwShutdownSystem [0x8D6188EC]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSuspendProcess [0x8D61A536]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSuspendThread [0x8D61A698]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwSystemDebugControl [0x8D6189E6]
    SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                             ZwTerminateProcess [0x8D6CF624]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwTerminateThread [0x8D61A1C6]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwVdmControl [0x8D618C9E]
    SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                            ZwWriteVirtualMemory [0x8D6195DA]

    ---- Kernel code sections - GMER 2.1 ----

    .text  ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                          82860829 1 Byte  [06]
    .text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             82885132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text  ntkrnlpa.exe!RtlSidHashLookup + 224                                                                8288C904 4 Bytes  [A0, 8A, 61, 8D]
    .text  ntkrnlpa.exe!RtlSidHashLookup + 2AC                                                                8288C98C 4 Bytes  [7E, 95, 61, 8D]
    .text  ntkrnlpa.exe!RtlSidHashLookup + 300                                                                8288C9E0 8 Bytes  [C8, 55, 62, 8D, 14, 56, 62, ...]
    .text  ntkrnlpa.exe!RtlSidHashLookup + 30C                                                                8288C9EC 4 Bytes  [AE, 57, 62, 8D]
    .text  ntkrnlpa.exe!RtlSidHashLookup + 328                                                                8288CA08 4 Bytes  [36, 55, 62, 8D]
    .text  ...                                                                                                
    ?      C:\Users\Sonia\AppData\Local\Temp\mbr.sys                                                          O sistema não pode encontrar o arquivo especificado. !

    ---- User code sections - GMER 2.1 ----

    .text  C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70                                76CB7934 1 Byte  [62]
    .text  C:\Windows\system32\wininit.exe[464] kernel32.dll!GetBinaryTypeW + 70                              76CB7934 1 Byte  [62]
    .text  C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70                                76CB7934 1 Byte  [62]
    .text  C:\Windows\system32\services.exe[524] kernel32.dll!GetBinaryTypeW + 70                             76CB7934 1 Byte  [62]
    .text  C:\Windows\system32\lsass.exe[548] kernel32.dll!GetBinaryTypeW + 70                                76CB7934 1 Byte  [62]
    .text  ...                                                                                                
    .text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1316] kernel32.dll!SetUnhandledExceptionFilter  76CA3122 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
    .text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1316] kernel32.dll!GetBinaryTypeW + 70          76CB7934 1 Byte  [62]
    .text  C:\Program Files\AVAST Software\Avast\avastui.exe[1392] kernel32.dll!SetUnhandledExceptionFilter   76CA3122 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
    .text  C:\Program Files\AVAST Software\Avast\avastui.exe[1392] kernel32.dll!GetBinaryTypeW + 70           76CB7934 1 Byte  [62]
    .text  C:\ProgramData\IePluginService\PluginService.exe[1480] kernel32.dll!GetBinaryTypeW + 70            76CB7934 1 Byte  [62]
    .text  C:\Windows\system32\Dwm.exe[1564] kernel32.dll!GetBinaryTypeW + 70                                 76CB7934 1 Byte  [62]
    .text  C:\Windows\Explorer.EXE[1588] kernel32.dll!GetBinaryTypeW + 70                                     76CB7934 1 Byte  [62]
    .text  C:\Windows\System32\spoolsv.exe[1672] kernel32.dll!GetBinaryTypeW + 70                             76CB7934 1 Byte  [62]
    .text  ...                                                                                                

    ---- EOF - GMER 2.1 ----
     

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 21/02/2014 16:41:25
    System Uptime: 08/06/2014 18:52:15 (5 hours ago)
    .
    Motherboard: MSI |  | G41M-S01 (MS-7592)
    Processor: Pentium® Dual-Core  CPU      E5700  @ 3.00GHz | CPU 1 | 3003/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 195 GiB total, 129,692 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Baidu Protect
    Device ID: ROOT\LEGACY_BPROTECT\0000
    Manufacturer:
    Name: Baidu Protect
    PNP Device ID: ROOT\LEGACY_BPROTECT\0000
    Service: Bprotect
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Adaptador de Túnel Teredo da Microsoft
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Baidu NetDefense
    Device ID: ROOT\LEGACY_BNDEF\0000
    Manufacturer:
    Name: Baidu NetDefense
    PNP Device ID: ROOT\LEGACY_BNDEF\0000
    Service: Bndef
    .
    ==== System Restore Points ===================
    .
    RP30: 22/04/2014 19:21:55 - Ponto de Verificação Agendado
    RP31: 30/04/2014 11:55:21 - Ponto de Verificação Agendado
    RP33: 06/05/2014 23:49:58 - avast! antivirus system restore point
    RP34: 14/05/2014 15:09:03 - Ponto de Verificação Agendado
    RP35: 22/05/2014 19:09:08 - Ponto de Verificação Agendado
    RP36: 30/05/2014 20:18:42 - Ponto de Verificação Agendado
    RP37: 07/06/2014 12:29:29 - Ponto de Verificação Agendado
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 13 Plugin
    Adobe Reader XI (11.0.07)  MUI
    µTorrent
    AutoCAD 2014 - English
    AutoCAD 2014 Language Pack - English
    Autodesk 360
    Autodesk App Manager
    Autodesk AutoCAD 2014 - English
    Autodesk Content Service
    Autodesk Content Service Language Pack
    Autodesk Featured Apps
    Autodesk Material Library 2014
    Autodesk Material Library Base Resolution Image Library 2014
    Autodesk ReCap
    Autodesk ReCap Language Pack-English
    avast! Free Antivirus
    Broadcom 802.11n Network Adapter
    CCleaner
    Eurobattle.net
    FARO LS 1.1.501.0
    Garena HostBot v6.0
    Garena Plus
    Google Chrome
    Intel® Graphics Media Accelerator Driver
    Java 7 Update 51
    Java Auto Updater
    K-Lite Mega Codec Pack 8.7.0
    Legendas 2.32
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile PTB Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended PTB Language Pack
    Microsoft Office Access MUI (Portuguese (Brazil)) 2010
    Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
    Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (Portuguese (Brazil)) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (Portuguese (Brazil)) 2010
    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
    Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
    Microsoft Office Word MUI (Portuguese (Brazil)) 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Mozilla Firefox 29.0.1 (x86 pt-BR)
    Mozilla Maintenance Service
    Nero 8 Lite 8.2.8.0
    Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
    Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
    PhotoScape
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    SketchUp Import for AutoCAD 2014
    Skype™ 6.14
    System Requirements Lab for Intel
    TeamViewer 9
    UltraISO Premium V9.52
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    WinRAR 5.01 (32-bit)
    .
    ==== End Of File ===========================
     

     

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.51.2
    Run by Sonia at 23:20:50 on 2014-06-08
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2013.939 [GMT -3:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\ProgramData\IePluginService\PluginService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Windows\system32\srvany.exe
    C:\Windows\KMService.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1
    mStart Page = hxxp://www.v9.com/?type=hp&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1
    mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1&q={searchTerms}
    mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1
    mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1&q={searchTerms}
    uProxyServer = hxxp=127.0.0.1:49455;https=127.0.0.1:49455
    uProxyOverride = <-loopback>
    BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - c:\program files\mediaplayerplus\MediaPlayerplus-bho.dll
    BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files\suptab\SupTab.dll
    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    TCP: Interfaces\{36FFB24E-F763-4950-B949-E2980042FD6E} : NameServer = 172.16.0.1 187.17.173.34
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs=  
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\sonia\appdata\roaming\mozilla\firefox\profiles\qvm829ln.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.v9.com/?type=hppp&ts=1401627964&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3436f7458
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\garena plus\bbtalk\plugins\npplugin\npGarenaTalkPlugin.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\users\sonia\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: extensions.shownSelectionUI - true
    .
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-2-21 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-2-21 180632]
    R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys [2014-5-7 52920]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-2-21 777488]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-2-21 411680]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-6 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-2-21 67824]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-5-6 68312]
    R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-12-13 12288]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-6 50344]
    R2 IePluginService;IePlugin Service;c:\programdata\iepluginservice\pluginservice.exe -service --> c:\programdata\iepluginservice\PluginService.exe -service [?]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [2014-2-21 8192]
    R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-4-1 4971840]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2014-4-11 67624]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M  ====================
    .
    2014-05-23 19:01:34    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-23 19:01:34    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2014-05-15 10:03:33    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
    2014-05-15 10:03:33    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
    2014-05-07 02:54:20    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
    2014-05-07 02:54:20    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400148213922
    2014-05-07 02:54:20    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-07 02:54:20    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
    2014-05-07 02:54:20    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1400148213922
    2014-05-07 02:54:20    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
    2014-05-07 02:54:20    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
    2014-05-07 02:54:19    43152    ----a-w-    c:\windows\avastSS.scr
    2014-04-28 13:23:34    52920    ----a-w-    c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
    2014-04-12 04:29:44    801792    ----a-w-    c:\windows\system32\FntCache.dll
    2014-04-12 04:29:44    728448    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-12 04:29:44    442880    ----a-w-    c:\windows\system32\XpsPrint.dll
    2014-04-12 04:29:44    3181568    ----a-w-    c:\windows\system32\mf.dll
    2014-04-12 04:29:44    283648    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
    2014-04-12 04:29:44    219008    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
    2014-04-12 04:29:44    196608    ----a-w-    c:\windows\system32\mfreadwrite.dll
    2014-04-12 04:29:44    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
    2014-04-12 04:29:44    1495040    ----a-w-    c:\windows\system32\ExplorerFrame.dll
    2014-04-12 04:29:44    135168    ----a-w-    c:\windows\system32\XpsRasterService.dll
    2014-04-12 04:29:44    107520    ----a-w-    c:\windows\system32\cdd.dll
    2014-04-11 18:46:55    44    ----a-w-    c:\windows\wawx_dumpreg64.dll
    2014-03-31 12:35:10    231584    ------w-    c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 23:21:27,81 ===============
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro rafamaceno

     

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
     
    Por favor, atente para o seguinte:
    • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
    O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
    Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
    Sempre coloque suas respostas neste tópico... Não abra outro!
    Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
    Respeite a ordem das instruções passadas.
    Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

    # Etapa nº 1 #

     
    Faça o download Junkware Removal Tool e salve em seu Desktop.
    • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
    • Clique duas vezes JRT.exe
      • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

      [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

     
    # Etapa nº 2 #
     

    • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    • Clique em Pesquisar
    No final do scan será aberto um log com o resultado.
    Caso algo seja detectado, clique então no botão Remover.
    Novamente, no final do scan será aberto um log com o resultado.
    Copie todo seu conteúdo e cole em sua próxima resposta.

     
    # Etapa nº 3 #
     
    Leia as instruções contidas neste link:
     
     
    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
    Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    [*]Duplo clique no icone desktopicon.png que está no desktop.
    [*]Leia e aceite as condições, digitando 1 e enter.
    [*]Computadores com Windows XP deverão instalar o Console de Recuperação:
    Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    Clique em "OK" ao EULA.
    Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde.
    [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
    [*]Poderá surgir o aviso que é necessário reiniciar o computador.
    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
    [*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
    Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 14-06-09.01 - Sonia 09/06/2014  16:03:23.1.2 - x86
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2013.988 [GMT -3:00]
    Executando de: c:\users\Sonia\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Criado um novo ponto de restauração
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmdkeifoklleaejifhohmopbmedojdk
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmdkeifoklleaejifhohmopbmedojdk\1.3\background.html
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmdkeifoklleaejifhohmopbmedojdk\1.3\content.js
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmdkeifoklleaejifhohmopbmedojdk\1.3\EsZgH9.js
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmdkeifoklleaejifhohmopbmedojdk\1.3\lsdb.js
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmdkeifoklleaejifhohmopbmedojdk\1.3\manifest.json
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akmdkeifoklleaejifhohmopbmedojdk_0.localstorage-journal
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akmdkeifoklleaejifhohmopbmedojdk_0.localstorage
    c:\users\Sonia\AppData\Local\Google\Chrome\User Data\Default\preferences
    c:\users\Sonia\AppData\Local\nst1C3A.tmp
    c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
    c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
    c:\windows\wawx_dumpreg64.dll
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-09 to 2014-06-09  ))))))))))))))))))))))))))))
    .
    .
    2014-06-09 19:09 . 2014-06-09 19:09    --------    d-----w-    c:\users\Sonia\AppData\Local\temp
    2014-06-09 19:09 . 2014-06-09 19:09    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-06-09 18:51 . 2014-06-09 18:54    --------    d-----w-    C:\AdwCleaner
    2014-06-09 18:46 . 2014-06-09 18:46    --------    d-----w-    c:\windows\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-23 19:01 . 2014-04-25 14:00    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-23 19:01 . 2014-04-25 14:00    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2014-05-15 10:03 . 2014-05-07 02:54    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
    2014-05-15 10:03 . 2014-02-21 20:03    411680    ----a-w-    c:\windows\system32\drivers\aswsp.sys
    2014-05-15 10:03 . 2014-02-21 20:03    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
    2014-05-07 02:54 . 2014-05-07 02:54    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
    2014-05-07 02:54 . 2014-02-21 20:03    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
    2014-05-07 02:54 . 2014-02-21 20:03    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
    2014-05-07 02:54 . 2014-05-07 02:54    43152    ----a-w-    c:\windows\avastSS.scr
    2014-05-07 02:54 . 2014-02-21 20:03    271264    ----a-w-    c:\windows\system32\aswBoot.exe
    2014-04-12 04:31 . 2014-04-12 04:31    86528    ----a-w-    c:\windows\system32\iesysprep.dll
    2014-04-12 04:31 . 2014-04-12 04:31    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
    2014-04-12 04:31 . 2014-04-12 04:31    48640    ----a-w-    c:\windows\system32\mshtmler.dll
    2014-04-12 04:31 . 2014-04-12 04:31    161792    ----a-w-    c:\windows\system32\msls31.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1129472    ----a-w-    c:\windows\system32\wininet.dll
    2014-04-12 04:31 . 2014-04-12 04:31    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\iesetup.dll
    2014-04-12 04:31 . 2014-04-12 04:31    63488    ----a-w-    c:\windows\system32\tdc.ocx
    2014-04-12 04:31 . 2014-04-12 04:31    421376    ----a-w-    c:\windows\system32\vbscript.dll
    2014-04-12 04:31 . 2014-04-12 04:31    367104    ----a-w-    c:\windows\system32\html.iec
    2014-04-12 04:31 . 2014-04-12 04:31    35840    ----a-w-    c:\windows\system32\imgutil.dll
    2014-04-12 04:31 . 2014-04-12 04:31    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
    2014-04-12 04:31 . 2014-04-12 04:31    23552    ----a-w-    c:\windows\system32\licmgr10.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1806848    ----a-w-    c:\windows\system32\jscript9.dll
    2014-04-12 04:31 . 2014-04-12 04:31    152064    ----a-w-    c:\windows\system32\wextract.exe
    2014-04-12 04:31 . 2014-04-12 04:31    150528    ----a-w-    c:\windows\system32\iexpress.exe
    2014-04-12 04:31 . 2014-04-12 04:31    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
    2014-04-12 04:31 . 2014-04-12 04:31    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
    2014-04-12 04:31 . 2014-04-12 04:31    11776    ----a-w-    c:\windows\system32\mshta.exe
    2014-04-12 04:31 . 2014-04-12 04:31    101888    ----a-w-    c:\windows\system32\admparse.dll
    2014-04-12 04:29 . 2014-04-12 04:29    801792    ----a-w-    c:\windows\system32\FntCache.dll
    2014-04-12 04:29 . 2014-04-12 04:29    728448    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-12 04:29 . 2014-04-12 04:29    442880    ----a-w-    c:\windows\system32\XpsPrint.dll
    2014-04-12 04:29 . 2014-04-12 04:29    3181568    ----a-w-    c:\windows\system32\mf.dll
    2014-04-12 04:29 . 2014-04-12 04:29    283648    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
    2014-04-12 04:29 . 2014-04-12 04:29    219008    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
    2014-04-12 04:29 . 2014-04-12 04:29    196608    ----a-w-    c:\windows\system32\mfreadwrite.dll
    2014-04-12 04:29 . 2014-04-12 04:29    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
    2014-04-12 04:29 . 2014-04-12 04:29    1495040    ----a-w-    c:\windows\system32\ExplorerFrame.dll
    2014-04-12 04:29 . 2014-04-12 04:29    135168    ----a-w-    c:\windows\system32\XpsRasterService.dll
    2014-04-12 04:29 . 2014-04-12 04:29    107520    ----a-w-    c:\windows\system32\cdd.dll
    2014-03-31 12:35 . 2014-02-23 15:09    231584    ------w-    c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-07 02:54    260976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 894344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync]
    2013-02-05 04:18    894344    ----a-w-    c:\program files\Autodesk\Autodesk Sync\AdSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 17:54    91520    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
    2014-04-29 09:28    9936176    ----a-w-    c:\program files\Garena Plus\GarenaMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2014-02-23 16:59    116648    ----atw-    c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2012-11-13 18:43    172064    ----a-w-    c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2012-11-13 18:43    138784    ----a-w-    c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 12:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [x]
    R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys [x]
    R1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys [x]
    R1 Bnbase;Bnbase;c:\windows\system32\drivers\bnbasex.sys [x]
    R1 Bndef;Baidu NetDefense;c:\windows\System32\drivers\bndef.sys [x]
    R1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys [x]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-15 68312]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 BHipsEx;Baidu HipsEx Driver;c:\windows\System32\drivers\BHipsEx.sys [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-15 777488]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-15 411680]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-07 24184]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-07 67824]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2014-02-21 8192]
    S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-03-25 4971840]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
    .
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-25 19:01]
    .
    2014-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000Core.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    2014-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000UA.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <-loopback>
    uInternet Settings,ProxyServer = http=127.0.0.1:49455;https=127.0.0.1:49455
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{36FFB24E-F763-4950-B949-E2980042FD6E}: NameServer = 172.16.0.1 187.17.173.34
    FF - ProfilePath - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\
    FF - prefs.js: network.proxy.type - 4
    .
    .
    ------- Associação de arquivos/ficheiros -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    MSConfigStartUp-ContentExplorer - c:\users\Sonia\AppData\Roaming\ContentExplorer\ContentExplorer.exe
    MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2014-06-09  16:13:16
    ComboFix-quarantined-files.txt  2014-06-09 19:13
    .
    Pré-execução: 143.977.385.984 bytes disponíveis
    Pós execução: 143.921.233.920 bytes disponíveis
    .
    - - End Of File - - 91C137B6177D3F9961908B90FC5FE50F
    A36C5E4F47E84449FF07ED3517B43A31
     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Ultimate x86
    Ran by Sonia on 09/06/2014 at 15:46:29,36
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0054246.BHO
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0054246.BHO.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0054246.Sandbox
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0054246.Sandbox.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511421146}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522422246}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550555425546}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566426646}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544424446}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0054246.BHO
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0054246.BHO.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0054246.Sandbox
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0054246.Sandbox.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550555425546}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566426646}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511421146}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



    ~~~ Files

    Successfully deleted: [File] "C:\end"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\baidu"
    Successfully deleted: [Folder] "C:\Users\Sonia\AppData\Roaming\baidu"
    Successfully deleted: [Folder] "C:\Users\Sonia\documents\optimizer pro"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Sonia\AppData\Roaming\mozilla\firefox\profiles\qvm829ln.default\user.js
    Successfully deleted the following from C:\Users\Sonia\AppData\Roaming\mozilla\firefox\profiles\qvm829ln.default\prefs.js

    user_pref("browser.search.defaultenginename", "v9");
    user_pref("browser.startup.homepage", "hxxp://www.v9.com/?type=hppp&ts=1401627964&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3436f7458");
    user_pref("extensions.AVTnKX.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.
    user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
    user_pref("extensions.crossrider.bic", "14568d5715e25541899fb6dfe3f769cd");
    Emptied folder: C:\Users\Sonia\AppData\Roaming\mozilla\firefox\profiles\qvm829ln.default\minidumps [38 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 09/06/2014 at 15:49:02,23
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    # AdwCleaner v3.212 - Relatório criado 09/06/2014 às 15:53:55
    # Atualizado 05/06/2014 por Xplode
    # Sistema Operacional : Windows 7 Ultimate  (32 bits)
    # Usuário : Sonia - SONIA-PC
    # Executando de : C:\Users\Sonia\Desktop\adwcleaner_3.212.exe
    # Opção : Limpar

    ***** [ Serviços ] *****

    Serviço Deletada : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw
    Serviço Deletada : IePluginService

    ***** [ Arquivos / Pastas ] *****

    Pasta Deletada : C:\ProgramData\2308189059
    Pasta Deletada : C:\ProgramData\IePluginService
    Pasta Deletada : C:\Program Files\BlockAndSurf-soft
    Pasta Deletada : C:\Program Files\MediaPlayerplus
    Pasta Deletada : C:\Program Files\SupTab
    Pasta Deletada : C:\Program Files\webget
    Pasta Deletada : C:\Users\Public\Documents\baidu
    Pasta Deletada : C:\Users\Sonia\AppData\Local\SearchProtect
    Pasta Deletada : C:\Users\Sonia\AppData\Roaming\SupTab
    Pasta Deletada : C:\Users\Sonia\AppData\Roaming\v9
    Pasta Deletada : C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com
    Pasta Deletada : C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
    Arquivo Deletada : C:\Windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
    Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\v9.xml
    Arquivo Deletada : C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    Arquivo Deletada : C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
    Arquivo Deletada : C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
    Arquivo Deletada : C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
    Arquivo Deletada : C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
    Arquivo Deletada : C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
    Arquivo Deletada : C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
    Arquivo Deletada : C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
    Arquivo Deletada : C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
    Arquivo Deletada : C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
    Arquivo Deletada : C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5

    ***** [ Atalhos ] *****


    ***** [ Registro ] *****

    Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{604D9765-84D6-44A0-A578-69FA0A13F75E}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{604D9765-84D6-44A0-A578-69FA0A13F75E}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E964F434-FDEF-4E9B-9AF7-F4DB049877D9}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E964F434-FDEF-4E9B-9AF7-F4DB049877D9}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D85A8ED-7B28-49E4-8A5C-9480E770524F}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D85A8ED-7B28-49E4-8A5C-9480E770524F}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA45F260-A126-40F6-953E-608801862E16}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA45F260-A126-40F6-953E-608801862E16}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4241A0D-AE7D-4FF1-A8A7-86E855024CF4}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4241A0D-AE7D-4FF1-A8A7-86E855024CF4}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
    Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    Chave Deletedo : HKCU\Software\AnyProtect
    Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Chave Deletedo : HKCU\Software\AppDataLow\Software\blockAndSurf
    Chave Deletedo : HKCU\Software\AppDataLow\Software\MediaPlayerplus
    Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Chave Deletedo : HKLM\Software\MediaPlayerplus
    Chave Deletedo : HKLM\Software\SupTab
    Chave Deletedo : HKLM\Software\Wpm
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v9.0.8112.16545

    Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

    -\\ Mozilla Firefox v29.0.1 (pt-BR)

    [ Arquivo : C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\prefs.js ]

    Linha deletada : user_pref("extensions.AVTnKX.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"[...]
    Linha deletada : user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

    -\\ Google Chrome v

    [ Arquivo : C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deletedo [Homepage] : hxxp://www.v9.com/?type=hp&ts=1399414033&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3421da2b1
    Deletedo [Extension] : majjphhgppkndjjkmhhnbgafooenebhd

    *************************

    AdwCleaner[R0].txt - [8731 octets] - [09/06/2014 15:51:09]
    AdwCleaner[s0].txt - [8079 octets] - [09/06/2014 15:53:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8139 octets] ##########
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro rafamaceno

     

    Conhece este IP: NameServer = 172.16.0.1

     

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
    File::c:\windows\System32\drivers\Bhbase.sysc:\windows\System32\drivers\Bfilter.sysc:\windows\System32\drivers\Bfmon.sysc:\windows\system32\drivers\bnbasex.sysc:\windows\System32\drivers\bndef.sysc:\windows\System32\drivers\Bprotect.sysc:\windows\System32\drivers\BHipsEx.sy Driver::BhbaseBfilterBfmonBnbaseBndefBprotectBHipsEx ADS::
    • Salve este arquivo como: CFScript.txt
    Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    2872959479_997d4500c4_o.gif
     
    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • não conheço esse ip ai não...

     

    ComboFix 14-06-10.01 - Sonia 10/06/2014  22:57:06.2.2 - x86
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2013.1237 [GMT -3:00]
    Executando de: c:\users\Sonia\Desktop\ComboFix.exe
    Comandos utilizados :: c:\users\Sonia\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BFILTER
    -------\Legacy_BFMON
    -------\Legacy_BHBASE
    -------\Legacy_BNDEF
    -------\Legacy_BPROTECT
    -------\Service_Bfilter
    -------\Service_Bfmon
    -------\Service_Bhbase
    -------\Service_BHipsEx
    -------\Service_Bnbase
    -------\Service_Bndef
    -------\Service_Bprotect
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-11 to 2014-06-11  ))))))))))))))))))))))))))))
    .
    .
    2014-06-11 02:03 . 2014-06-11 02:03    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E038762-9A24-46EE-992E-CCBC4698F4F9}\offreg.dll
    2014-06-11 02:02 . 2014-06-11 02:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-06-09 19:13 . 2014-06-11 02:04    --------    d-----w-    c:\users\Sonia\AppData\Local\temp
    2014-06-09 18:51 . 2014-06-09 18:54    --------    d-----w-    C:\AdwCleaner
    2014-06-09 18:46 . 2014-06-09 18:46    --------    d-----w-    c:\windows\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-23 19:01 . 2014-04-25 14:00    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-23 19:01 . 2014-04-25 14:00    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2014-05-15 10:03 . 2014-05-07 02:54    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
    2014-05-15 10:03 . 2014-02-21 20:03    411680    ----a-w-    c:\windows\system32\drivers\aswsp.sys
    2014-05-15 10:03 . 2014-02-21 20:03    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
    2014-05-07 02:54 . 2014-05-07 02:54    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
    2014-05-07 02:54 . 2014-02-21 20:03    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
    2014-05-07 02:54 . 2014-02-21 20:03    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
    2014-05-07 02:54 . 2014-05-07 02:54    43152    ----a-w-    c:\windows\avastSS.scr
    2014-05-07 02:54 . 2014-02-21 20:03    271264    ----a-w-    c:\windows\system32\aswBoot.exe
    2014-04-12 04:31 . 2014-04-12 04:31    86528    ----a-w-    c:\windows\system32\iesysprep.dll
    2014-04-12 04:31 . 2014-04-12 04:31    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
    2014-04-12 04:31 . 2014-04-12 04:31    48640    ----a-w-    c:\windows\system32\mshtmler.dll
    2014-04-12 04:31 . 2014-04-12 04:31    161792    ----a-w-    c:\windows\system32\msls31.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1129472    ----a-w-    c:\windows\system32\wininet.dll
    2014-04-12 04:31 . 2014-04-12 04:31    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\iesetup.dll
    2014-04-12 04:31 . 2014-04-12 04:31    63488    ----a-w-    c:\windows\system32\tdc.ocx
    2014-04-12 04:31 . 2014-04-12 04:31    421376    ----a-w-    c:\windows\system32\vbscript.dll
    2014-04-12 04:31 . 2014-04-12 04:31    367104    ----a-w-    c:\windows\system32\html.iec
    2014-04-12 04:31 . 2014-04-12 04:31    35840    ----a-w-    c:\windows\system32\imgutil.dll
    2014-04-12 04:31 . 2014-04-12 04:31    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
    2014-04-12 04:31 . 2014-04-12 04:31    23552    ----a-w-    c:\windows\system32\licmgr10.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1806848    ----a-w-    c:\windows\system32\jscript9.dll
    2014-04-12 04:31 . 2014-04-12 04:31    152064    ----a-w-    c:\windows\system32\wextract.exe
    2014-04-12 04:31 . 2014-04-12 04:31    150528    ----a-w-    c:\windows\system32\iexpress.exe
    2014-04-12 04:31 . 2014-04-12 04:31    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
    2014-04-12 04:31 . 2014-04-12 04:31    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
    2014-04-12 04:31 . 2014-04-12 04:31    11776    ----a-w-    c:\windows\system32\mshta.exe
    2014-04-12 04:31 . 2014-04-12 04:31    101888    ----a-w-    c:\windows\system32\admparse.dll
    2014-04-12 04:29 . 2014-04-12 04:29    801792    ----a-w-    c:\windows\system32\FntCache.dll
    2014-04-12 04:29 . 2014-04-12 04:29    728448    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-12 04:29 . 2014-04-12 04:29    442880    ----a-w-    c:\windows\system32\XpsPrint.dll
    2014-04-12 04:29 . 2014-04-12 04:29    3181568    ----a-w-    c:\windows\system32\mf.dll
    2014-04-12 04:29 . 2014-04-12 04:29    283648    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
    2014-04-12 04:29 . 2014-04-12 04:29    219008    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
    2014-04-12 04:29 . 2014-04-12 04:29    196608    ----a-w-    c:\windows\system32\mfreadwrite.dll
    2014-04-12 04:29 . 2014-04-12 04:29    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
    2014-04-12 04:29 . 2014-04-12 04:29    1495040    ----a-w-    c:\windows\system32\ExplorerFrame.dll
    2014-04-12 04:29 . 2014-04-12 04:29    135168    ----a-w-    c:\windows\system32\XpsRasterService.dll
    2014-04-12 04:29 . 2014-04-12 04:29    107520    ----a-w-    c:\windows\system32\cdd.dll
    2014-03-31 12:35 . 2014-02-23 15:09    231584    ------w-    c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-07 02:54    260976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 894344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync]
    2013-02-05 04:18    894344    ----a-w-    c:\program files\Autodesk\Autodesk Sync\AdSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 17:54    91520    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
    2014-04-29 09:28    9936176    ----a-w-    c:\program files\Garena Plus\GarenaMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2014-02-23 16:59    116648    ----atw-    c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2012-11-13 18:43    172064    ----a-w-    c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2012-11-13 18:43    138784    ----a-w-    c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 12:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-15 777488]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-15 411680]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-07 24184]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-07 67824]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-15 68312]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2014-02-21 8192]
    S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-03-25 4971840]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
    .
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-25 19:01]
    .
    2014-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000Core.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    2014-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000UA.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <-loopback>
    uInternet Settings,ProxyServer = http=127.0.0.1:49455;https=127.0.0.1:49455
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\
    FF - prefs.js: network.proxy.type - 4
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\system32\conhost.exe
    c:\windows\KMService.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2014-06-10  23:08:14 - Máquina reiniciou
    ComboFix-quarantined-files.txt  2014-06-11 02:08
    ComboFix2.txt  2014-06-09 19:13
    .
    Pré-execução: 143.462.608.896 bytes disponíveis
    Pós execução: 143.061.725.184 bytes disponíveis
    .
    - - End Of File - - BD2EC04ADEF61ECF95155A5EF50A021D
    A36C5E4F47E84449FF07ED3517B43A31
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro rafamaceno

     

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
    DDS:uInternet Settings,ProxyServer = http=127.0.0.1:49455;https=127.0.0.1:49455 ClearJavaCache::
    • Salve este arquivo como: CFScript.txt
    Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    2872959479_997d4500c4_o.gif
     
    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • editando pois colei o log errado...

     

     

    ComboFix 14-06-10.01 - Sonia 11/06/2014  22:08:56.3.2 - x86
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2013.1300 [GMT -3:00]
    Executando de: c:\users\Sonia\Desktop\ComboFix.exe
    Comandos utilizados :: c:\users\Sonia\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Criado um novo ponto de restauração
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-12 to 2014-06-12  ))))))))))))))))))))))))))))
    .
    .
    2014-06-12 01:14 . 2014-06-12 01:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-06-11 02:03 . 2014-06-11 02:03    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E038762-9A24-46EE-992E-CCBC4698F4F9}\offreg.dll
    2014-06-09 19:13 . 2014-06-12 01:14    --------    d-----w-    c:\users\Sonia\AppData\Local\temp
    2014-06-09 18:51 . 2014-06-09 18:54    --------    d-----w-    C:\AdwCleaner
    2014-06-09 18:46 . 2014-06-09 18:46    --------    d-----w-    c:\windows\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-23 19:01 . 2014-04-25 14:00    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-23 19:01 . 2014-04-25 14:00    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2014-05-15 10:03 . 2014-05-07 02:54    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
    2014-05-15 10:03 . 2014-02-21 20:03    411680    ----a-w-    c:\windows\system32\drivers\aswsp.sys
    2014-05-15 10:03 . 2014-02-21 20:03    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
    2014-05-07 02:54 . 2014-05-07 02:54    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
    2014-05-07 02:54 . 2014-02-21 20:03    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
    2014-05-07 02:54 . 2014-02-21 20:03    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
    2014-05-07 02:54 . 2014-05-07 02:54    43152    ----a-w-    c:\windows\avastSS.scr
    2014-05-07 02:54 . 2014-02-21 20:03    271264    ----a-w-    c:\windows\system32\aswBoot.exe
    2014-04-12 04:31 . 2014-04-12 04:31    86528    ----a-w-    c:\windows\system32\iesysprep.dll
    2014-04-12 04:31 . 2014-04-12 04:31    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
    2014-04-12 04:31 . 2014-04-12 04:31    48640    ----a-w-    c:\windows\system32\mshtmler.dll
    2014-04-12 04:31 . 2014-04-12 04:31    161792    ----a-w-    c:\windows\system32\msls31.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1129472    ----a-w-    c:\windows\system32\wininet.dll
    2014-04-12 04:31 . 2014-04-12 04:31    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\iesetup.dll
    2014-04-12 04:31 . 2014-04-12 04:31    63488    ----a-w-    c:\windows\system32\tdc.ocx
    2014-04-12 04:31 . 2014-04-12 04:31    421376    ----a-w-    c:\windows\system32\vbscript.dll
    2014-04-12 04:31 . 2014-04-12 04:31    367104    ----a-w-    c:\windows\system32\html.iec
    2014-04-12 04:31 . 2014-04-12 04:31    35840    ----a-w-    c:\windows\system32\imgutil.dll
    2014-04-12 04:31 . 2014-04-12 04:31    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
    2014-04-12 04:31 . 2014-04-12 04:31    23552    ----a-w-    c:\windows\system32\licmgr10.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1806848    ----a-w-    c:\windows\system32\jscript9.dll
    2014-04-12 04:31 . 2014-04-12 04:31    152064    ----a-w-    c:\windows\system32\wextract.exe
    2014-04-12 04:31 . 2014-04-12 04:31    150528    ----a-w-    c:\windows\system32\iexpress.exe
    2014-04-12 04:31 . 2014-04-12 04:31    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
    2014-04-12 04:31 . 2014-04-12 04:31    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
    2014-04-12 04:31 . 2014-04-12 04:31    11776    ----a-w-    c:\windows\system32\mshta.exe
    2014-04-12 04:31 . 2014-04-12 04:31    101888    ----a-w-    c:\windows\system32\admparse.dll
    2014-04-12 04:29 . 2014-04-12 04:29    801792    ----a-w-    c:\windows\system32\FntCache.dll
    2014-04-12 04:29 . 2014-04-12 04:29    728448    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-12 04:29 . 2014-04-12 04:29    442880    ----a-w-    c:\windows\system32\XpsPrint.dll
    2014-04-12 04:29 . 2014-04-12 04:29    3181568    ----a-w-    c:\windows\system32\mf.dll
    2014-04-12 04:29 . 2014-04-12 04:29    283648    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
    2014-04-12 04:29 . 2014-04-12 04:29    219008    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
    2014-04-12 04:29 . 2014-04-12 04:29    196608    ----a-w-    c:\windows\system32\mfreadwrite.dll
    2014-04-12 04:29 . 2014-04-12 04:29    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
    2014-04-12 04:29 . 2014-04-12 04:29    1495040    ----a-w-    c:\windows\system32\ExplorerFrame.dll
    2014-04-12 04:29 . 2014-04-12 04:29    135168    ----a-w-    c:\windows\system32\XpsRasterService.dll
    2014-04-12 04:29 . 2014-04-12 04:29    107520    ----a-w-    c:\windows\system32\cdd.dll
    2014-03-31 12:35 . 2014-02-23 15:09    231584    ------w-    c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-07 02:54    260976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 894344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync]
    2013-02-05 04:18    894344    ----a-w-    c:\program files\Autodesk\Autodesk Sync\AdSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 17:54    91520    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
    2014-04-29 09:28    9936176    ----a-w-    c:\program files\Garena Plus\GarenaMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2014-02-23 16:59    116648    ----atw-    c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2012-11-13 18:43    172064    ----a-w-    c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2012-11-13 18:43    138784    ----a-w-    c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 12:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-15 777488]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-15 411680]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-07 24184]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-07 67824]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-15 68312]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2014-02-21 8192]
    S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-03-25 4971840]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
    .
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-25 19:01]
    .
    2014-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000Core.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    2014-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000UA.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <-loopback>
    uInternet Settings,ProxyServer = http=127.0.0.1:49455;https=127.0.0.1:49455
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{36FFB24E-F763-4950-B949-E2980042FD6E}: NameServer = 172.16.0.1 187.17.173.34
    FF - ProfilePath - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\
    FF - prefs.js: network.proxy.type - 4
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2014-06-11  22:17:39
    ComboFix-quarantined-files.txt  2014-06-12 01:17
    ComboFix2.txt  2014-06-11 02:08
    ComboFix3.txt  2014-06-09 19:13
    .
    Pré-execução: 142.136.520.704 bytes disponíveis
    Pós execução: 142.094.807.040 bytes disponíveis
    .
    - - End Of File - - 4056D52518132E3D62B4B386536A5E9F
    A36C5E4F47E84449FF07ED3517B43A31
     

    Editado por rafamaceno

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Repita o procedimento do meu último post, mas com o script abaixo:

     

    DDS::uInternet Settings,ProxyOverride = <-loopback>uInternet Settings,ProxyServer = http=127.0.0.1:49455;https=127.0.0.1:49455TCP: Interfaces\{36FFB24E-F763-4950-B949-E2980042FD6E}: NameServer = 172.16.0.1
    Veja se o sistema reiniciar o computador, caso não, faça manualmente. Poste o novo log. 

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 14-06-16.01 - Sonia 16/06/2014  21:09:34.4.2 - x86
    Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2013.1386 [GMT -3:00]
    Executando de: c:\users\Sonia\Desktop\ComboFix.exe
    Comandos utilizados :: c:\users\Sonia\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Criado um novo ponto de restauração
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-17 to 2014-06-17  ))))))))))))))))))))))))))))
    .
    .
    2014-06-17 00:15 . 2014-06-17 00:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-06-16 07:44 . 2014-06-16 07:44    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E038762-9A24-46EE-992E-CCBC4698F4F9}\offreg.dll
    2014-06-09 19:13 . 2014-06-17 00:15    --------    d-----w-    c:\users\Sonia\AppData\Local\temp
    2014-06-09 18:51 . 2014-06-09 18:54    --------    d-----w-    C:\AdwCleaner
    2014-06-09 18:46 . 2014-06-09 18:46    --------    d-----w-    c:\windows\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-23 19:01 . 2014-04-25 14:00    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-23 19:01 . 2014-04-25 14:00    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2014-05-15 10:03 . 2014-05-07 02:54    68312    ----a-w-    c:\windows\system32\drivers\aswstm.sys
    2014-05-15 10:03 . 2014-02-21 20:03    411680    ----a-w-    c:\windows\system32\drivers\aswsp.sys
    2014-05-15 10:03 . 2014-02-21 20:03    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
    2014-05-07 02:54 . 2014-05-07 02:54    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
    2014-05-07 02:54 . 2014-02-21 20:03    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
    2014-05-07 02:54 . 2014-02-21 20:03    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    411552    ----a-w-    c:\windows\system32\drivers\aswsp.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400148213922
    2014-05-07 02:54 . 2014-02-21 20:03    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-07 02:54 . 2014-02-21 20:03    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
    2014-05-07 02:54 . 2014-05-07 02:54    43152    ----a-w-    c:\windows\avastSS.scr
    2014-05-07 02:54 . 2014-02-21 20:03    271264    ----a-w-    c:\windows\system32\aswBoot.exe
    2014-04-12 04:31 . 2014-04-12 04:31    86528    ----a-w-    c:\windows\system32\iesysprep.dll
    2014-04-12 04:31 . 2014-04-12 04:31    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
    2014-04-12 04:31 . 2014-04-12 04:31    48640    ----a-w-    c:\windows\system32\mshtmler.dll
    2014-04-12 04:31 . 2014-04-12 04:31    161792    ----a-w-    c:\windows\system32\msls31.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1129472    ----a-w-    c:\windows\system32\wininet.dll
    2014-04-12 04:31 . 2014-04-12 04:31    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
    2014-04-12 04:31 . 2014-04-12 04:31    74752    ----a-w-    c:\windows\system32\iesetup.dll
    2014-04-12 04:31 . 2014-04-12 04:31    63488    ----a-w-    c:\windows\system32\tdc.ocx
    2014-04-12 04:31 . 2014-04-12 04:31    421376    ----a-w-    c:\windows\system32\vbscript.dll
    2014-04-12 04:31 . 2014-04-12 04:31    367104    ----a-w-    c:\windows\system32\html.iec
    2014-04-12 04:31 . 2014-04-12 04:31    35840    ----a-w-    c:\windows\system32\imgutil.dll
    2014-04-12 04:31 . 2014-04-12 04:31    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
    2014-04-12 04:31 . 2014-04-12 04:31    23552    ----a-w-    c:\windows\system32\licmgr10.dll
    2014-04-12 04:31 . 2014-04-12 04:31    1806848    ----a-w-    c:\windows\system32\jscript9.dll
    2014-04-12 04:31 . 2014-04-12 04:31    152064    ----a-w-    c:\windows\system32\wextract.exe
    2014-04-12 04:31 . 2014-04-12 04:31    150528    ----a-w-    c:\windows\system32\iexpress.exe
    2014-04-12 04:31 . 2014-04-12 04:31    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
    2014-04-12 04:31 . 2014-04-12 04:31    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
    2014-04-12 04:31 . 2014-04-12 04:31    11776    ----a-w-    c:\windows\system32\mshta.exe
    2014-04-12 04:31 . 2014-04-12 04:31    101888    ----a-w-    c:\windows\system32\admparse.dll
    2014-04-12 04:29 . 2014-04-12 04:29    801792    ----a-w-    c:\windows\system32\FntCache.dll
    2014-04-12 04:29 . 2014-04-12 04:29    728448    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-12 04:29 . 2014-04-12 04:29    442880    ----a-w-    c:\windows\system32\XpsPrint.dll
    2014-04-12 04:29 . 2014-04-12 04:29    3181568    ----a-w-    c:\windows\system32\mf.dll
    2014-04-12 04:29 . 2014-04-12 04:29    283648    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
    2014-04-12 04:29 . 2014-04-12 04:29    219008    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
    2014-04-12 04:29 . 2014-04-12 04:29    196608    ----a-w-    c:\windows\system32\mfreadwrite.dll
    2014-04-12 04:29 . 2014-04-12 04:29    1619456    ----a-w-    c:\windows\system32\WMVDECOD.DLL
    2014-04-12 04:29 . 2014-04-12 04:29    1495040    ----a-w-    c:\windows\system32\ExplorerFrame.dll
    2014-04-12 04:29 . 2014-04-12 04:29    135168    ----a-w-    c:\windows\system32\XpsRasterService.dll
    2014-04-12 04:29 . 2014-04-12 04:29    107520    ----a-w-    c:\windows\system32\cdd.dll
    2014-03-31 12:35 . 2014-02-23 15:09    231584    ------w-    c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-07 02:54    260976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 894344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync]
    2013-02-05 04:18    894344    ----a-w-    c:\program files\Autodesk\Autodesk Sync\AdSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 17:54    91520    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
    2014-04-29 09:28    9936176    ----a-w-    c:\program files\Garena Plus\GarenaMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2014-02-23 16:59    116648    ----atw-    c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2012-11-13 18:43    172064    ----a-w-    c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2012-11-13 18:43    138784    ----a-w-    c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2013-07-02 12:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-15 777488]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-15 411680]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-05-07 24184]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-05-07 67824]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-15 68312]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2014-02-21 8192]
    S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-03-25 4971840]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
    .
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-25 19:01]
    .
    2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000Core.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839846420-3243937236-2856514079-1000UA.job
    - c:\users\Sonia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-23 16:59]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <-loopback>
    uInternet Settings,ProxyServer = http=127.0.0.1:49455;https=127.0.0.1:49455
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{36FFB24E-F763-4950-B949-E2980042FD6E}: NameServer = 172.16.0.1 187.17.173.34
    FF - ProfilePath - c:\users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\
    FF - prefs.js: network.proxy.type - 4
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2014-06-16  21:18:45
    ComboFix-quarantined-files.txt  2014-06-17 00:18
    ComboFix2.txt  2014-06-12 01:17
    ComboFix3.txt  2014-06-11 02:08
    ComboFix4.txt  2014-06-09 19:13
    .
    Pré-execução: 143.416.606.720 bytes disponíveis
    Pós execução: 143.373.950.976 bytes disponíveis
    .
    - - End Of File - - 439F4D4404E6EDCF84CDD09C27894AE2
    A36C5E4F47E84449FF07ED3517B43A31
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Você faz uso deste proxy: ProxyServer = http=127.0.0.1:49455

     

    Esse computador é pessoal? Você leva para o trabalho?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • é pessoal, não levo para trabalho não... inclusive é desktop.

    Se tem proxy aqui não fui eu quem coloquei, e acho que seja extremamente difícil alguem de alguma assistencia tecnica alguma vez ter colocado...

    inclusive esse trem não deixa eu usar o chrome, to tendo que usar o firefox...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro rafamaceno

     

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • editando pois colei o log errado...

     

    na atualização do programa, a interface dele estava um pouco diferente, e para remover eu tive que enviar para quarentena e depois removê-los.

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 21/06/2014
    Scan Time: 23:19:04
    Logfile: malware.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.06.21.10
    Rootkit Database: v2014.06.20.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x86
    File System: NTFS
    User: Sonia

    Scan Type: Hyper Scan
    Result: Completed
    Objects Scanned: 215756
    Time Elapsed: 1 min, 55 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Disabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    RiskWare.Tool.CK, C:\Windows\KMService.exe, 2100, Delete-on-Reboot, [d747106b29523204d7d9ae1b9d64dd23]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Quarantined, [42dc3546e39890a685b9f0cc748ed62a],

    Registry Values: 1
    PUP.Optional.QuickStart.A, HKU\S-1-5-21-839846420-3243937236-2856514079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Quarantined, [031b651625560c2a5d33c7df3ac85ba5]

    Registry Data: 0
    (No malicious items detected)

    Folders: 35
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0, Quarantined, [aa7490eb53280c2adfe34a4b9e6435cb],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\include, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\include\tools, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\lib, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\module, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\pack, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\en, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\en-US, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\es, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\es-419, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\it, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\pl, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\ru, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\tr, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\vi, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\defaults, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\defaults\preferences, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules, Quarantined, [d846611a03782b0bd5e15253ec16b54b],

    Files: 77
    RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [d747106b29523204d7d9ae1b9d64dd23],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage, Quarantined, [65b9cbb0e4972214c84b546805fdba46],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage-journal, Quarantined, [f628cbb0cfac71c58a894a72ce34718f],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\4, Quarantined, [aa7490eb53280c2adfe34a4b9e6435cb],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000169.ldb, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000175.log, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.CrossRider.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000173, Quarantined, [cb53f18a5d1ee254c90521741be7ea16],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome.manifest, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\install.rdf, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\index.html, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\module\other.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo.png, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo_hover.png, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\logo.ico, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\logo32.ico, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\chrome\skin\style.css, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\addonmanager.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\aes.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\config.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\dialogs.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\last_tab.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\misc.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\properties.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\remoterequest.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.FastStart.A, C:\Users\Sonia\AppData\Roaming\Mozilla\Firefox\Profiles\qvm829ln.default\extensions\faststartff@gmail.com\modules\settings.js, Quarantined, [d846611a03782b0bd5e15253ec16b54b],
    PUP.Optional.V9.A, C:\Users\Sonia\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://search.v9.com/web/?type=dspp&ts=1399630318&from=tugs&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUH185581855818&i=psd&t=3423ea34f&q={searchTerms}",), Replaced,[b569a0db661550e64df21b948f7504fc]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Editado por rafamaceno

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro rafamaceno

     

    # Etapa nº 1 #
     
    Faça o download do Kaspersky AVP Tool de um desses links:
     
    Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
    Somente o campo "email" é obrigatório.
    Informe seu email depois clique no botão Submit Form.
    A página será recarregada. Clique no botão Download
    Salve-o em sua área de trabalho (Desktop).
    Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
    Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

     
    KRT_settings.png
     
    Nesta tela, marque a caixa ao lado de:
    Meu Computador; 
    Disco local (C:);
    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
    Depois clique na aba Automatic Scan.

     
    KRT_install2_.png
     
    De volta à tela inicial do programa, clique no botão Start scanning;
    Tenha paciência, é um pouco demorado;
    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

     
    KRT_detection_.png
     
    Uma vez finalizado o scan, proceda da seguinte forma:
    Na tela principal, caso tenha sido detectado algo, então salve o log
    Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
    Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
    Escolha um local de fácil acesso e salve como log.txt
    Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
    Se nada for detectado, então não precisa salvar o log, apenas avise.
    Para sair do programa, basta clicar no X no canto superior direito.

     

    Observações:
    Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
    laranja
    , caso nada tenha sido detectado; e na cor
    vermelha
    , caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
    No, thanks
    .

     
    # Etapa nº 2 #
     
    Faça o download do SecurityCheck e salve em seu Desktop
     
    Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    Pressione qualquer tecla para continuar... será aberto um relatório
    Copie todo seu conteúdo e cole em sua próxima resposta

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  •  Results of screen317's Security Check version 0.99.85  
     Windows 7  x86 (UAC is disabled!)  
     Out of date service pack!!
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:`````````
     CCleaner     
     Java 7 Update 51  
     Java version out of Date!
      Adobe Flash Player     13.0.0.214 Flash Player out of Date!  
     Adobe Reader XI  
     Mozilla Firefox (30.0)
     Google Chrome 34.0.1847.116  
     Google Chrome 34.0.1847.131  
    ````````Process Check: objlist.exe by Laurent````````  
     AVAST Software Avast AvastSvc.exe  
     AVAST Software Avast avastui.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C:  
    ````````````````````End of Log``````````````````````

     

    cara não to conseguindo colar o log do kaspersky de jeito algum...
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro rafamaceno

     

    Vamos fazer as correções/atualizações recomendadas ;)
     
    # Etapa nº 1 #
     
    Ative a UAC (User Account Control - Controle da Conta de Usuário)
     
    Acesse o
    tutorial.
     
    # Etapa nº 2 #
     
    Clique no link para atualizar o Service Pack.
     
    # Etapa nº 3 #
     
    Atualize o Java.
     
    Atenção: Desinstale TODAS as versões antigas do Java.
    • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
    • Acesse o site Java para Windows
    • Clique em 4531602912_e9606174d3_o.gif
    • Na janela que surgir clique em Executar;
    • Siga os procedimentos de instalação.

     
    # Etapa nº 4 #
     
    Atualize o Flash Player
     
    Aguardo retorno :)
     
    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×