Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
RGUEDESTATAGIBA

Malware QONE 8, como retirar?

Recommended Posts

Bom dia amigos.

 

Precisava muito de uma ajuda, já postei um tópico aqui, mas acho que foi no lugar errado e portanto, foi retirado, desculpem. Se este também estiver errado peço que tenham, paciência comigo rsrsrs.

 

Estou com uma praga que afeta todos os navegadores, similar ao HAO123, já fiz de tudo que conheço para retirar a praga que infestou meu PC. O problema como dito antes é similar ao HAO123, que faz com que a primeira página dos navegadores sempre abra na página que eles querem.

 

Já tenho o HiJack instalado em meu PC, se precisarem do LOG posso enviar. Fico grato pela ajuda, forte abraço!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites
diego_moicano    472
Olá

 

Desculpe a demora :)

 


 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
RGUEDESTATAGIBA    0
  • Autor do tópico
  • Olá Diego, muito obrigado mesmo pela sua ajuda.
     
    Segue abaixo os dados solicitados:
     
    Dados do DDS:
     
    DDS (Ver_2012-11-20.01) - NTFS_x86 
    Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.60.2
    Run by user at 20:51:39 on 2014-06-26
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.3326.1193 [GMT -3:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\IePluginService\PluginService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Users\user\AppData\Local\MEDIAF~1\MFUSNM~1.EXE
    C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files\DoroPDFWriter\DoroServer.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1399130432&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    mSearch Page = hxxp://www.qone8.com/web/?type=ds&ts=1399130432&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805&q={searchTerms}
    mDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1399130432&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805&q={searchTerms}
    BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
    BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files\suptab\SupTab.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [uTorrent] "c:\users\user\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
    uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
    uRun: [CCleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
    uRun: [AdobeBridge] <no file>
    mRun: [RtHDVCpl] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [DoroServer] c:\program files\doropdfwriter\DoroServer.exe
    mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
    mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [P1370Cfg.exe] P1370Cfg.exe /d:2
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
    mRun: [shadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Fazer o download de todos os links usando o IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Fazer o download usando o IDM - c:\program files\internet download manager\IEExt.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 201.17.1.82 201.17.1.112
    TCP: Interfaces\{46660CEF-DF53-4013-B77D-2665991490CE} : DHCPNameServer = 201.17.1.82 201.17.1.112
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\dkinhfkb.default\
    FF - prefs.js: browser.search.selectedEngine - qone8
    FF - prefs.js: browser.startup.homepage - hxxp://start.qone8.com/?type=hp&ts=1399130432&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\users\user\appdata\local\gas tecnologia\gbbd\npsf_uni.dll
    FF - plugin: c:\users\user\appdata\local\google\update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npo1d.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-4-25 270240]
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-10 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-10 180632]
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-1-10 26136]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-1-10 777488]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-1-10 411680]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-25 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-10 67824]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-25 50344]
    R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-4-25 109048]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-2-21 108000]
    R2 IePluginService;IePlugin Service;c:\programdata\iepluginservice\pluginservice.exe -service --> c:\programdata\iepluginservice\PluginService.exe -service [?]
    R2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\user\appdata\local\mediaf~1\MFUSNM~1.EXE [2014-3-1 457944]
    R2 mfmonitor;mfmonitor;c:\windows\system32\drivers\mfmonitor_x86.sys [2014-3-1 19160]
    R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-6-5 1617696]
    R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2014-6-5 19702048]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-2 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-2 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-2 171416]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-6-5 410968]
    R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2014-6-5 17240]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-6-5 34080]
    R3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2014-3-1 179040]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-6-4 693464]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-10 68312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-1-10 2151744]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-11 108032]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
    S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2014-3-1 93056]
    S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2014-3-1 4992]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-3 14848]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2014-1-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-3 49152]
    S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2014-1-17 1343400]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2014-06-24 23:26:57 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{42d92360-f7a5-42ea-ad6d-f28c0827601b}\mpengine.dll
    2014-06-22 12:18:25 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-06-15 18:06:24 -------- d-----w- c:\users\user\FLASH
    2014-06-14 20:50:12 -------- d-----w- c:\users\user\appdata\local\Facebook
    2014-06-11 22:28:39 1389056 ----a-w- c:\windows\system32\msxml6.dll
    2014-06-11 22:28:39 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2014-06-11 22:28:38 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2014-06-11 22:28:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-06-11 22:28:19 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2014-06-11 22:28:19 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-06-11 22:28:07 626688 ----a-w- c:\windows\system32\usp10.dll
    2014-06-10 19:39:17 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-06-10 19:39:16 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-06-05 23:43:28 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2014-06-05 23:43:27 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2014-06-05 23:43:27 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2014-06-05 23:42:49 1081112 ----a-w- c:\windows\system32\nvspcap.dll
    2014-06-05 23:42:47 -------- d-----w- c:\users\user\appdata\local\NVIDIA Corporation
    2014-06-05 23:42:47 -------- d-----w- c:\users\user\appdata\local\NVIDIA
    2014-06-05 23:41:33 603592 ----a-w- c:\windows\system32\nvStreaming.exe
    2014-06-05 22:55:16 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
    2014-06-05 22:55:03 34760 ----a-w- c:\windows\system32\nvaudcap32v.dll
    2014-06-04 22:55:56 3650136 ----a-w- c:\windows\system32\MaxxAudioVnN.dll
    2014-06-04 22:55:24 28031576 ----a-w- c:\windows\system32\MaxxAudioVnA.dll
    2014-06-04 22:55:21 1687128 ----a-w- c:\windows\system32\MaxxAudioRealtek2.dll
    2014-06-04 22:55:11 14463064 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2014-06-04 22:55:09 1936472 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
    2014-06-04 22:55:07 874584 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
    2014-06-04 22:55:06 1266776 ----a-w- c:\windows\system32\MaxxAudioAPO60.dll
    2014-06-04 22:55:05 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO50.dll
    2014-06-04 22:55:05 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO40.dll
    2014-06-04 22:54:53 2421792 ----a-w- c:\windows\system32\FMAPO.dll
    2014-06-04 22:53:55 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
    2014-06-04 22:53:54 693464 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2014-06-04 22:51:57 894296 ----a-w- c:\windows\system32\nvdispgenco3233523.dll
    2014-06-04 22:51:57 1049888 ----a-w- c:\windows\system32\nvdispco3233523.dll
    .
    ==================== Find3M  ====================
    .
    2014-06-11 22:22:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-06-11 22:22:08 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-06-04 22:53:55 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
    2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-05-30 08:44:28 455168 ----a-w- c:\windows\system32\vbscript.dll
    2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
    2014-05-30 08:42:16 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-05-30 08:28:30 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-05-30 08:10:46 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-05-30 07:56:50 4244992 ----a-w- c:\windows\system32\jscript9.dll
    2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
    2014-05-20 00:04:06 4379592 ----a-w- c:\windows\system32\nvcpl.dll
    2014-05-20 00:04:06 3055560 ----a-w- c:\windows\system32\nvsvc.dll
    2014-05-20 00:04:02 668104 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-05-20 00:04:02 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-05-20 00:04:01 61784 ----a-w- c:\windows\system32\nvshext.dll
    2014-05-20 00:04:01 376096 ----a-w- c:\windows\system32\nvmctray.dll
    2014-05-15 16:02:25 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-05-15 16:02:25 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-05-15 16:02:25 270240 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
    2014-05-14 02:20:32 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-05-03 17:03:07 388608 ----a-w- C:\HijackThis.exe
    2014-04-26 01:34:17 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-04-26 01:34:17 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400169745628
    2014-04-26 01:34:17 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-04-26 01:34:17 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-04-26 01:34:17 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-26 01:34:17 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400169745628
    2014-04-26 01:34:17 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-04-26 01:34:17 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-04-26 01:34:03 269728 ----a-w- c:\windows\system32\drivers\aswndisflt.sys.1400169745628
    2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
    2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
    2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
    2014-04-08 01:25:20 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2014-04-02 00:48:35 720082 ----a-w- c:\users\user\appdata\roaming\unins000.exe
    2014-04-01 01:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2014-04-01 01:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2014-03-31 12:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 20:52:29,15 ===============
     
     
     

    Dados do Attach:

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate 
    Boot Device: \Device\HarddiskVolume1
    Install Date: 09/01/2014 14:42:39
    System Uptime: 26/06/2014 20:03:06 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. |  | M5A78L-M LX/BR
    Processor: AMD FX-6300 Six-Core Processor              | AM3R2 | 2485/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 710,749 GiB free.
    D: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP192: 17/06/2014 08:49:08 - Windows Update
    RP193: 20/06/2014 17:21:40 - Windows Update
    RP194: 24/06/2014 20:26:09 - Windows Update
    RP195: 25/06/2014 08:41:19 - hoje
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Creative Suite 6 Master Collection
    Adobe Flash Player 14 Plugin
    Adobe Help Manager
    Adobe Reader XI (11.0.06)
    Adobe Widget Browser
    Adobe® Content Viewer
    Advanced Video FX Engine
    µTorrent
    Atualizações da NVIDIA 12.4.67
    Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
    Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
    Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
    Atualização do produto Microsoft Office Word 2007 Help (KB963665)
    aTube Catcher
    avast! Premier
    bl
    CCleaner
    Central de Mouse e Teclado da Microsoft
    CPUID CPU-Z 1.68
    CPUID HWMonitor 1.24
    Creative Live! Cam Voice (1.00.08.0206)
    Creative Photo Calendar
    Creative Photo Manager
    Creative Software AutoUpdate
    Creative WebCam Center
    DAEMON Tools Lite
    Doro 1.88
    Driver Booster
    Dropbox
    Facebook Video Calling 2.0.0.447
    FileZilla Client 3.7.3
    GBBD Guardião - Itaú 30 horas
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Update Helper
    Guia do Usuário da Creative Live! Cam Voice (Português)
    Guitar Pro 6
    Informações do Sistema Creative
    IObit Uninstaller
    Java 7 Update 60
    Java Auto Updater
    MediaFire Desktop
    Microsoft .NET Framework 4 Client Profile PTB Language Pack
    Microsoft .NET Framework 4 Extended PTB Language Pack
    Microsoft .NET Framework 4.5.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Portuguese (Brazil)) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Portuguese (Brazil)) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
    Microsoft Office Word MUI (Portuguese (Brazil)) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 30.0 (x86 pt-BR)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.1
    MyFreeCodec
    neroxml
    Notepad++
    NVIDIA Driver de controle do 3D Vision 337.88
    NVIDIA Driver de gráficos 337.88
    NVIDIA Driver do 3D Vision 337.88
    NVIDIA GeForce Experience 2.0.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA ShadowPlay 12.4.67
    NVIDIA Software do sistema PhysX 9.13.1220
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.23
    Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
    Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
    Painel de controle da NVIDIA 337.88
    PDF Settings CS6
    ph
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition 
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition 
    SHIELD Streaming
    Spybot - Search & Destroy
    TuxGuitar
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition
    Utilitário Vídeo FX avançado
    VLC media player 2.1.3
    WinRAR 5.01 (32-bit)
    .
    ==== End Of File ===========================

    Os dados do GMER eu tive que dividir, não ta deixando eu postar o conteúdo, ta dando erro toda hora, diz que está muito longo toda hora, mas eu já tentei dividir em partes
    mas mesmo assim, não ta dando. O que eu faço?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro RGUEDESTATAGIBA

     

    Os dados do GMER eu tive que dividir, não ta deixando eu postar o conteúdo, ta dando erro toda hora, diz que está muito longo toda hora, mas eu já tentei dividir em partes mas mesmo assim, não ta dando. O que eu faço?

     

     

    Se for preciso eu te peço. ;)

     

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
     
    Por favor, atente para o seguinte:
    • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
    O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
    Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
    Sempre coloque suas respostas neste tópico... Não abra outro!
    Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
    Respeite a ordem das instruções passadas.
    Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

    # Etapa nº 1 #

     
    Faça o download Junkware Removal Tool e salve em seu Desktop.
    • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
    • Clique duas vezes JRT.exe
      • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

      [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

     
    # Etapa nº 2 #
     

    • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    • Clique em Pesquisar
    No final do scan será aberto um log com o resultado.
    Caso algo seja detectado, clique então no botão Remover.
    Novamente, no final do scan será aberto um log com o resultado.
    Copie todo seu conteúdo e cole em sua próxima resposta.

     
    # Etapa nº 3 #
     
    Leia as instruções contidas neste link:
     
     
    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
    Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    [*]Duplo clique no icone desktopicon.png que está no desktop.
    [*]Leia e aceite as condições, digitando 1 e enter.
    [*]Computadores com Windows XP deverão instalar o Console de Recuperação:
    Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    Clique em "OK" ao EULA.
    Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde.
    [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
    [*]Poderá surgir o aviso que é necessário reiniciar o computador.
    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
    [*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
    Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Ultimate x86
    Ran by user on 28/06/2014 at 19:32:10,16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
     
     
     
    ~~~ Files
     
    Successfully disinfected: [shortcut] C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Successfully disinfected: [shortcut] C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Successfully disinfected: [shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    Successfully disinfected: [shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Successfully disinfected: [shortcut] C:\Users\user\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
    Successfully disinfected: [shortcut] C:\Users\user\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Successfully disinfected: [shortcut] C:\Users\Public\Desktop\Mozilla Firefox.lnk
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\Program Files\myfree codec"
     
     
     
    ~~~ FireFox
     
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
    Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\dkinhfkb.default\minidumps [4 files]
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 28/06/2014 at 19:34:32,05
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    # AdwCleaner v3.213 - Relatório criado 28/06/2014 às 19:50:50
    # Atualizado 23/06/2014 por Xplode
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
    # Usuário : user - USER-PC
    # Executando de : C:\Users\user\Desktop\adwcleaner_3.213.exe
    # Opção : Limpar
     
    ***** [ Serviços ] *****
     
    Serviço Deletada : IePluginService
     
    ***** [ Arquivos / Pastas ] *****
     
    Pasta Deletada : C:\ProgramData\IePluginService
    Pasta Deletada : C:\Program Files\SupTab
    Pasta Deletada : C:\users\user\AppData\Roaming\SupTab
    Pasta Deletada : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dkinhfkb.default\Extensions\faststartff@gmail.com
    Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\qone8.xml
    Arquivo Deletada : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
    Arquivo Deletada : C:\Windows\Tasks\Driver Booster Update.job
    Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Update
     
    ***** [ Atalhos ] *****
     
     
    ***** [ Registro ] *****
     
    Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
    Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7BF6420-024E-4D7E-A15B-9B39EC74D5C1}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7BF6420-024E-4D7E-A15B-9B39EC74D5C1}
    [#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
    Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    Chave Deletedo : HKLM\Software\SupTab
    Chave Deletedo : HKLM\Software\Wpm
     
    ***** [ Navegadores ] *****
     
    -\\ Internet Explorer v11.0.9600.17126
     
    Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
     
    -\\ Mozilla Firefox v30.0 (pt-BR)
     
    [ Arquivo : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dkinhfkb.default\prefs.js ]
     
    Linha deletada : user_pref("browser.newtab.url", "hxxp://start.qone8.com/newtab/?type=nt&ts=1399130432&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805");
    Linha deletada : user_pref("browser.search.defaultenginename", "qone8");
    Linha deletada : user_pref("browser.search.selectedEngine", "qone8");
    Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.qone8.com/?type=hp&ts=1399130432&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805");
     
    -\\ Google Chrome v35.0.1916.153
     
    [ Arquivo : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
    Deletedo [search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=108293&tt=4612_6&babsrc=SP_ss&mntrId=48a726540000000000000026180238d5
    Deletedo [search Provider] : hxxp://www.daemon-search.com/search/web?q={searchTerms}
    Deletedo [search Provider] : hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
    Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
    Deletedo [search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1403992996&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805&q={searchTerms}
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399136046&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399207152&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399222928&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399294131&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399315074&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399398167&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399413086&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399466324&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399582757&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399675836&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399783258&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399908788&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399944938&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400066479&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400087655&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400169433&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400173874&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400192337&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400277231&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400327096&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400350097&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400410538&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400536091&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400536427&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400623640&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400777767&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400795164&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400861566&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400883959&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400937917&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401016376&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401025809&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401116677&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401207608&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401283447&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401482322&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401536474&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401620345&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401642790&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401730028&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401756355&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401881667&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401920489&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402071669&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402145431&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402228148&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402251534&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402352049&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402413470&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402525131&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402571866&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402618178&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402697586&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402742225&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402848866&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402922269&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403005397&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403021329&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403127404&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403191656&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403227726&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403287588&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403351722&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403379224&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403436094&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403450912&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403546957&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403651980&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403694871&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403719127&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403740079&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403823836&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403906002&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403992996&from=smt&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805
    Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
     
    *************************
     
    AdwCleaner[R0].txt - [13895 octets] - [28/06/2014 19:38:18]
    AdwCleaner[s0].txt - [13671 octets] - [28/06/2014 19:50:50]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13732 octets] ##########

    ComboFix 14-06-27.01 - user 28/06/2014  20:12:35.1.6 - x86
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.3326.2223 [GMT -3:00]
    Executando de: c:\users\user\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\IsUn0416.exe
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-28 to 2014-06-28  ))))))))))))))))))))))))))))
    .
    .
    2014-06-28 23:20 . 2014-06-28 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-06-28 23:17 . 2014-06-28 23:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19F3A1D3-3D76-42AF-BA43-51291F28F16E}\offreg.dll
    2014-06-28 22:38 . 2010-08-30 11:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
    2014-06-28 22:38 . 2014-06-28 22:51 -------- d-----w- C:\AdwCleaner
    2014-06-28 22:32 . 2014-06-28 22:32 -------- d-----w- c:\windows\ERUNT
    2014-06-27 21:59 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19F3A1D3-3D76-42AF-BA43-51291F28F16E}\mpengine.dll
    2014-06-22 12:18 . 2014-06-22 12:18 -------- d-----w- c:\program files\Common Files\Java
    2014-06-22 12:18 . 2014-06-22 12:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-06-19 23:55 . 2014-06-19 23:55 -------- d-----w- c:\users\Default\AppData\Local\Google
    2014-06-15 18:06 . 2014-06-15 18:07 -------- d-----w- c:\users\user\FLASH
    2014-06-14 20:50 . 2014-06-14 20:50 -------- d-----w- c:\users\user\AppData\Local\Facebook
    2014-06-11 22:31 . 2014-05-30 09:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-06-11 22:28 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
    2014-06-11 22:28 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2014-06-11 22:28 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2014-06-11 22:28 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-06-11 22:28 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-06-11 22:28 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2014-06-11 22:28 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
    2014-06-10 19:39 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-06-10 19:39 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2014-06-05 23:43 . 2010-05-26 14:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2014-06-05 23:43 . 2010-05-26 14:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2014-06-05 23:43 . 2010-05-26 14:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2014-06-05 23:42 . 2014-04-30 18:27 1081112 ----a-w- c:\windows\system32\nvspcap.dll
    2014-06-05 23:42 . 2014-06-05 23:47 -------- d-----w- c:\users\user\AppData\Local\NVIDIA
    2014-06-05 23:42 . 2014-06-05 23:46 -------- d-----w- c:\users\user\AppData\Local\NVIDIA Corporation
    2014-06-05 23:42 . 2014-06-05 23:42 -------- d-----w- c:\program files\AGEIA Technologies
    2014-06-05 23:41 . 2014-05-19 23:11 603592 ----a-w- c:\windows\system32\nvStreaming.exe
    2014-06-05 22:55 . 2014-03-31 16:42 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
    2014-06-05 22:55 . 2014-03-31 16:42 34760 ----a-w- c:\windows\system32\nvaudcap32v.dll
    2014-06-04 22:55 . 2014-06-04 22:55 28031576 ----a-w- c:\windows\system32\MaxxAudioVnA.dll
    2014-06-04 22:55 . 2014-06-04 22:55 1687128 ----a-w- c:\windows\system32\MaxxAudioRealtek2.dll
    2014-06-04 22:55 . 2014-06-04 22:55 14463064 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2014-06-04 22:55 . 2014-06-04 22:55 1936472 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
    2014-06-04 22:55 . 2014-06-04 22:55 874584 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
    2014-06-04 22:55 . 2014-06-04 22:55 1266776 ----a-w- c:\windows\system32\MaxxAudioAPO60.dll
    2014-06-04 22:55 . 2014-06-04 22:55 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO50.dll
    2014-06-04 22:55 . 2014-06-04 22:55 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO40.dll
    2014-06-04 22:54 . 2014-06-04 22:54 2421792 ----a-w- c:\windows\system32\FMAPO.dll
    2014-06-04 22:53 . 2014-06-04 22:53 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
    2014-06-04 22:53 . 2014-06-04 22:53 693464 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2014-06-04 22:51 . 2014-06-04 22:51 894296 ----a-w- c:\windows\system32\nvdispgenco3233523.dll
    2014-06-04 22:51 . 2014-06-04 22:51 1049888 ----a-w- c:\windows\system32\nvdispco3233523.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-06-11 22:22 . 2014-03-30 02:14 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-06-11 22:22 . 2014-03-30 02:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-06-04 22:53 . 2014-01-09 16:51 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
    2014-05-20 02:39 . 2014-01-10 13:25 837056 ----a-w- c:\windows\system32\nvumdshim.dll
    2014-05-20 02:39 . 2014-01-10 13:25 2730208 ----a-w- c:\windows\system32\nvapi.dll
    2014-05-20 02:39 . 2014-01-10 13:25 16003912 ----a-w- c:\windows\system32\nvwgf2um.dll
    2014-05-20 02:39 . 2014-01-10 13:25 14434704 ----a-w- c:\windows\system32\nvd3dum.dll
    2014-05-20 00:04 . 2014-01-10 13:25 4379592 ----a-w- c:\windows\system32\nvcpl.dll
    2014-05-20 00:04 . 2014-01-10 13:25 3055560 ----a-w- c:\windows\system32\nvsvc.dll
    2014-05-20 00:04 . 2014-01-10 13:25 668104 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-05-20 00:04 . 2014-01-10 13:25 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-05-20 00:04 . 2014-01-10 13:25 61784 ----a-w- c:\windows\system32\nvshext.dll
    2014-05-20 00:04 . 2014-01-10 13:25 376096 ----a-w- c:\windows\system32\nvmctray.dll
    2014-05-15 16:02 . 2014-04-26 01:34 270240 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
    2014-05-15 16:02 . 2014-01-10 20:31 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-05-15 16:02 . 2014-01-10 20:31 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-05-15 16:02 . 2014-01-10 20:31 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-05-03 17:03 . 2014-05-03 17:11 388608 ----a-w- C:\HijackThis.exe
    2014-04-26 01:34 . 2014-04-26 01:34 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-04-26 01:34 . 2014-04-26 01:34 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-26 01:34 . 2014-01-10 20:31 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400169745628
    2014-04-26 01:34 . 2014-01-10 20:31 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-04-26 01:34 . 2014-01-10 20:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-04-26 01:34 . 2014-01-10 20:31 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400169745628
    2014-04-26 01:34 . 2014-01-10 20:31 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-04-26 01:34 . 2014-01-10 20:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-04-26 01:34 . 2014-01-10 20:31 271264 ----a-w- c:\windows\system32\aswBoot.exe
    2014-04-26 01:34 . 2014-04-26 01:34 269728 ----a-w- c:\windows\system32\drivers\aswndisflt.sys.1400169745628
    2014-04-12 02:15 . 2014-05-15 16:17 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-04-12 02:15 . 2014-05-15 16:17 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2014-04-12 02:12 . 2014-05-15 16:17 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2014-04-12 02:12 . 2014-05-15 16:17 100352 ----a-w- c:\windows\system32\sspicli.dll
    2014-04-12 02:12 . 2014-05-15 16:17 22016 ----a-w- c:\windows\system32\secur32.dll
    2014-04-12 02:11 . 2014-05-15 16:17 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-04-12 02:11 . 2014-05-15 16:17 22528 ----a-w- c:\windows\system32\lsass.exe
    2014-04-08 01:25 . 2014-01-10 21:10 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2014-04-02 00:48 . 2014-04-02 00:48 720082 ----a-w- c:\users\user\AppData\Roaming\unins000.exe
    2014-04-01 01:46 . 2014-04-01 01:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2014-04-01 01:46 . 2014-04-01 01:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2014-03-31 12:35 . 2014-01-10 20:03 231584 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
    2014-03-04 22:46 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-04-26 01:34 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
    @="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
    [HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
    2013-12-06 16:42 80896 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon3_5d932.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
    @="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
    [HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
    2013-12-06 16:43 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon_5d932.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
    @="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
    [HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
    2013-12-06 16:42 77824 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon2_5d932.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-06-05 20:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-06-05 20:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-06-05 20:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-06-05 20:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-06-05 20:46 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
    @="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
    [HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
    2013-12-06 16:42 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon4_5d932.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconReadOnly]
    @="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
    2013-12-06 16:42 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon5_5d932.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
    "uTorrent"="c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe" [2014-06-11 1267536]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-12-17 4370712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2014-06-04 6667992]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
    "DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2014-01-02 196608]
    "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
    "P1370Cfg.exe"="P1370Cfg.exe" [2006-01-17 28672]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
    "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
    "ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-04-30 1081112]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-01-17 280576]
    .
    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean.exe
    .
    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]
    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
    backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFire Tray]
    2014-02-11 19:13 1766120 ----a-w- c:\users\user\AppData\Local\MediaFire Desktop\mf_watch.exe
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-15 68312]
    R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-03-04 2151744]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
    R3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\Drivers\P1370Aud.sys [2005-12-05 93056]
    R3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\Drivers\P1370Aul.sys [2005-12-06 4992]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-01-17 1343400]
    S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-05-15 270240]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-04-08 26136]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-15 777488]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-15 411680]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-04-26 24184]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-26 67824]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-04-26 109048]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]
    S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x86.sys [2013-12-06 19160]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-30 1617696]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-30 19702048]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-04-30 17240]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
    S3 P1370VID;Live! Cam Voice;c:\windows\system32\DRIVERS\P1370Vid.sys [2006-01-26 179040]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-06-04 693464]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-06-13 23:36 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 22:22]
    .
    2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-10 20:31]
    .
    2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-10 20:31]
    .
    2014-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-518672669-1951374490-583244054-1000Core.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-09 22:00]
    .
    2014-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-518672669-1951374490-583244054-1000UA.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-09 22:00]
    .
    .
    ------- Scan Suplementar -------
    .
    uStart Page = 
    mStart Page = 
    uInternet Settings,ProxyServer = localhost:8080
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Fazer o download de todos os links usando o IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Fazer o download usando o IDM - c:\program files\Internet Download Manager\IEExt.htm
    TCP: DhcpNameServer = 201.17.1.82 201.17.1.112
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dkinhfkb.default\
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
    HKCU-Run-AdobeBridge - (no file)
    AddRemove-Guia do Usuário da Creative Live! Cam Voice Brazil - c:\windows\IsUn0416.exe
    AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_USERS\S-1-5-21-518672669-1951374490-583244054-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):ff,e2,6a,6b,43,bf,6a,96,15,ed,ba,a8,5d,b2,f8,dd,c0,85,a1,2f,0c,
       87,93,c2,a5,43,9a,eb,b5,e4,6c,5d,48,14,da,4e,9d,9e,4c,0c,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-518672669-1951374490-583244054-1000_Classes\CLSID\{880f1f35-1480-4c9d-b60e-dc4d47cde61b}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000051
    "Therad"=dword:00000014
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Tempo para conclusão: 2014-06-28  20:22:12
    ComboFix-quarantined-files.txt  2014-06-28 23:22
    .
    Pré-execução: 769.505.136.640 bytes disponíveis
    Pós execução: 769.413.832.704 bytes disponíveis
    .
    - - End Of File - - 28D89D7339185B59F74D3F3E347AEDDF
    A36C5E4F47E84449FF07ED3517B43A31

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro RGUEDESTATAGIBA

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
    Registry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"P1370Cfg.exe"=-RegLock::[HKEY_USERS\S-1-5-21-518672669-1951374490-583244054-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}][HKEY_USERS\S-1-5-21-518672669-1951374490-583244054-1000_Classes\CLSID\{880f1f35-1480-4c9d-b60e-dc4d47cde61b}]ADS::
    • Salve este arquivo como: CFScript.txt
    • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    2872959479_997d4500c4_o.gif

    Abraços :D

    Editado por diego_moicano

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  • ComboFix 14-06-27.01 - user 14/07/2014  20:50:58.2.6 - x86

    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.3326.1966 [GMT -3:00]

    Executando de: c:\users\user\Desktop\ComboFix.exe

    Comandos utilizados :: c:\users\user\Desktop\Programas de Malware\CFScript.txt

    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-06-15 to 2014-07-15  ))))))))))))))))))))))))))))

    .

    .

    2014-07-15 00:01 . 2014-07-15 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp

    2014-07-14 23:59 . 2014-07-14 23:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDB8AF04-01CD-414A-B58F-4A18013D7F08}\offreg.dll

    2014-07-13 23:40 . 2014-07-13 23:40 -------- d-----w- c:\programdata\IePluginServices

    2014-07-13 23:40 . 2014-07-13 23:40 -------- d-----w- c:\program files\SupTab

    2014-07-13 23:39 . 2014-07-13 23:40 -------- d-----w- c:\programdata\WindowsMangerProtect

    2014-07-13 23:39 . 2014-07-14 23:32 -------- d-----w- c:\program files\HiDefMedia

    2014-07-13 03:31 . 2014-07-14 23:29 -------- d-----w- c:\programdata\Apple Computer

    2014-07-13 03:31 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll

    2014-07-13 02:36 . 2014-07-13 02:36 43152 ----a-w- c:\windows\avastSS.scr

    2014-07-13 02:36 . 2014-07-13 02:36 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys

    2014-07-13 02:00 . 2014-07-13 02:00 -------- d-----w- c:\programdata\Package Cache

    2014-07-13 00:19 . 2014-07-13 03:31 -------- d-----w- c:\users\user\AppData\Local\Apple Computer

    2014-07-12 23:27 . 2014-07-12 23:27 -------- d-----w- c:\program files\Common Files\Apple

    2014-07-12 23:27 . 2014-07-12 23:27 -------- d-----w- c:\users\user\AppData\Local\Apple

    2014-07-12 23:27 . 2014-07-12 23:27 -------- d-----w- c:\programdata\Apple

    2014-07-11 21:26 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDB8AF04-01CD-414A-B58F-4A18013D7F08}\mpengine.dll

    2014-07-09 23:12 . 2014-06-18 01:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll

    2014-07-09 23:12 . 2014-06-18 01:52 399360 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll

    2014-07-09 23:12 . 2014-06-18 01:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll

    2014-07-09 23:12 . 2014-06-18 00:52 2350080 ----a-w- c:\windows\system32\win32k.sys

    2014-07-09 23:12 . 2014-06-18 01:51 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe

    2014-07-09 23:12 . 2014-06-18 01:51 646144 ----a-w- c:\windows\system32\osk.exe

    2014-07-09 23:12 . 2014-06-18 01:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll

    2014-07-09 23:12 . 2014-06-18 01:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll

    2014-07-09 23:12 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll

    2014-07-09 23:12 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys

    2014-07-09 23:12 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll

    2014-06-30 23:23 . 2014-06-30 23:23 -------- d-----w- c:\users\user\.android

    2014-06-28 22:38 . 2010-08-30 11:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

    2014-06-28 22:38 . 2014-06-28 22:51 -------- d-----w- C:\AdwCleaner

    2014-06-28 22:32 . 2014-06-28 22:32 -------- d-----w- c:\windows\ERUNT

    2014-06-22 12:18 . 2014-06-22 12:18 -------- d-----w- c:\program files\Common Files\Java

    2014-06-22 12:18 . 2014-06-22 12:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

    2014-06-19 23:55 . 2014-06-19 23:55 -------- d-----w- c:\users\Default\AppData\Local\Google

    2014-06-15 18:06 . 2014-06-15 18:07 -------- d-----w- c:\users\user\FLASH

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-07-13 02:37 . 2014-01-10 20:31 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys

    2014-07-13 02:36 . 2014-01-10 20:31 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys

    2014-07-13 02:36 . 2014-04-26 01:34 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

    2014-07-13 02:36 . 2014-01-10 20:31 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys

    2014-07-13 02:36 . 2014-01-10 20:31 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys

    2014-07-13 02:36 . 2014-01-10 20:31 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

    2014-07-13 02:36 . 2014-01-10 20:31 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

    2014-07-13 02:36 . 2014-01-10 20:31 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2014-07-13 02:36 . 2014-01-10 20:31 276432 ----a-w- c:\windows\system32\aswBoot.exe

    2014-07-13 02:36 . 2014-01-10 21:10 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys

    2014-07-09 20:12 . 2014-03-30 02:14 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2014-07-09 20:12 . 2014-03-30 02:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2014-07-02 18:13 . 2014-03-01 22:17 19160 ----a-w- c:\windows\system32\drivers\mfmonitor_x86.sys

    2014-06-04 22:56 . 2014-06-04 22:56 1823320 ----a-w- c:\windows\system32\WavesGUILib.dll

    2014-06-04 22:56 . 2014-06-04 22:56 606968 ----a-w- c:\windows\system32\sltech32.dll

    2014-06-04 22:56 . 2014-06-04 22:56 219896 ----a-w- c:\windows\system32\slprp32.dll

    2014-06-04 22:56 . 2014-06-04 22:56 964856 ----a-w- c:\windows\system32\slcnt32.dll

    2014-06-04 22:56 . 2014-06-04 22:56 827128 ----a-w- c:\windows\system32\sl3apo32.dll

    2014-06-04 22:56 . 2014-06-04 22:56 3017112 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys

    2014-06-04 22:56 . 2014-06-04 22:56 2559192 ----a-w- c:\windows\system32\RtkPgExt.dll

    2014-06-04 22:56 . 2014-06-04 22:56 915160 ----a-w- c:\windows\system32\RtkCoInstII.dll

    2014-06-04 22:56 . 2014-06-04 22:56 782040 ----a-w- c:\windows\system32\RtkApoApi.dll

    2014-06-04 22:56 . 2014-06-04 22:56 2467544 ----a-w- c:\windows\system32\RtkAPO.dll

    2014-06-04 22:56 . 2014-06-04 22:56 56270336 ----a-w- c:\windows\system32\RCoRes.dat

    2014-06-04 22:56 . 2014-06-04 22:56 890160 ----a-w- c:\windows\system32\NAHIMICAPOSettingsIPC.dll

    2014-06-04 22:56 . 2014-06-04 22:56 5088008 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll

    2014-06-04 22:56 . 2014-06-04 22:56 11736152 ----a-w- c:\windows\system32\MaxxVoiceAPO30.dll

    2014-06-04 22:56 . 2014-06-04 22:56 785520 ----a-w- c:\windows\system32\MaxxVoiceAPO20.dll

    2014-06-04 22:56 . 2014-06-04 22:56 948336 ----a-w- c:\windows\system32\MaxxSpeechAPO.dll

    2014-06-04 22:56 . 2014-06-04 22:55 3650136 ----a-w- c:\windows\system32\MaxxAudioVnN.dll

    2014-06-04 22:55 . 2014-06-04 22:55 28031576 ----a-w- c:\windows\system32\MaxxAudioVnA.dll

    2014-06-04 22:55 . 2014-06-04 22:55 1687128 ----a-w- c:\windows\system32\MaxxAudioRealtek2.dll

    2014-06-04 22:55 . 2014-06-04 22:55 14463064 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll

    2014-06-04 22:55 . 2014-06-04 22:55 1936472 ----a-w- c:\windows\system32\MaxxAudioEQ.dll

    2014-06-04 22:55 . 2014-06-04 22:55 874584 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll

    2014-06-04 22:55 . 2014-06-04 22:55 1266776 ----a-w- c:\windows\system32\MaxxAudioAPO60.dll

    2014-06-04 22:55 . 2014-06-04 22:55 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO50.dll

    2014-06-04 22:55 . 2014-06-04 22:55 1143408 ----a-w- c:\windows\system32\MaxxAudioAPO40.dll

    2014-06-04 22:54 . 2014-06-04 22:54 2421792 ----a-w- c:\windows\system32\FMAPO.dll

    2014-06-04 22:53 . 2014-06-04 22:53 76872 ----a-w- c:\windows\system32\RtNicProp32.dll

    2014-06-04 22:53 . 2014-06-04 22:53 693464 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

    2014-06-04 22:53 . 2014-01-09 16:51 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

    2014-06-04 22:51 . 2014-06-04 22:51 894296 ----a-w- c:\windows\system32\nvdispgenco3233523.dll

    2014-06-04 22:51 . 2014-06-04 22:51 1049888 ----a-w- c:\windows\system32\nvdispco3233523.dll

    2014-05-20 02:39 . 2014-06-05 23:38 9697640 ----a-w- c:\windows\system32\nvopencl.dll

    2014-05-20 02:39 . 2014-06-05 23:38 24024408 ----a-w- c:\windows\system32\nvoglv32.dll

    2014-05-20 02:39 . 2014-06-05 23:38 305600 ----a-w- c:\windows\system32\nvoglshim32.dll

    2014-05-20 02:39 . 2014-06-05 23:38 10533152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

    2014-05-20 02:39 . 2014-06-05 23:38 866592 ----a-w- c:\windows\system32\NvIFR.dll

    2014-05-20 02:39 . 2014-06-05 23:38 861128 ----a-w- c:\windows\system32\NvFBC.dll

    2014-05-20 02:39 . 2014-06-05 23:38 146480 ----a-w- c:\windows\system32\nvinit.dll

    2014-05-20 02:39 . 2014-06-05 23:38 9735256 ----a-w- c:\windows\system32\nvcuda.dll

    2014-05-20 02:39 . 2014-06-05 23:38 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll

    2014-05-20 02:39 . 2014-06-05 23:38 2953672 ----a-w- c:\windows\system32\nvcuvid.dll

    2014-05-20 02:39 . 2014-06-05 23:38 2413344 ----a-w- c:\windows\system32\nvcuvenc.dll

    2014-05-20 02:39 . 2014-06-05 23:38 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll

    2014-05-20 02:39 . 2014-06-05 23:38 17559384 ----a-w- c:\windows\system32\nvcompiler.dll

    2014-05-20 02:39 . 2014-01-10 13:25 837056 ----a-w- c:\windows\system32\nvumdshim.dll

    2014-05-20 02:39 . 2014-01-10 13:25 2730208 ----a-w- c:\windows\system32\nvapi.dll

    2014-05-20 02:39 . 2014-01-10 13:25 16003912 ----a-w- c:\windows\system32\nvwgf2um.dll

    2014-05-20 02:39 . 2014-01-10 13:25 14434704 ----a-w- c:\windows\system32\nvd3dum.dll

    2014-05-20 00:04 . 2014-01-10 13:25 4379592 ----a-w- c:\windows\system32\nvcpl.dll

    2014-05-20 00:04 . 2014-01-10 13:25 3055560 ----a-w- c:\windows\system32\nvsvc.dll

    2014-05-20 00:04 . 2014-01-10 13:25 668104 ----a-w- c:\windows\system32\nvvsvc.exe

    2014-05-20 00:04 . 2014-01-10 13:25 2555168 ----a-w- c:\windows\system32\nvsvcr.dll

    2014-05-20 00:04 . 2014-01-10 13:25 61784 ----a-w- c:\windows\system32\nvshext.dll

    2014-05-20 00:04 . 2014-01-10 13:25 376096 ----a-w- c:\windows\system32\nvmctray.dll

    2014-05-19 23:11 . 2014-06-05 23:41 603592 ----a-w- c:\windows\system32\nvStreaming.exe

    2014-05-08 09:06 . 2014-06-10 19:39 2742784 ----a-w- c:\windows\system32\rdpcorets.dll

    2014-05-08 09:06 . 2014-06-10 19:39 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

    2014-05-03 17:03 . 2014-05-03 17:11 388608 ----a-w- C:\HijackThis.exe

    2014-04-30 18:27 . 2014-06-05 23:42 1081112 ----a-w- c:\windows\system32\nvspcap.dll

    2014-04-26 01:34 . 2014-01-10 20:31 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400169745628

    2014-04-26 01:34 . 2014-01-10 20:31 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400169745628

    2014-04-26 01:34 . 2014-04-26 01:34 269728 ----a-w- c:\windows\system32\drivers\aswndisflt.sys.1400169745628

    2014-04-25 02:06 . 2014-06-11 22:28 626688 ----a-w- c:\windows\system32\usp10.dll

    .

    .

    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]

    2014-03-04 22:46 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2014-07-13 02:36 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]

    @="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"

    [HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]

    2014-07-02 18:13 80896 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon3_5c245.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]

    @="{7995D0FC-769B-4197-AEC0-991921CB99E1}"

    [HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]

    2014-07-02 18:13 80384 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon5_5c245.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]

    @="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"

    [HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]

    2014-07-02 18:13 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon_5c245.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]

    @="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"

    [HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]

    2014-07-02 18:13 77824 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon2_5c245.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2013-09-11 02:09 131248 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2014-06-27 17:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-06-27 17:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2014-06-27 17:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2014-06-27 17:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2014-06-27 17:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]

    @="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"

    [HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]

    2014-07-02 18:13 76288 ----a-w- c:\program files\MediaFire Desktop\MediaFireIcon4_5c245.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]

    "uTorrent"="c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-02 1322832]

    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

    "CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-12-17 4370712]

    "MediaFire Tray"="c:\users\user\AppData\Local\MediaFire Desktop\mf_watch.exe" [2014-07-02 3089224]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2014-06-04 6667992]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-13 4086432]

    "DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2014-01-02 196608]

    "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]

    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

    "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]

    "ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-04-30 1081112]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-01-17 280576]

    .

    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\SupTab\SearchProtect32.dll

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean.exe

    .

    [HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]

    path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

    backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup

    backupExtension=.Startup

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFire Tray]

    2014-07-02 20:41 3089224 ----a-w- c:\users\user\AppData\Local\MediaFire Desktop\mf_watch.exe

    .

    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-13 71944]

    R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe [2014-07-13 759688]

    R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-03-04 2151744]

    R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [2014-07-13 535936]

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]

    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]

    R3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\Drivers\P1370Aud.sys [2005-12-05 93056]

    R3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\Drivers\P1370Aul.sys [2005-12-06 4992]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-01-17 1343400]

    S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-07-13 270752]

    S0 aswRvrt;avast! Revert; [x]

    S0 aswVmm;avast! VM Monitor; [x]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-07-13 26136]

    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-13 779536]

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-13 414520]

    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-13 24184]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-13 67824]

    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-07-13 106488]

    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]

    S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x86.sys [2014-07-02 19160]

    S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-30 1617696]

    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-30 19702048]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]

    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]

    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-04-30 17240]

    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]

    S3 P1370VID;Live! Cam Voice;c:\windows\system32\DRIVERS\P1370Vid.sys [2006-01-26 179040]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-06-04 693464]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2014-06-13 23:36 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2014-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 20:12]

    .

    2014-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-10 20:31]

    .

    2014-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-10 20:31]

    .

    2014-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-518672669-1951374490-583244054-1000Core.job

    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-09 22:00]

    .

    2014-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-518672669-1951374490-583244054-1000UA.job

    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-09 22:00]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405294727&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805

    mStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405294727&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805

    uInternet Settings,ProxyServer = localhost:8080

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Fazer o download de todos os links usando o IDM - c:\program files\Internet Download Manager\IEGetAll.htm

    IE: Fazer o download usando o IDM - c:\program files\Internet Download Manager\IEExt.htm

    TCP: DhcpNameServer = 201.17.1.82 201.17.1.112

    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dkinhfkb.default\

    FF - prefs.js: browser.search.selectedEngine - omiga-plus

    FF - prefs.js: browser.startup.homepage - hxxp://isearch.omiga-plus.com/?type=hp&ts=1405294727&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    AddRemove-QuicktimeAlt_is1 - c:\program files\QuickTime Alternative\unins000.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2014-07-14  21:03:41

    ComboFix-quarantined-files.txt  2014-07-15 00:03

    .

    Pré-execução: 726.552.539.136 bytes disponíveis

    Pós execução: 726.322.286.592 bytes disponíveis

    .

    - - End Of File - - 71D56C0E76DB7F4028CF5434E76FA1B3

    A36C5E4F47E84449FF07ED3517B43A31

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro RGUEDESTATAGIBA

     

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

     

    Abraços :D

    • Curtir 1

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  • Olá Diego farei isso a noite, mas só por curiosidade, neste log que enviei qual seria o código que mostra onde está a infecção?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  • Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Data de Verificação: 31/07/2014

    Hora da Verificação: 20:56:00

    Logfile: Log Antimalware.txt

    Administrador: Sim

     

    Versão: 2.00.2.1012

    Malware Database: v2014.07.31.09

    Rootkit Database: v2014.07.17.01

    Licença: Trial

    Proteção de Malware: Enabled

    Proteção de Site Malicioso: Enabled

    Self-protection: Desabilitado

     

    OS: Windows 7 Service Pack 1

    CPU: x86

    Sistema de Arquivo: NTFS

    Usuário: user

     

    Tipo da Verificação: Verificação Rápida

    Resultado: Completado

    Arquivos Verificados: 236447

    Tempo Decorrido: 2 min, 56 seg

     

    Memória: Enabled

    Inicialização: Enabled

    Filesystem: Desabilitado

    Arquivos: Enabled

    Rootkits: Desabilitado

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

     

    Processos: 2

    PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1676, , [0b0a3d69f586191dfcb5223dde23d52b]

    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1720, , [9481b4f2cbb0330313a3a9e9ff029868]

     

    Módulos: 1

    PUP.Optional.Skytech.A, C:\Program Files\SupTab\DpInterface32.dll, , [e3323e68aad12b0bd83295faad5432ce], 

     

    Chaves de Registro: 7

    PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, , [0b0a3d69f586191dfcb5223dde23d52b], 

    PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [9481b4f2cbb0330313a3a9e9ff029868], 

    PUP.Optional.WPM.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, , [9481b4f2cbb0330313a3a9e9ff029868], 

    PUP.Optional.ISearch.A, HKLM\SOFTWARE\omiga-plusSoftware, , [53c26d394c2f1b1b4af2cb5cda2ae31d], 

    PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, , [070e5254562565d152fc78b7b35126da], 

    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [f91c6c3a80fb39fd67664bcfe51f5ea2], 

    PUP.Optional.Qone8, HKU\S-1-5-21-518672669-1951374490-583244054-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [b85d198d5a213bfb4884c753af558c74], 

     

    Valores de Registro: 2

    PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dkinhfkb.default\extensions\faststartff@gmail.com, , [977eb5f1c7b416200f564ae4788c20e0]

    PUP.Optional.FastStart.A, HKU\S-1-5-21-518672669-1951374490-583244054-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [23f2396de59662d41f584193f30f09f7]

     

    Dados do Registro: 6

    PUP.Optional.ISearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files\Mozilla Firefox\firefox.exe" "http://isearch.omiga-plus.com/?type=hppp&ts=1405694332&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805", "http://isearch.omiga-plus.com/?type=hppp&ts=1405721961&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805", "http://isearch.omiga-plus.com/?type=hppp&ts=1405729496&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805", "http://isearch.omiga-plus.com/?type=hppp&ts=1405776022&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805", "http://isearch.omiga-plus.com/?type=hppp&ts=1405806495&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805" ],), ,[a76e7b2b6318ae8890bd59933acabd43]

    PUP.Optional.ISearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dkinhfkb.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://isearch.omiga-plus.com/newtab/?type=nt&ts=1405294727&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805");), ,[a174287e6318e551f14d38b343c1e41c]

    PUP.Optional.ISearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dkinhfkb.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://isearch.omiga-plus.com/?type=hp&ts=1405294727&from=air&uid=ST1000VM002-1CT162_S1G30805XXXXS1G30805");), ,[b75e3472047776c0a70bbc2f31d34cb4]

     

    Physical Sectors: 0

    (No malicious items detected)

     

     

    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro RGUEDESTATAGIBA

     

    Ok... serão removidos depois durante a limpeza final. ;)

     

    Desative temporiariamente seu AntiVirus
    Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
    Clique neste botão: j9Byf.png?1
    Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    Duplo clique no ícone em seu desktop.

    [*]Marque "YES, I accept the Terms of Use."
    [*]Clique em Start.
    [*]Aceite qualquer aviso de segurança de seu browser.
    [*]Em scan settings, marque "Scan Archives" e "Remove found threats"
    [*]Clique em Advanced settings e marque o seguinte:
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology

    [*]Clique Change e marque também a caixa Computador.
    [*]Clique em Start.
    [*]Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
    [*]Quando o scan terminar, clique em List of found threats
    [*]Clique em Export to text file e salve o log na sua área de trabalho.
    [*]Clique em Back.
    [*]Clique em Finish.
    [*]Poste o conteúdo do log.

     
    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  • C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

    C:\Users\Todos os Usuários\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir Win32/Thinknice.A potentially unwanted application deleted - quarantined

    C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir Win64/Thinknice.A potentially unwanted application deleted - quarantined

    C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\aTubeCatcher (1).exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined

    C:\Users\user\Downloads\aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined

    C:\Users\user\Downloads\flash_player_14_plugin.exe a variant of Win32/SoftPulse.J potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\Megacubo_10.4.0.exe Win32/Somoto.E potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\Player Setup (1).exe a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\Player Setup (2).exe a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\Player Setup.exe a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\Setup (1).exe a variant of Win32/SoftPulse.H potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\setup.exe Win32/OutBrowse.AE potentially unwanted application deleted - quarantined

    C:\Users\user\Downloads\yet_another_cleaner_dnp.exe a variant of Win32/ELEX.AU potentially unwanted application deleted - quarantined

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro RGUEDESTATAGIBA

     

    Faça o download do SecurityCheck e salve em seu Desktop
     
    Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    Pressione qualquer tecla para continuar... será aberto um relatório
    Copie todo seu conteúdo e cole em sua próxima resposta

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  •  Results of screen317's Security Check version 0.99.87  

     Windows 7 Service Pack 1 x86 (UAC is enabled)  

     Internet Explorer 11  

    ``````````````Antivirus/Firewall Check:`````````````` 

    avast! Antivirus   

     Antivirus up to date!   

    `````````Anti-malware/Other Utilities Check:````````` 

     CCleaner     

     Wise Disk Cleaner 8.21  

     Java 7 Update 65  

     Java version out of Date! 

     Adobe Flash Player 14.0.0.145  

     Adobe Reader XI  

     Mozilla Firefox (30.0) 

     Google Chrome 36.0.1985.125  

     Google Chrome 36.0.1985.143  

     Google Chrome plugins...  

    ````````Process Check: objlist.exe by Laurent````````  

     AVAST Software Avast AvastSvc.exe  

     AVAST Software Avast afwServ.exe  

     AVAST Software Avast avastui.exe  

    `````````````````System Health check````````````````` 

     Total Fragmentation on Drive C:  

    ````````````````````End of Log`````````````````````` 

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro RGUEDESTATAGIBA

     

    # Etapa nº 1 #
     
    Atualize o Java.
     
    Atenção: Desinstale TODAS as versões antigas do Java.
    • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
    • Acesse o site Java para Windows
    • Clique em 4531602912_e9606174d3_o.gif
    • Na janela que surgir clique em Executar;
    • Siga os procedimentos de instalação.

     
    >>>> Como está o computador?
     
    # Etapa nº 2 #
     
    Vamos desinstalar o ComboFix:
     
    Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido. 
     
    Ou se preferir vá em,
     
    iniciar > executar e digite  Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.
     
    # Etapa nº 3 #
     
    Faça o download do DelFix e salve em seu Desktop
    • Clique duas vezes no delfix.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    • Marque as seguintes caixas:
    • Ativar UAC (opcional, veja abaixo mais informações)
    Remover ferramentas de desinfecção
    Criar backup do registro
    Limpar pontos da restauração do sistema
    Redefinir as configurações do sistema

    • Clique no botão Executar e aguarde.
    Quando o scan terminar irá gerar um log.
    Poste todo o conteúdo desse log.

     

    Observação:
    Caso queira saber sobre a
    UAC
    , clique
    .

     
    # Etapa nº 4 #
     
    <<@>> Instale o CCleaner
     
    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
    IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
    Abra o programa e clique em Executar Limpeza;
    clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
     
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
     
    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  • # DelFix v10.8 - Relatório criado 18/08/2014 às 21:41:44
    # Atualizado 29/07/2014 por Xplode
    # Usuário : user - USER-PC
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
     
    ~ Ativando UAC ... OK
     
    ~ Removendo ferramentas de desinfecção ...
     
    Removido : C:\Qoobox
    Removido : C:\AdwCleaner
    Removido : C:\HijackThis.exe
    Removido : C:\Users\user\Desktop\ComboFix.exe.exe
    Removido : C:\Windows\grep.exe
    Removido : C:\Windows\PEV.exe
    Removido : C:\Windows\NIRCMD.exe
    Removido : C:\Windows\MBR.exe
    Removido : C:\Windows\SED.exe
    Removido : C:\Windows\SWREG.exe
    Removido : C:\Windows\SWSC.exe
    Removido : C:\Windows\SWXCACLS.exe
    Removido : C:\Windows\Zip.exe
    Removido : HKCU\console_combofixbackup
    Removido : HKLM\SOFTWARE\AdwCleaner
    Removido : HKLM\SOFTWARE\Swearware
    Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
    Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
    Removido : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
    Removido : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
    Removido : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
    Removido : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
     
    ~ Criando backup do registro ... OK
     
    ~ Limpando pontos da restauração do sistema ...
     
    Removido : RP #235 [installed Java 7 Update 67 | 08/16/2014 23:04:07]
    Removido : RP #236 [Windows Update | 08/18/2014 22:17:35]
    Removido : RP #238 [iObit Uninstaller restore point | 08/19/2014 00:19:10]
    Removido : RP #239 [Removed Java 7 Update 67 | 08/19/2014 00:20:11]
    Removido : RP #241 [iObit Uninstaller restore point | 08/19/2014 00:24:10]
    Removido : RP #242 [installed Java 7 Update 67 | 08/19/2014 00:28:42]
     
    Novo ponto de restauração criado !
     
    ~ Redefinindo configurações do sistema ... OK
     
    ########## - EOF - ##########

    Diego boa noite

     

    Não consegui desinstalar o ComboFix

     

    Primeiro renomeei o arquivo, ele começou a rodar um novo Scan por Ameaças, dai cancelei (fechei o programa), depois tentei encontra-lo através da instrução:

     

    iniciar > executar e digite  Combofix /Uninstall

     

    O Windows não encontrou o arquivo. Tem outro jeito? 

     

    Obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RGUEDESTATAGIBA    0
  • Autor do tópico
  • Acabamos? 

     

    Só ficou uma dúvida, após tantos procedimentos eu gostaria de saber:

     

    Meu computador estava muito infectado?

     

    Qual seria a rotina mais básica para que eu faça minhas próprias varreduras e desinfecções periódicas?

     

    Muito obrigado Diego!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Não muito...

     

    Cuidado com sua navegação, desconfie primeiro antes de clicar. Ao instalar algum programa fique atento no que é pedido durante a instalação, muitos veem com programas indesejados marcados para serem instalados ao mesmo tempo. ;)

     

    Um antivírus está bom e seu firewall ativado... o resto é manter os cuidados que descrevi acima.

     

    Mais alguma coisa?

    • Curtir 1

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×