Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Julio Grabriel

Notebook digitando sozinho e outras coisinhas

Recommended Posts

Primeiramente queria dar bom dia, boa tarde ou boa noite, dependendo da hora em que vocês estão vendo este tópico. Estou com um problema no meu note, ele fica digitando sozinho após algum tempo de uso, e não imediatamente após ligá-lo. Para ser mais exato o que ele costuma digitar é isto: ‘5]

 

Também ocorre de digitar sem parar determinada letra que eu aperte e atualizar a página de internet, inclusive quando estava digitando o post deste tópico tendo que digitar novamente no Word. Também ocorre de diminuir o zoom da página e abrir outras funções.

 

Sua configuração é esta: CCE, Intel Pentium 2.10GHz, 2GB RAM, 700GB de HD, onde no adesivo que veio no notebook informava 500GB.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Julio Grabriel,

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!
 
Peço que você continue com este tópico e faça uma resposta colocando o log do DDS e GMER de acordo com as instruções presentes na página  Leia Antes de Postar - Criando um novo Tópico
 
ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!
ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!
ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • DDS (Ver_2012-11-20.01) - NTFS_x86 
    Internet Explorer: 11.0.9600.17239
    Run by Gabriel at 21:31:48 on 2014-08-24
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1901.1324 [GMT -3:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Users\Gabriel\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\regsvr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.br/
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [Facebook Update] "c:\users\gabriel\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "c:\users\gabriel\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
    uRun: [Epnvtion] regsvr32.exe c:\users\gabriel\appdata\local\epnvtion\aclEventtrace.dll
    mRun: [igfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [EaseUS EPM tray] c:\program files\easeus\easeus partition master 9.2.2\bin\EpmNews.exe
    mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
    mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 10.1.1.1 200.175.5.139 200.175.89.139
    TCP: Interfaces\{3AA252DA-D625-4F33-A786-7EBFB20381D5} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3AA252DA-D625-4F33-A786-7EBFB20381D5}\746545D244234333 : DHCPNameServer = 192.168.25.1
    TCP: Interfaces\{73D3F5B4-F943-4781-A40B-63FA4EA4E894} : DHCPNameServer = 10.1.1.1 200.175.5.139 200.175.89.139
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\gabriel\appdata\roaming\mozilla\firefox\profiles\ei8twsxg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.ev.org.br/Paginas/Home.aspx
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\gabriel\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-30 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-30 175176]
    R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2013-3-22 541680]
    R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2013-3-22 26608]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-29 770344]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-29 369584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-29 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-29 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-30 46808]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-3-29 242240]
    R3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\drivers\IntcDAud.sys [2013-3-23 279040]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-4-3 394856]
    R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\drivers\rtwlane.sys [2014-1-16 1334856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-11-8 14920]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-11-8 9160]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-14 108032]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2013-3-29 1057896]
    S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
    S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-12 1343400]
    .
    =============== Created Last 30 ================
    .
    2014-08-22 13:21:18 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e9ee3573-c3a1-4978-bf2c-f6902c96b68b}\offreg.dll
    2014-08-22 11:38:26 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e9ee3573-c3a1-4978-bf2c-f6902c96b68b}\mpengine.dll
    2014-08-18 19:18:31 99480 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-18 19:18:12 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-18 19:17:38 619672 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-18 19:17:24 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-14 14:19:32 2352640 ----a-w- c:\windows\system32\win32k.sys
    2014-08-14 14:19:30 305152 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-14 14:19:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-08-14 14:18:48 2363392 ----a-w- c:\windows\system32\msi.dll
    2014-08-14 14:18:47 1805824 ----a-w- c:\windows\system32\authui.dll
    2014-08-14 14:18:46 337408 ----a-w- c:\windows\system32\msihnd.dll
    2014-08-14 14:18:46 101824 ----a-w- c:\windows\system32\consent.exe
    2014-08-14 14:17:53 412160 ----a-w- c:\windows\system32\aepdu.dll
    2014-08-14 14:17:48 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-14 14:11:58 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
    2014-08-14 14:11:57 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
    2014-08-12 19:19:32 -------- d-----w- c:\users\gabriel\8º Período
    2014-08-05 17:20:22 227728 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2014-08-03 23:25:07 23552 ----a-w- c:\windows\system32\drivers\SET8BE9.tmp
    2014-08-03 16:13:55 23552 ----a-w- c:\windows\system32\drivers\SET6B21.tmp
    2014-08-03 16:01:42 23552 ----a-w- c:\windows\system32\drivers\SETB05A.tmp
    2014-08-01 00:29:41 -------- d-----w- c:\users\gabriel\Nova pasta
    2014-07-31 12:26:29 2425856 ----a-w- c:\windows\system32\wucltux.dll
    2014-07-31 12:26:15 92672 ----a-w- c:\windows\system32\wudriver.dll
    2014-07-31 12:25:43 33792 ----a-w- c:\windows\system32\wuapp.exe
    2014-07-31 12:25:43 179656 ----a-w- c:\windows\system32\wuwebv.dll
    .
    ==================== Find3M  ====================
    .
    2014-08-05 12:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
    2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
    2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
    2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
    2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
    2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
    2014-06-16 18:16:51 23552 ----a-w- c:\windows\system32\drivers\SET3EB6.tmp
    2014-06-16 18:11:47 23552 ----a-w- c:\windows\system32\drivers\SET98D7.tmp
    2014-06-16 18:06:40 23552 ----a-w- c:\windows\system32\drivers\SETEA11.tmp
    2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
    2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
    2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
    2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 21:34:11,28 ===============
     
     
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate 
    Boot Device: \Device\HarddiskVolume1
    Install Date: 29/03/2013 11:14:14
    System Uptime: 24/08/2014 18:03:18 (3 hours ago)
    .
    Motherboard: Intel Corp. |  | Emerald Lake 2
    Processor: Intel® Pentium® CPU B950 @ 2.10GHz | CPU Socket - U3E1 | 798/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 422 GiB total, 84,563 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is CDROM ()
    G: is FIXED (NTFS) - 277 GiB total, 19,918 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: 
    Description: Controlador de barramento SM
    Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_72708086&REV_04\3&11583659&0&FB
    Manufacturer: 
    Name: Controlador de barramento SM
    PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_72708086&REV_04\3&11583659&0&FB
    Service: 
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Baidu Protect
    Device ID: ROOT\LEGACY_BPROTECT\0000
    Manufacturer: 
    Name: Baidu Protect
    PNP Device ID: ROOT\LEGACY_BPROTECT\0000
    Service: Bprotect
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Realtek High Definition Audio
    Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10EC0669&REV_1001\4&231B0FDF&0&0001
    Manufacturer: Realtek
    Name: Realtek High Definition Audio
    PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10EC0669&REV_1001\4&231B0FDF&0&0001
    Service: IntcAzAudAddService
    .
    Class GUID: 
    Description: Controlador USB (Universal Serial Bus)
    Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_72708086&REV_04\3&11583659&0&A0
    Manufacturer: 
    Name: Controlador USB (Universal Serial Bus)
    PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_72708086&REV_04\3&11583659&0&A0
    Service: 
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Dispositivo de vídeo USB
    Device ID: USB\VID_5149&PID_13D3&MI_00\7&18FA2BEC&0&0000
    Manufacturer: Microsoft
    Name: USB 2.0 PC Cam
    PNP Device ID: USB\VID_5149&PID_13D3&MI_00\7&18FA2BEC&0&0000
    Service: usbvideo
    .
    Class GUID: 
    Description: 
    Device ID: ACPI\TPSACPI01\2&DABA3FF&2
    Manufacturer: 
    Name: 
    PNP Device ID: ACPI\TPSACPI01\2&DABA3FF&2
    Service: 
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Reader XI (11.0.08)
    AMCap
    µTorrent
    Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
    Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
    Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
    Atualização do produto Microsoft Office Word 2007 Help (KB963665)
    aTube Catcher
    avast! Free Antivirus
    Avidemux 2.6 (32-bit)
    CD Recovery Toolbox Free 2.0
    CDisplayEx 1.9.3
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    D3DX10
    DAEMON Tools Lite
    DriverEasy 4.6.6
    EaseUS Partition Master 9.2.2
    Facebook Video Calling 3.1.0.521
    FormatFactory 3.00
    Free YouTube Download version 3.2.16.1028
    Galeria de Fotos
    Google Chrome
    Google Drive
    Google Update Helper
    Intel® Processor Graphics
    JDownloader 2
    Junk Mail filter update
    K-Lite Mega Codec Pack 9.8.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 (Português do Brasil)
    Microsoft .NET Framework 4.5.1 (PTB)
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Portuguese (Brazil)) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
    Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Portuguese (Brazil)) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
    Microsoft Office Word MUI (Portuguese (Brazil)) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    Movie Maker
    Mozilla Firefox 29.0.1 (x86 pt-BR)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT110
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Ultra Edition
    neroxml
    Pando Media Booster
    Photo Common
    Photo Gallery
    PowerISO
    Privoxy (remove only)
    Realtek Card Reader
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Driver
    Recuva
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition 
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition 
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
    Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition 
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition 
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition 
    Skype Toolbars
    Skype™ 6.18
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition
    Windows 7 USB/DVD Download Tool
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.20 (32-bit)
    Xfire (remove only)
    Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
    Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
    Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
    .
    ==== End Of File ===========================
     

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-08-24 23:37:08
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK7559GSXP rev.GN001A 698,64GB
    Running: gmer.exe; Driver: C:\Users\Gabriel\AppData\Local\Temp\pwlirfob.sys
     
     
    ---- System - GMER 2.1 ----
     
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwAddBootEntry [0x8F036610]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwAllocateVirtualMemory [0x8DCFF5FA]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwAssignProcessToJobObject [0x8F0370E6]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateEvent [0x8F042F18]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateEventPair [0x8F042F64]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateIoCompletion [0x8F0430FE]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateMutant [0x8F042E86]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwCreateSection [0x8DCFF992]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateSemaphore [0x8F042ECE]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateThread [0x8F0375E4]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateThreadEx [0x8F037800]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwCreateTimer [0x8F0430B8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwDebugActiveProcess [0x8F037E9C]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwDeleteBootEntry [0x8F036676]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwDuplicateObject [0x8F03B596]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwFreeVirtualMemory [0x8DCFF6C2]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwLoadDriver [0x8DCFDC12]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwModifyBootEntry [0x8F0366DC]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwNotifyChangeKey [0x8F03B98C]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwNotifyChangeMultipleKeys [0x8F03892C]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenEvent [0x8F042F42]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenEventPair [0x8F042F86]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenIoCompletion [0x8F043122]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenMutant [0x8F042EAC]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenProcess [0x8F03AE78]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenSection [0x8F043036]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenSemaphore [0x8F042EF6]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenThread [0x8F03B26E]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwOpenTimer [0x8F0430DC]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwProtectVirtualMemory [0x8DCFF822]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwQueryObject [0x8F0387F8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwQueueApcThreadEx [0x8F038506]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSetBootEntryOrder [0x8F036742]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSetBootOptions [0x8F0367A8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSetContextThread [0x8F037D16]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSetSystemInformation [0x8F0362F8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSetSystemPowerState [0x8F0364CE]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwShutdownSystem [0x8F03645C]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSuspendProcess [0x8F038066]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSuspendThread [0x8F0381C8]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwSystemDebugControl [0x8F036556]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwTerminateProcess [0x8DCFF8EA]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwTerminateThread [0x8F037CF6]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwUnloadDriver [0x8DCFDC42]
    SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                              ZwVdmControl [0x8F03680E]
    SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                               ZwWriteVirtualMemory [0x8DCFF76E]
     
    ---- Kernel code sections - GMER 2.1 ----
     
    .text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                             82E4FA15 1 Byte  [06]
    .text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                               82E89212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                  82E90460 4 Bytes  [10, 66, 03, 8F]
    .text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                  82E90488 4 Bytes  [FA, F5, CF, 8D]
    .text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                  82E904E8 4 Bytes  [E6, 70, 03, 8F]
    .text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                  82E9053C 8 Bytes  [18, 2F, 04, 8F, 64, 2F, 04, ...] {SBB [EDI], CH; ADD AL, 0x8f; DAS ; ADD AL, 0x8f}
    .text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                  82E90548 4 Bytes  [FE, 30, 04, 8F]
    .text           ...                                                                                                  
     
    ---- User code sections - GMER 2.1 ----
     
    .text           C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70                                  76996AAC 1 Byte  [62]
    .text           C:\Windows\system32\svchost.exe[496] kernel32.dll!GetBinaryTypeW + 70                                76996AAC 1 Byte  [62]
    .text           C:\Windows\system32\svchost.exe[508] kernel32.dll!GetBinaryTypeW + 70                                76996AAC 1 Byte  [62]
    .text           C:\Windows\system32\wininit.exe[536] kernel32.dll!GetBinaryTypeW + 70                                76996AAC 1 Byte  [62]
    .text           C:\Windows\system32\csrss.exe[556] kernel32.dll!GetBinaryTypeW + 70                                  76996AAC 1 Byte  [62]
    .text           ...                                                                                                  
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] ntdll.dll!LdrUnloadDll                         7758C8DE 5 Bytes  JMP 000E03FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] ntdll.dll!LdrLoadDll                           775922AE 5 Bytes  JMP 000E01F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] KERNEL32.dll!GetBinaryTypeW + 70               76996AAC 1 Byte  [62]
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] user32.DLL!UnhookWindowsHookEx                 76F6ADF9 5 Bytes  JMP 00110A08 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] user32.DLL!UnhookWinEvent                      76F6B750 5 Bytes  JMP 001103FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] user32.DLL!SetWindowsHookExW                   76F6E30C 5 Bytes  JMP 00110804 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] user32.DLL!SetWinEventHook                     76F724DC 5 Bytes  JMP 001101F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] user32.DLL!DrawTextW                           76F75B6A 6 Bytes  PUSH 02A895D4; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[2392] user32.DLL!SetWindowsHookExA                   76F96D0C 5 Bytes  JMP 00110600 
    .text           C:\Windows\System32\WUDFHost.exe[2524] kernel32.dll!GetBinaryTypeW + 70                              76996AAC 1 Byte  [62]
    .text           C:\Windows\System32\hkcmd.exe[2684] kernel32.dll!GetBinaryTypeW + 70                                 76996AAC 1 Byte  [62]
    .text           C:\Windows\System32\igfxpers.exe[2700] kernel32.dll!GetBinaryTypeW + 70                              76996AAC 1 Byte  [62]
    .text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[2716] kernel32.dll!GetBinaryTypeW + 70             76996AAC 1 Byte  [62]
    .text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2724] kernel32.dll!GetBinaryTypeW + 70  76996AAC 1 Byte  [62]
    .text           ...                                                                                                  
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] ntdll.dll!LdrUnloadDll                         7758C8DE 5 Bytes  JMP 001E03FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] ntdll.dll!LdrLoadDll                           775922AE 5 Bytes  JMP 001E01F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] KERNEL32.dll!GetBinaryTypeW + 70               76996AAC 1 Byte  [62]
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!UnhookWindowsHookEx                 76F6ADF9 5 Bytes  JMP 00200A08 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!UnhookWinEvent                      76F6B750 5 Bytes  JMP 002003FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!SetWindowsHookExW                   76F6E30C 5 Bytes  JMP 00200804 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!SetWinEventHook                     76F724DC 5 Bytes  JMP 002001F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!DrawTextExW                         76F75894 6 Bytes  PUSH 027ECEEC; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!DrawTextW                           76F75B6A 6 Bytes  PUSH 036F0384; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!MessageBeep                         76F92939 6 Bytes  PUSH 0281A1AC; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] user32.DLL!SetWindowsHookExA                   76F96D0C 5 Bytes  JMP 00200600 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] shell32.DLL!RealDriveType + 173D               7595FD70 4 Bytes  [F5, CA, A4, 6B] {CMC ; RETF 0x6ba4}
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] shell32.DLL!RealDriveType + 1745               7595FD78 8 Bytes  [64, 4F, A3, 6B, 60, CB, A4, ...]
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] WININET.dll!HttpOpenRequestW                   7737C78A 6 Bytes  PUSH 0281372C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] WININET.dll!HttpOpenRequestA                   77478629 6 Bytes  PUSH 027EDA3C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] ws2_32.dll!WSASend                             76794406 6 Bytes  PUSH 027EA00C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[4996] ws2_32.dll!send                                76796F01 6 Bytes  PUSH 027E94BC; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] ntdll.dll!LdrUnloadDll                         7758C8DE 5 Bytes  JMP 000E03FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] ntdll.dll!LdrLoadDll                           775922AE 5 Bytes  JMP 000E01F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] KERNEL32.dll!GetBinaryTypeW + 70               76996AAC 1 Byte  [62]
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] user32.DLL!UnhookWindowsHookEx                 76F6ADF9 5 Bytes  JMP 00100A08 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] user32.DLL!UnhookWinEvent                      76F6B750 5 Bytes  JMP 001003FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] user32.DLL!SetWindowsHookExW                   76F6E30C 5 Bytes  JMP 00100804 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] user32.DLL!SetWinEventHook                     76F724DC 5 Bytes  JMP 001001F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] user32.DLL!DrawTextW                           76F75B6A 6 Bytes  PUSH 024D95D4; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5568] user32.DLL!SetWindowsHookExA                   76F96D0C 5 Bytes  JMP 00100600 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] ntdll.dll!LdrUnloadDll                         7758C8DE 5 Bytes  JMP 001E03FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] ntdll.dll!LdrLoadDll                           775922AE 5 Bytes  JMP 001E01F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] KERNEL32.dll!GetBinaryTypeW + 70               76996AAC 1 Byte  [62]
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!UnhookWindowsHookEx                 76F6ADF9 5 Bytes  JMP 00200A08 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!UnhookWinEvent                      76F6B750 5 Bytes  JMP 002003FC 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!SetWindowsHookExW                   76F6E30C 5 Bytes  JMP 00200804 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!SetWinEventHook                     76F724DC 5 Bytes  JMP 002001F8 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!DrawTextExW                         76F75894 6 Bytes  PUSH 0238E09C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!DrawTextW                           76F75B6A 6 Bytes  PUSH 0238FE2C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!MessageBeep                         76F92939 6 Bytes  PUSH 0239968C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] user32.DLL!SetWindowsHookExA                   76F96D0C 5 Bytes  JMP 00200600 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] shell32.DLL!RealDriveType + 173D               7595FD70 4 Bytes  [F5, CA, A4, 6B] {CMC ; RETF 0x6ba4}
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] shell32.DLL!RealDriveType + 1745               7595FD78 8 Bytes  [64, 4F, A3, 6B, 60, CB, A4, ...]
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] WININET.dll!HttpOpenRequestW                   7737C78A 6 Bytes  PUSH 02392C0C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] WININET.dll!HttpOpenRequestA                   77478629 6 Bytes  PUSH 0238EBEC; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] ws2_32.dll!WSASend                             76794406 6 Bytes  PUSH 0238A00C; RET 
    .text           C:\Program Files\Internet Explorer\iexplore.exe[5692] ws2_32.dll!send                                76796F01 6 Bytes  PUSH 023894BC; RET 
     
    ---- Devices - GMER 2.1 ----
     
    AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys
    AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys
    AttachedDevice  \Driver\tdx \Device\Tcp                                                                              aswTdi.SYS
    AttachedDevice  \Driver\tdx \Device\Udp                                                                              aswTdi.SYS
     
    ---- EOF - GMER 2.1 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    1)

     

    Baixe o AdwCleaner e salve no desktop.
    https://toolslib.net/downloads/finish/1/

    Execute o arquivo adwcleaner.exe

    *** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

    Clique no botão Examinar e aguarde o exame finalizar.

    Clique no botão Limpar.

    Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

    NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

    2)

     

    Leia as instruções contidas neste link:
     
     

    ##### "Como usar o ComboFix" #####


     
    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    • Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:
    • Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    • Duplo clique no icone desktopicon.png que está no desktop.
    • Leia e aceite as condições, digitando 1 e enter.
    • Computadores com Windows XP deverão instalar o Console de Recuperação:
    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
    • O ComboFix será executado, por favor seja paciente e aguarde.
    • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
    • Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

    • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua próxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a tópicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • # AdwCleaner v3.308 - Relatório criado 25/08/2014 às 11:25:39

    # Atualizado 20/08/2014 por Xplode

    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)

    # Usuário : Gabriel - GABRIEL-PC

    # Executando de : C:\Users\Gabriel\Desktop\adwcleaner_3.308.exe

    # Opção : Limpar

     

    ***** [ Serviços ] *****

     

     

    ***** [ Arquivos / Pastas ] *****

     

    Pasta Deletada : C:\ProgramData\apn

    Pasta Deletada : C:\ProgramData\Ask

    Pasta Deletada : C:\ProgramData\baidu

    Pasta Deletada : C:\Users\Gabriel\AppData\Local\genienext

    Pasta Deletada : C:\Users\Gabriel\AppData\Local\Mobogenie

    Pasta Deletada : C:\Users\Gabriel\AppData\Local\Temp\apn

    Pasta Deletada : C:\Users\Gabriel\AppData\Roaming\baidu

    Pasta Deletada : C:\Users\Gabriel\AppData\Roaming\Funmoods

    Pasta Deletada : C:\Users\Gabriel\AppData\Roaming\newnext.me

    Pasta Deletada : C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

    Pasta Deletada : C:\Users\Gabriel\Documents\Mobogenie

    Arquivo Deletada : C:\Users\Gabriel\daemonprocess.txt

    Arquivo Deletada : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

    Arquivo Deletada : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

     

    ***** [ Tarefas ] *****

     

    Tarefa Deletedo : Funmoods

     

    ***** [ Atalhos ] *****

     

     

    ***** [ Registro ] *****

     

    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

    Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

    Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

    Chave Deletedo : HKLM\SOFTWARE\yuna software

    Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

     

    ***** [ Navegadores ] *****

     

    -\\ Internet Explorer v11.0.9600.17239

     

     

    -\\ Mozilla Firefox v29.0.1 (pt-BR)

     

    [ Arquivo : C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ei8twsxg.default\prefs.js ]

     

     

    -\\ Google Chrome v36.0.1985.143

     

    [ Arquivo : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

     

    Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

    Deletedo [search Provider] : hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=radiofm&cd=2XzuyEtN2Y1L1Qzu0EtDzytCyDtAyByDyCyE0C0ByC0E0C0EtN0D0Tzu0CyByEtCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1C1T1Q1L1F1O1H&cr=602713502&ir=

    Deletedo [search Provider] : hxxp://www.correios.com.br/para-voce/@@search?SearchableText={searchTerms}

    Deletedo [search Provider] : hxxp://www.gamevicio.com/i/pesquisa/index.html?crawler=gvboot&q={searchTerms}&sa=Pesquisar

    Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj

     

    *************************

     

    AdwCleaner[R0].txt - [3444 octets] - [25/08/2014 11:21:55]

    AdwCleaner[s0].txt - [3304 octets] - [25/08/2014 11:25:39]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3364 octets] ##########

     

     

     

     

     


    ComboFix 14-08-24.01 - Gabriel 25/08/2014  11:43:48.1.2 - x86

    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1901.999 [GMT -3:00]

    Executando de: c:\users\Gabriel\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

     * Criado um novo ponto de restauração

    .

    .

    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\Microsoft\Crypto\RSA64\rsa64.dll

    c:\programdata\Microsoft\Crypto\RSA64\temp\tmp68B6.exe

    c:\programdata\Microsoft\Crypto\RSA64\temp\tmpD580.exe

    .

    .

    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-07-25 to 2014-08-25  ))))))))))))))))))))))))))))

    .

    .

    2014-08-25 15:00 . 2014-08-25 15:06 -------- d-----w- c:\users\Gabriel\AppData\Local\temp

    2014-08-25 15:00 . 2014-08-25 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp

    2014-08-25 14:23 . 2010-08-30 11:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

    2014-08-25 14:21 . 2014-08-25 14:26 -------- d-----w- C:\AdwCleaner

    2014-08-22 13:21 . 2014-08-25 14:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9EE3573-C3A1-4978-BF2C-F6902C96B68B}\offreg.dll

    2014-08-22 11:38 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9EE3573-C3A1-4978-BF2C-F6902C96B68B}\mpengine.dll

    2014-08-22 00:09 . 2014-08-22 00:09 -------- d-----w- c:\program files\Common Files\Skype

    2014-08-18 19:18 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll

    2014-08-18 19:18 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll

    2014-08-18 19:17 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe

    2014-08-18 19:17 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe

    2014-08-14 14:19 . 2014-07-16 01:47 2352640 ----a-w- c:\windows\system32\win32k.sys

    2014-08-14 14:19 . 2014-07-16 02:47 305152 ----a-w- c:\windows\system32\gdi32.dll

    2014-08-14 14:19 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll

    2014-08-14 14:18 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll

    2014-08-14 14:18 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll

    2014-08-14 14:18 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe

    2014-08-14 14:18 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll

    2014-08-14 14:17 . 2014-08-07 01:43 412160 ----a-w- c:\windows\system32\aepdu.dll

    2014-08-14 14:17 . 2014-08-07 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll

    2014-08-14 14:11 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL

    2014-08-14 14:11 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL

    2014-08-12 19:19 . 2014-08-25 12:36 -------- d-----w- c:\users\Gabriel\8º Período

    2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll

    2014-08-03 23:25 . 2014-08-03 23:25 23552 ----a-w- c:\windows\system32\drivers\SET8BE9.tmp

    2014-08-03 16:13 . 2014-08-03 16:13 23552 ----a-w- c:\windows\system32\drivers\SET6B21.tmp

    2014-08-03 16:01 . 2014-08-03 16:01 23552 ----a-w- c:\windows\system32\drivers\SETB05A.tmp

    2014-08-01 00:29 . 2014-08-03 14:03 -------- d-----w- c:\users\Gabriel\Nova pasta

    2014-07-31 12:26 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll

    2014-07-31 12:26 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe

    2014-07-31 12:26 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll

    2014-07-31 12:26 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll

    2014-07-31 12:26 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll

    2014-07-31 12:26 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll

    2014-07-31 12:26 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll

    2014-07-31 12:25 . 2014-05-14 12:23 179656 ----a-w- c:\windows\system32\wuwebv.dll

    2014-07-31 12:25 . 2014-05-14 12:17 33792 ----a-w- c:\windows\system32\wuapp.exe

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-08-05 12:20 . 2013-04-11 19:11 231584 ------w- c:\windows\system32\MpSigStub.exe

    2014-06-18 01:51 . 2014-07-10 14:26 646144 ----a-w- c:\windows\system32\osk.exe

    2014-06-16 18:16 . 2014-06-16 18:16 23552 ----a-w- c:\windows\system32\drivers\SET3EB6.tmp

    2014-06-16 18:11 . 2014-06-16 18:11 23552 ----a-w- c:\windows\system32\drivers\SET98D7.tmp

    2014-06-16 18:06 . 2014-06-16 18:06 23552 ----a-w- c:\windows\system32\drivers\SETEA11.tmp

    2014-06-06 09:44 . 2014-07-10 14:25 509440 ----a-w- c:\windows\system32\qedit.dll

    2014-06-05 14:26 . 2014-07-10 14:24 1059840 ----a-w- c:\windows\system32\lsasrv.dll

    2014-05-30 07:52 . 2014-07-10 14:25 172032 ----a-w- c:\windows\system32\wdigest.dll

    2014-05-30 07:52 . 2014-07-10 14:25 65536 ----a-w- c:\windows\system32\TSpkg.dll

    2014-05-30 07:52 . 2014-07-10 14:25 247808 ----a-w- c:\windows\system32\schannel.dll

    2014-05-30 07:52 . 2014-07-10 14:25 220160 ----a-w- c:\windows\system32\ncrypt.dll

    2014-05-30 07:52 . 2014-07-10 14:25 259584 ----a-w- c:\windows\system32\msv1_0.dll

    2014-05-30 07:52 . 2014-07-10 14:25 550912 ----a-w- c:\windows\system32\kerberos.dll

    2014-05-30 07:52 . 2014-07-10 14:25 17408 ----a-w- c:\windows\system32\credssp.dll

    2014-05-30 06:36 . 2014-07-10 14:25 338944 ----a-w- c:\windows\system32\drivers\afd.sys

    .

    .

    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

    "uTorrent"="c:\users\Gabriel\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-09 1322832]

    "Epnvtion"="c:\users\Gabriel\AppData\Local\Epnvtion\aclEventtrace.dll" [2014-08-24 94208]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-30 144152]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-30 179992]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-30 188184]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]

    "EaseUS EPM tray"="c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-10-18 12013272]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2013-3-8 370176]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    R0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [x]

    R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys [x]

    R1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys [x]

    R1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys [x]

    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]

    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-03-07 14920]

    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-03-07 9160]

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-10-06 1057896]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-12 1343400]

    S0 aswRvrt;aswRvrt; [x]

    S0 aswVmm;aswVmm; [x]

    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-22 541680]

    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-22 26608]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-29 242240]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-09-12 279040]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

    S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys [2013-05-02 1334856]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2014-08-14 19:40 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2014-05-17 c:\windows\Tasks\DriverEasy Scheduled Scan.job

    - c:\program files\Easeware\DriverEasy\DriverEasy.exe [2014-03-18 02:33]

    .

    2014-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1551526520-1221537977-107792092-1000Core.job

    - c:\users\Gabriel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-15 22:48]

    .

    2014-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1551526520-1221537977-107792092-1000UA.job

    - c:\users\Gabriel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-15 22:48]

    .

    2014-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-11 17:05]

    .

    2014-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-11 17:05]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 10.1.1.1 200.175.5.139 200.175.89.139

    FF - ProfilePath - c:\users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ei8twsxg.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.ev.org.br/Paginas/Home.aspx

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2014-08-25  12:10:10

    ComboFix-quarantined-files.txt  2014-08-25 15:10

    .

    Pré-execução: 90.216.923.136 bytes disponíveis

    Pós execução: 93.820.526.592 bytes disponíveis

    .

    - - End Of File - - E465952D446F2773248F0229FB71AA29

    A36C5E4F47E84449FF07ED3517B43A31

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Julio Grabriel,

     

    Você tem conhecimento do Baidu Security instalado no seu PC?

     

    Embora esse antivírus não seja um produto falso, não é recomendável mantê-lo no sistema porque ele está associado à adwares que é instalado sem o conhecimento e/ou consentimento do usuário e modifica algumas configurações dos navegadores, tais como página inicial e motores de busca.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Ok,
     
    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
     
    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
     

    ClearJavaCache::File::c:\windows\system32\drivers\Bhbase.sysc:\windows\System32\drivers\BprotectEx.sysc:\windows\System32\drivers\BHipsEx.sysC:\Windows\System32\drivers\Bfilter.sysC:\Windows\System32\drivers\Bfmon.sysDriver::BHipsExBhbaseBNBASEBavR3baseBdApiUtilpysrwBfilterBfmonBnbasePCFApiUtilBndefBprotectBprotectExProteqBdCameraProtectRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify"=0"AntiVirusOverride"=0"FirewallDisableNotify"=0"FirewallOverride"=0"UpdatesDisableNotify"=0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusDisableNotify"=0"FirewallDisableNotify"=0"FirewallOverride"=0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]"DisableCMD"=-"DisableRegistryTools"=-"DisableTaskMgr"=-"NoDispCPL"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]"SystemRestoreDisableSR"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]"DontReportInfectionInformation"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]"DisableConfig"=0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]"Start"=dword:00000002[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"ParseAutoexec"="1"[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"ParseAutoexec"="1"[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"HideFileExt"=0[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"MigrateProxy"=dword:00000000"ProxyEnable"=dword:00000000[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoControlPanel"=-"NofolderOptions"=-"NoWindowsUpdate"=-[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"ParseAutoexec"="1"[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]"HomePage"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=-


    ADS::

    • Salve este arquivo como: CFScript.txt
    • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Anexe esse arquivo C:\ComboFix.txt.

    2872959479_997d4500c4_o.gif

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 14-08-24.01 - Gabriel 25/08/2014  12:42:15.2.2 - x86

    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1901.1026 [GMT -3:00]

    Executando de: c:\users\Gabriel\Desktop\ComboFix.exe

    Comandos utilizados :: c:\users\Gabriel\Desktop\CFScript.txt

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

     * Criado um novo ponto de restauração

    .

    FILE ::

    "c:\windows\System32\drivers\Bfilter.sys"

    "c:\windows\System32\drivers\Bfmon.sys"

    "c:\windows\system32\drivers\Bhbase.sys"

    "c:\windows\System32\drivers\BHipsEx.sys"

    "c:\windows\System32\drivers\BprotectEx.sys"

    .

    .

    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_BAVR3BASE

    -------\Legacy_BDAPIUTIL

    -------\Legacy_BDCAMERAPROTECT

    -------\Legacy_BFILTER

    -------\Legacy_BFMON

    -------\Legacy_BHBASE

    -------\Legacy_BPROTECT

    -------\Service_Bfilter

    -------\Service_Bfmon

    -------\Service_Bhbase

    -------\Service_Bprotect

    .

    .

    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-07-25 to 2014-08-25  ))))))))))))))))))))))))))))

    .

    .

    2014-08-25 15:56 . 2014-08-25 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp

    2014-08-25 15:10 . 2014-08-25 15:58 -------- d-----w- c:\users\Gabriel\AppData\Local\temp

    2014-08-25 14:23 . 2010-08-30 11:34 536576 ----a-w- c:\windows\system32\sqlite3.dll

    2014-08-25 14:21 . 2014-08-25 14:26 -------- d-----w- C:\AdwCleaner

    2014-08-22 13:21 . 2014-08-25 14:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9EE3573-C3A1-4978-BF2C-F6902C96B68B}\offreg.dll

    2014-08-22 11:38 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9EE3573-C3A1-4978-BF2C-F6902C96B68B}\mpengine.dll

    2014-08-22 00:09 . 2014-08-22 00:09 -------- d-----w- c:\program files\Common Files\Skype

    2014-08-18 19:18 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll

    2014-08-18 19:18 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll

    2014-08-18 19:17 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe

    2014-08-18 19:17 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe

    2014-08-14 14:19 . 2014-07-16 01:47 2352640 ----a-w- c:\windows\system32\win32k.sys

    2014-08-14 14:19 . 2014-07-16 02:47 305152 ----a-w- c:\windows\system32\gdi32.dll

    2014-08-14 14:19 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll

    2014-08-14 14:18 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll

    2014-08-14 14:18 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll

    2014-08-14 14:18 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe

    2014-08-14 14:18 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll

    2014-08-14 14:17 . 2014-08-07 01:43 412160 ----a-w- c:\windows\system32\aepdu.dll

    2014-08-14 14:17 . 2014-08-07 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll

    2014-08-14 14:11 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL

    2014-08-14 14:11 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL

    2014-08-12 19:19 . 2014-08-25 12:36 -------- d-----w- c:\users\Gabriel\8º Período

    2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll

    2014-08-03 23:25 . 2014-08-03 23:25 23552 ----a-w- c:\windows\system32\drivers\SET8BE9.tmp

    2014-08-03 16:13 . 2014-08-03 16:13 23552 ----a-w- c:\windows\system32\drivers\SET6B21.tmp

    2014-08-03 16:01 . 2014-08-03 16:01 23552 ----a-w- c:\windows\system32\drivers\SETB05A.tmp

    2014-08-01 00:29 . 2014-08-03 14:03 -------- d-----w- c:\users\Gabriel\Nova pasta

    2014-07-31 12:26 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll

    2014-07-31 12:26 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe

    2014-07-31 12:26 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll

    2014-07-31 12:26 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll

    2014-07-31 12:26 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll

    2014-07-31 12:26 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll

    2014-07-31 12:26 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll

    2014-07-31 12:25 . 2014-05-14 12:23 179656 ----a-w- c:\windows\system32\wuwebv.dll

    2014-07-31 12:25 . 2014-05-14 12:17 33792 ----a-w- c:\windows\system32\wuapp.exe

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-08-05 12:20 . 2013-04-11 19:11 231584 ------w- c:\windows\system32\MpSigStub.exe

    2014-06-18 01:51 . 2014-07-10 14:26 646144 ----a-w- c:\windows\system32\osk.exe

    2014-06-16 18:16 . 2014-06-16 18:16 23552 ----a-w- c:\windows\system32\drivers\SET3EB6.tmp

    2014-06-16 18:11 . 2014-06-16 18:11 23552 ----a-w- c:\windows\system32\drivers\SET98D7.tmp

    2014-06-16 18:06 . 2014-06-16 18:06 23552 ----a-w- c:\windows\system32\drivers\SETEA11.tmp

    2014-06-06 09:44 . 2014-07-10 14:25 509440 ----a-w- c:\windows\system32\qedit.dll

    2014-06-05 14:26 . 2014-07-10 14:24 1059840 ----a-w- c:\windows\system32\lsasrv.dll

    2014-05-30 07:52 . 2014-07-10 14:25 172032 ----a-w- c:\windows\system32\wdigest.dll

    2014-05-30 07:52 . 2014-07-10 14:25 65536 ----a-w- c:\windows\system32\TSpkg.dll

    2014-05-30 07:52 . 2014-07-10 14:25 247808 ----a-w- c:\windows\system32\schannel.dll

    2014-05-30 07:52 . 2014-07-10 14:25 220160 ----a-w- c:\windows\system32\ncrypt.dll

    2014-05-30 07:52 . 2014-07-10 14:25 259584 ----a-w- c:\windows\system32\msv1_0.dll

    2014-05-30 07:52 . 2014-07-10 14:25 550912 ----a-w- c:\windows\system32\kerberos.dll

    2014-05-30 07:52 . 2014-07-10 14:25 17408 ----a-w- c:\windows\system32\credssp.dll

    2014-05-30 06:36 . 2014-07-10 14:25 338944 ----a-w- c:\windows\system32\drivers\afd.sys

    .

    .

    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2014-08-08 13:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

    "uTorrent"="c:\users\Gabriel\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-09 1322832]

    "Epnvtion"="c:\users\Gabriel\AppData\Local\Epnvtion\aclEventtrace.dll" [2014-08-24 94208]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-30 144152]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-30 179992]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-30 188184]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]

    "EaseUS EPM tray"="c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-10-18 12013272]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2013-3-8 370176]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]

    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-03-07 14920]

    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-03-07 9160]

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-10-06 1057896]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-12 1343400]

    S0 aswRvrt;aswRvrt; [x]

    S0 aswVmm;aswVmm; [x]

    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-22 541680]

    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-22 26608]

    S1 aswSnx;aswSnx; [x]

    S1 aswSP;aswSP; [x]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-29 242240]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-09-12 279040]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

    S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys [2013-05-02 1334856]

    .

    .

    --- =Outros Serviços/Drivers Na Memória ---

    .

    *NewlyCreated* - WS2IFSL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2014-08-14 19:40 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2014-05-17 c:\windows\Tasks\DriverEasy Scheduled Scan.job

    - c:\program files\Easeware\DriverEasy\DriverEasy.exe [2014-03-18 02:33]

    .

    2014-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1551526520-1221537977-107792092-1000Core.job

    - c:\users\Gabriel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-15 22:48]

    .

    2014-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1551526520-1221537977-107792092-1000UA.job

    - c:\users\Gabriel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-15 22:48]

    .

    2014-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-11 17:05]

    .

    2014-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-11 17:05]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 10.1.1.1 200.175.5.139 200.175.89.139

    FF - ProfilePath - c:\users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ei8twsxg.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.ev.org.br/Paginas/Home.aspx

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files\AVAST Software\Avast\AvastSvc.exe

    c:\windows\system32\WLANExt.exe

    c:\windows\system32\conhost.exe

    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\windows\system32\IoctlSvc.exe

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\windows\system32\taskhost.exe

    c:\windows\System32\WUDFHost.exe

    c:\windows\system32\conhost.exe

    c:\windows\system32\sppsvc.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2014-08-25  13:03:15 - Máquina reiniciou

    ComboFix-quarantined-files.txt  2014-08-25 16:03

    ComboFix2.txt  2014-08-25 15:10

    .

    Pré-execução: 93.904.773.120 bytes disponíveis

    Pós execução: 93.889.560.576 bytes disponíveis

    .

    - - End Of File - - EC5A44D76D5D28C64180028BE98A3925

    A36C5E4F47E84449FF07ED3517B43A31

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Ok,

     

    1)

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

    * No Windows Vista e Windows 7:

    Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

    A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

    Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

    Anexe o log na sua próxima resposta.

    2)

     

    Baixe o Malwarebytes' Anti-Malware (MBAM)
    http://malwarebytes....am-download.php

    Dê um duplo-clique no mbam-setup.exe, para a instalação.

    • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
    • Verifique se as caixas Atualizar Malwarebytes Anti-Malware (se houver) e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
    • Se houver atualizações a serem feitas, serão baixadas e instaladas.
    • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
    • Ainda na tela de Configurações, clique em Detecção e proteção, marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados):, selecione Tratar detecções como malware.
    • Clique em Verificar em seguida Verificar ameaça por fim clique em Verificar agora.
    • Começará então o exame. Aguarde, pois pode demorar.
    • Ao acabar o exame, se houver ítens encontrados, clique no botão Mover todos para a Quarentena..
    • Clique em Aplicar ações.
    • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
    • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa. Utilize o formato .txt para exportar o log.
    • Anexe o log na sua próxima resposta..

    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.1.4 (04.06.2014:1)

    OS: Windows 7 Ultimate x86

    Ran by Gabriel on 26/08/2014 at 18:44:35,42

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    ~~~ Services

     

     

     

    ~~~ Registry Values

     

     

     

    ~~~ Registry Keys

     

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu

     

     

     

    ~~~ Files

     

     

     

    ~~~ Folders

     

    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{0486AD91-344B-4056-8ABA-2E9F15010BF2}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{08C3E635-83CE-4AA3-9766-7693B0A7FE78}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{091D01D4-E72C-4345-B859-CF99F88B8442}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{09B7A0B3-CD84-4C40-969A-4C8238AA7DBE}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{0CFD2FDF-FC93-4C4D-94DE-82F08503F31D}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{10EBE2B4-314B-4C2F-8CE2-5FCAE0C79DF3}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{182435C5-B4F3-459A-9377-C7989BDB035D}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{19363068-B191-467E-83EE-F48A33E2F124}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{1CF983A0-0284-4A18-80AC-85B6CF881386}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{2048EA9B-AA1A-4CBA-AC5C-C69802134798}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{2B9295A0-761E-48F1-B2D2-555F7B34C219}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{31B60DB0-9F22-47B4-A6AE-DE92B05DE572}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{3475CA1A-64EA-407A-A3E1-056EDBB03DA6}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{36B74848-FFF0-4120-83C1-507A2C3E4CD1}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{38D6F689-11AD-4B28-8C32-FDD488148DE4}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{391174B3-C6FB-4EFB-851E-DE9811211B37}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{39157BD8-CDCA-4ED7-BD07-C3ADBC09DC0D}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{3A1CC036-3C8F-430A-ABC9-DC826B5E42BB}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{3AD78736-F072-4AF7-B1D8-662702574CA7}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{430B879D-C78F-4FCF-B388-E8A49F4D241A}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{488C0340-A5FF-4223-8676-3C6CE1AD73E0}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{4992A3D2-0991-4550-9759-48E202BE1323}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{4DF645A8-7989-4221-B3A8-6D7B2090EDA0}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{4ECF27A6-59EF-4239-8172-9E0CE568A5F8}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{509E0BA1-2105-46D4-837A-927A7A0A29D9}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{5407D222-9B54-474E-9D1F-3B735914E2A0}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{55B0E5D0-42BA-4E20-BCA3-6EECE873E865}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{59CC6849-7D1B-46AA-ACCF-8D7C467C86AC}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{5B0DDDA9-9837-4D3D-9CB1-61B3255E8461}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{5DCA7EEF-0044-4EE2-AE62-9F4363C9B2A5}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{62772149-79FB-45DF-9074-CFEC41A74FF8}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{62BDB3AD-9FCC-4305-900F-3535D5155351}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{6337AD2E-E92D-4B16-A2E8-33773012D375}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{656E3E04-E448-4EDC-8C11-C933C9E4FED2}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{6655C02E-D49E-43F9-A14C-18BEAF8FC93C}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{6CCD91BD-7FB6-4AE6-AB47-87C8F1FC8BE1}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{728D5F4A-2C91-4972-959A-1372337FFF90}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{7710764F-2EC9-4883-A849-D111B73892FD}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{81D0BA7B-DE46-44E5-800D-5404C5580701}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{82054F2D-DD70-4C61-99D9-33A37AA5D848}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{82C124A3-DA44-407A-A2A9-1EB47C21A85E}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{855097A3-FC73-432D-A9D5-C9E5DEC16E2D}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{89029A4A-2A9C-4377-9AA8-2060E2C06DE1}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{89C9FED1-D375-42ED-AB4C-DB56C32C4E8F}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{8ECDCABD-1AA7-41FC-8BD8-0604632CB6D8}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{90A25D6B-31B6-4CE7-9218-AD4D1A662D12}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{94266B33-9135-4641-A8DC-562E083A56BF}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{950402E2-205B-4BA7-92FF-865A0983EB62}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{9614DAA8-98EB-48F5-8DDA-FEA666CDCD1D}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{9823D1AC-06FD-4E99-8F31-C0D1A1591593}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{997869E2-8400-47F4-A40E-AA56B9C11322}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{9CACCF96-C6D5-4612-B437-45E460A1810D}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{A873F250-7298-4032-862A-949D8749FEF8}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{ADE39A32-26E5-498D-9B9B-D1955D3BE1AF}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{AF5CD73A-772D-446C-BD6A-B2EA8B806C0F}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{B0BE5C8A-2496-4487-8513-7A41BC9A2C4D}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{B4063C91-398D-4AAB-ABEA-18323B8B1A13}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{B802552F-7D0C-402E-930F-5F3DB08F0989}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{BE6FBD70-04DD-4CA9-B10F-874A5D0EE996}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{BEBDE0F9-2571-4591-B7DA-DDF849CD6DEE}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{CC186F7D-5D4E-4C10-9DF0-4F94188B8265}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{CC516B57-21C7-4911-91AE-C445877A68D8}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{CCCEBFAF-CF57-4818-B113-F0758F3181DB}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{CF5EDAB6-C18C-4B28-BE81-F4C375338F72}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{D690A97D-95B8-45AC-B19E-3C0F796ACD94}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{D6A28282-EBA6-41C0-8370-9BB1C4399C39}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{D8F5500F-7BC4-4687-AB48-962E0253C180}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{DBEE184F-B99B-487B-BD53-4B40A31B05EF}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{E1A73679-80B2-4214-9120-96CA3062352F}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{E3C16A86-FD45-4AE3-9817-C41841890EDC}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{E541BBC5-52FA-49B3-A969-579E31C6940C}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{E83CFD79-E5DE-41ED-BD70-CD769F7DEBB6}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{EBEA3972-1543-4CEF-AD97-931283F5C62A}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{F5065E03-258E-4562-BCF9-DA8452590CF3}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{FA8AC77D-CC8B-4D57-AAF8-DF062A974946}

    Successfully deleted: [Empty Folder] C:\Users\Gabriel\appdata\local\{FFECCC7B-FB79-4CFA-A257-867EBDD1E50B}

     

     

     

    ~~~ FireFox

     

    Emptied folder: C:\Users\Gabriel\AppData\Roaming\mozilla\firefox\profiles\ei8twsxg.default\minidumps [23 files]

     

     

     

    ~~~ Event Viewer Logs were cleared

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 26/08/2014 at 18:48:28,02

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     


    Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Data de Verificação: 26/08/2014

    Hora da Verificação: 19:14:23

    Logfile: mbam.txt

    Administrador: Sim

     

    Versão: 2.00.2.1012

    Malware Database: v2014.08.26.09

    Rootkit Database: v2014.08.21.01

    Licença: Trial

    Proteção de Malware: Enabled

    Proteção de Site Malicioso: Enabled

    Self-protection: Desabilitado

     

    OS: Windows 7 Service Pack 1

    CPU: x86

    Sistema de Arquivo: NTFS

    Usuário: Gabriel

     

    Tipo da Verificação: Verificar Ameaça

    Resultado: Completado

    Arquivos Verificados: 291516

    Tempo Decorrido: 16 min, 32 seg

     

    Memória: Enabled

    Inicialização: Enabled

    Filesystem: Enabled

    Arquivos: Enabled

    Rootkits: Enabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

     

    Processos: 0

    (No malicious items detected)

     

    Módulos: 0

    (No malicious items detected)

     

    Chaves de Registro: 0

    (No malicious items detected)

     

    Valores de Registro: 0

    (No malicious items detected)

     

    Dados do Registro: 0

    (No malicious items detected)

     

    Pastas: 0

    (No malicious items detected)

     

    Arquivos: 2

    Trojan.FakeMS.ED, C:\Users\Gabriel\AppData\Roaming\Adobe\acupx217.dll, Quarantined, [c0d95b6e81fab87e705cd19a22df6898], 

    PUP.Optional.OpenCandy, C:\Users\Gabriel\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe, Quarantined, [a1f8b217f78448eec37f0ef8f70ede22], 

     

    Physical Sectors: 0

    (No malicious items detected)

     

     

    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Desative temporiariamente seu AntiVirus

    • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
    • Clique neste botão: j9Byf.png?1
    • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
      • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
      • Duplo clique no ícone em seu desktop.
    • Marque "YES, I accept the Terms of Use."
    • Clique em Start.
    • Aceite qualquer aviso de segurança de seu browser.
    • Em scan settings, marque "Scan Archives" e "Remove found threats"
    • Clique em Advanced settings e marque o seguinte:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Clique Change e marque também a caixa Computador.
    • Clique em Start.
    • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
    • Quando o scan terminar, clique em List of found threats
    • Clique em Export to text file e salve o log na sua área de trabalho.
    • Clique em Back.
    • Clique em Finish.
    • Anexe o conteúdo do log.,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Desculpa pela demora amigo, olha utilizei ele 2 vezes pelo Internet explorer hoje e deu aquela tela azul da morte do windows e o pc reiniciou.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Desculpa pela demora amigo, olha utilizei ele 2 vezes pelo Internet explorer hoje e deu aquela tela azul da morte do windows e o pc reiniciou.

     

     

    Tente por outro navegador. A diferença que vai ter que baixar o plugin.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application

    C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application

    C:\Downloads\FileViewPro_2013.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp68B6.exe.vir Win32/Boaxxe.BE trojan

    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpD580.exe.vir Win32/CoinMiner.MJ trojan

    C:\Users\Gabriel\AppData\Local\Epnvtion\Roverutilxx16.dll a variant of Win32/Sefnit.DB trojan

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000002 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000003 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000004 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 Win32/Somoto.N potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000001 Win32/Somoto.G potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000002 Win32/Somoto.G potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000003 Win32/Somoto.G potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000 Win32/Somoto.G potentially unwanted application

    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000001 Win32/Somoto.G potentially unwanted application

    C:\Users\Gabriel\Contacts\Music\Downloads\aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

    C:\Users\Gabriel\Contacts\Music\Downloads\O Homem Que Mudou O Jogo (2011 Br 2012) Bd-rip Dual Udio.exe a variant of Win32/AdWare.Midia.E application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ATU4-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ATU4-V7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ATU4-V7[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ATU4-V7[4].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

    G:\WINDOWS7.iso Win32/HackTool.WinActivator.I potentially unsafe application

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o RogueKiller e salve no desktop.
    http://www.adlice.co...RogueKiller.exe

    Execute o arquivo RogueKiller.exe.

    *** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png. ou

    Clique no botão Verificar e aguarde o exame finalizar.

    Clique no botão Report. Abrirá um bloco de notas com informações.

    Este log é salvo no desktop com o nome de RKreport[1].txt.

    Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

    OBS: não use o botão Deletar pois precisamos avaliar os itens antes de fazer isso.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • RogueKiller V9.2.8.0 [Jul 11 2014] Por Adlice Software





     

    Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

    Iniciado em : Modo Normal

    Usuario : Gabriel [Privilegios de Admnistrador]

    Modo : Verificar -- Data : 08/31/2014  12:10:32

     

    ¤¤¤ Entradas ruins : 2 ¤¤¤

    [suspicious.Path] explorer.exe -- C:\Users\Gabriel\AppData\Local\Epnvtion\Roverutilxx16.dll[-] -> DESCARREGADO

    [suspicious.Path] rundll32.exe -- C:\Users\Gabriel\AppData\Local\Epnvtion\Roverutilxx16.dll[-] -> DESCARREGADO

     

    ¤¤¤ Entradas do Registro : 19 ¤¤¤

    [suspicious.Path] HKEY_USERS\S-1-5-21-1551526520-1221537977-107792092-1000\Software\Microsoft\Windows\CurrentVersion\Run | Epnvtion Update : regsvr32.exe C:\Users\Gabriel\AppData\Local\Epnvtion\Roverutilxx16.dll  -> ENCONTRADO

    [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> ENCONTRADO

    [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> ENCONTRADO

    [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> ENCONTRADO

    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{73D3F5B4-F943-4781-A40B-63FA4EA4E894} | DhcpNameServer : 10.1.1.1 200.175.5.139 200.175.89.139  -> ENCONTRADO

    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{73D3F5B4-F943-4781-A40B-63FA4EA4E894} | DhcpNameServer : 10.1.1.1 200.175.5.139 200.175.89.139  -> ENCONTRADO

    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{73D3F5B4-F943-4781-A40B-63FA4EA4E894} | DhcpNameServer : 10.1.1.1 200.175.5.139 200.175.89.139  -> ENCONTRADO

    [PUM.Policies] HKEY_USERS\S-1-5-21-1551526520-1221537977-107792092-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ENCONTRADO

    [PUM.Policies] HKEY_USERS\S-1-5-21-1551526520-1221537977-107792092-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> ENCONTRADO

    [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ENCONTRADO

    [PUM.StartMenu] HKEY_USERS\S-1-5-21-1551526520-1221537977-107792092-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> ENCONTRADO

    [PUM.StartMenu] HKEY_USERS\S-1-5-21-1551526520-1221537977-107792092-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> ENCONTRADO

    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> ENCONTRADO

    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> ENCONTRADO

    [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> ENCONTRADO

    [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> ENCONTRADO

    [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> ENCONTRADO

    [PUM.SearchPage] HKEY_USERS\S-1-5-21-1551526520-1221537977-107792092-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> ENCONTRADO

    [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> ENCONTRADO

     

    ¤¤¤ As tarefas agendadas : 0 ¤¤¤

     

    ¤¤¤ Arquivos : 0 ¤¤¤

     

    ¤¤¤ Arquivo de Hosts : 1 ¤¤¤

    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

     

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

     

    ¤¤¤ Os navegadores da Web : 1 ¤¤¤

    [PUM.HomePage][FIREFX:Config] ei8twsxg.default : user_pref("browser.startup.homepage", "http://www.ev.org.br/Paginas/Home.aspx"); -> ENCONTRADO

     

    ¤¤¤ Verificaçao do MBR : ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK7559GSXP ATA Device +++++

    --- User ---

    [MBR] 198e02b7e669e804a8bc4df5b7a5d1c9

    [bSP] f19600980176dbdfbb222bbc56490350 : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 431936 MB

    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 884812005 | Size: 283365 MB

    User = LL1 ... OK

    User = LL2 ... OK

     

    +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++

    Error reading User MBR! ([15] O dispositivo não está pronto. )

    Error reading LL1 MBR! NOT VALID!

    Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Ok,

     

    Rode novamente o RogueKiller.

     

    Clique no botão Verificar. Aguarde o exame finalizar.

     

    Clique no botão Deletar. Aguarde o processo finalizar.

     

    Clique no botão Report. Abrirá um bloco de notas com informações.

     

    Este log é salvo no desktop com o nome  de RKreport[2].txt.

     

    Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Cara, depois que comecei a usar o eset o note foi ficando mais lento, e agora quando tento fazer essa segunda verificação com o roguekiller como você recomendou o programa fica travando.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Está acontecendo a mesma coisa, no programa vai amostrando os arquivos que estão sendo verificados, quando sai da pasta C:\Windows\System32\Drivers, a verificação trava.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Ok,
     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
     

     

    Baixe 51a612a8b27e2-Zoek.pngzoek.exe (por Smeenk) e salve na sua área de trabalho.

    Execute o arquivo Zoek.exe

    *** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em execadmin.png.

    Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar.

    emptyclsid;msconfigcheck;shortcutfix;systemspecs;chrdefaults;ffdedaults;autoclean;

    Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar

    Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

    Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


    Clique [Run Script]

    Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

    Uma cópia também será salva no seu disco local com o nome zoek-results.txt

    Anexe o zoek-results.txt na sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Fiz no modo de segurança, tem bronca ?

     

     
    Zoek.exe v5.0.0.0 Updated 01-September-2014
    Tool run by Gabriel on 02/09/2014 at 19:38:56,24.
    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
    Running in: Safe Mode NETWORK Internet Access Detected
    Launched: C:\Users\Gabriel\Desktop\zoek.exe [scan all users] [script inserted] 
     
    ==== Older Logs ======================
     
    C:\zoek-results2014-09-02-213054.log 413 bytes
     
    ==== Deleting CLSID Registry Keys ======================
     
     
    ==== Deleting CLSID Registry Values ======================
     
     
    ==== Deleting Services ======================
     
     
    ==== Deleting Files \ Folders ======================
     
    C:\Users\Gabriel\.android deleted
    C:\Program Files\Common Files\DVDVideoSoft\bin deleted
    C:\PROGRA~2\FileSplitUpLoad.dll deleted
    C:\Users\Gabriel\AppData\Local\cache deleted
    C:\Windows\system32\config\systemprofile\Searches deleted
     
    ==== System Specs ======================
     
    Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)
    Memory (RAM): 1902 MB
    CPU Info: Intel® Pentium® CPU B950 @ 2.10GHz
    CPU Speed: 2138,2 MHz
    Sound Card: Not detected
    Display Adapters: | RDP Encoder Mirror Driver
    Monitors: 1x; 
    Screen Resolution: 800 X 600 - 32 bit
    Network: Network Present
    Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Realtek PCIe FE Family Controller
    CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8C0
    Ports: COM Ports NOT Present. LPT Port NOT Present. 
    Mouse: 5 Button Wheel Mouse Present
    Hard Disks: C:  421,8GB | G:  276,7GB
    Hard Disks - Free: C:  72,3GB | G:  20,8GB
    Manufacturer *: Phoenix Technologies Ltd.
    BIOS Info: AT/AT COMPATIBLE | 10/25/12 | CCEInf - 2
    Time Zone: Hora oficial do Brasil
    Motherboard *: Intel Corp. Emerald Lake 2
    Country: Brasil 
    Language: PTB 
     
    ==== System Specs (Software) ======================
     
    Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
    Anti-Spyware: avast! Antivirus disabled (Outdated)
    Anti-Spyware: Windows Defender disabled (Outdated)
    Internet Explorer Version: 11.0.9600.17239 
    Mozilla Firefox version: 29.0.1 (x86 pt-BR)
    Google Chrome version: 37.0.2062.103
    Adobe Reader version: 11.0.8.4
    Flash Player version: 13.0.0.206
     
    ==== Firefox Extensions Registry ======================
     
    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [30/05/2013 10:06]
     
    ==== Firefox Extensions ======================
     
    AppDir: C:\Program Files\Mozilla Firefox
    - Skype extension - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    ==== Firefox Plugins ======================
     
    Profilepath: C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\ei8twsxg.default
    3CD19649B2C3023D65E67C056457A2BC - C:\Users\Gabriel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
    FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
    893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
    005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
    421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
    9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
    C47920B4F36C19F97BD2EC19481387E5 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
    3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
    8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
     
     
    ==== Chrome Look ======================
     
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[19/05/2011 18:06]
     
    Skype Click to Call - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
     
    ==== Chromium Startpages ======================
     
    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
    "startup_urls": [ "https://www.google.com.br/" ],
     
     
    ==== Chrome Fix ======================
     
    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.idealshop.com.br_0.localstorage deleted successfully
    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.idealshop.com.br_0.localstorage-journal deleted successfully
     
    ==== Set IE to Default ======================
     
    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    No DefaultScope Set For HKCU
     
    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
     
    ==== All HKCU SearchScopes ======================
     
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
     
    ==== Reset Google Chrome ======================
     
    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
     
    ==== shortcuts on Users Desktops ======================
     
    C:\Users\Gabriel\Desktop\CD Recovery Toolbox Free.lnk - C:\Program Files\CD Recovery Toolbox Free\CDRecoveryToolboxFreeLauncher.exe 
    C:\Users\Gabriel\Desktop\CDisplayEx.lnk - C:\Program Files\CDisplayEx\cdisplayex.exe 
    C:\Users\Gabriel\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe 
    C:\Users\Gabriel\Desktop\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe 
    C:\Users\Gabriel\Desktop\JDownloader 2.lnk - C:\Users\Gabriel\AppData\Local\JDownloader v2.0\JDownloader2.exe 
    C:\Users\Gabriel\Desktop\Windows 7 USB DVD Download Tool.lnk - C:\Users\Gabriel\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe 
    C:\Users\Gabriel\Desktop\Yamb.lnk - C:\Users\Gabriel\AppData\Roaming\Yamb\Yamb.exe 
    C:\Users\Gabriel\Desktop\µTorrent.lnk -  
     
    ==== shortcuts on All Users Desktop ======================
     
    C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe 
    C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
    C:\Users\Public\Desktop\Avidemux 2.6 (32-bit).lnk - C:\Program Files\Avidemux 2.6\avidemux.exe 
    C:\Users\Public\Desktop\DriverEasy.lnk - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe 
    C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe 
    C:\Users\Public\Desktop\EaseUS Partition Master 9.2.2.lnk - C:\Program Files\EaseUS\EaseUS Partition Master 9.2.2\bin\EPMStartLoader.exe 
    C:\Users\Public\Desktop\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe 
    C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
    C:\Users\Public\Desktop\JOEY THE PASSION.lnk - C:\Program Files\KONAMI\Yu-Gi-Oh Power of Chaos JOEY THE PASSION\joey_pc.exe 
    C:\Users\Public\Desktop\KAIBA THE REVENGE.lnk - C:\Program Files\KONAMI\Yu-Gi-Oh Power of Chaos KAIBA THE REVENGE\kaiba_pc.exe 
    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 
    C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 
    C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
    C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files\PowerISO\PowerISO.exe 
    C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva.exe 
    C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe 
    C:\Users\Public\Desktop\YUGI THE DESTINY.lnk - C:\Program Files\KONAMI\Yu-Gi-Oh Power of Chaos YUGI THE DESTINY\yugi_pc.exe 
     
    ==== shortcuts in All Users Start Menu ======================
     
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files\Google\Drive\googledrivesync.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 
     
    ==== shortcuts in Quick Launch ======================
     
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CDisplayEx.lnk - C:\Program Files\CDisplayEx\cdisplayex.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EaseUS Partition Master 9.2.2.lnk - C:\Program Files\EaseUS\EaseUS Partition Master 9.2.2\bin\EPMStartLoader.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk - C:\Users\Gabriel\AppData\Local\JDownloader v2.0\JDownloader2.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
    C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -  
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
     
    ==== Empty IE Cache ======================
     
    C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
     
    ==== Empty FireFox Cache ======================
     
    C:\Users\Gabriel\AppData\Local\Mozilla\Firefox\Profiles\ei8twsxg.default\Cache emptied successfully
     
    ==== Empty Chrome Cache ======================
     
    C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
     
    ==== Empty All Flash Cache ======================
     
    Flash Cache Emptied Successfully
     
    ==== Empty All Java Cache ======================
     
    No Java Cache Found
     
    ==== C:\zoek_backup content ======================
     
    C:\zoek_backup (files=123 folders=24 13801629 bytes)
     
    ==== Empty Temp Folders ======================
     
    C:\Users\Default\AppData\Local\temp emptied successfully
    C:\Users\Default User\AppData\Local\temp emptied successfully
    C:\Users\Gabriel\AppData\Local\temp will be emptied at reboot
    C:\Users\Public\AppData\Local\temp emptied successfully
    C:\Users\USURIO~1\AppData\Local\temp emptied successfully
    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\Windows\Temp will be emptied at reboot
     
    ==== After Reboot ======================
     
    ==== Empty Temp Folders ======================
     
    C:\Windows\Temp successfully emptied
    C:\Users\Gabriel\AppData\Local\Temp successfully emptied
     
    ==== Empty Recycle Bin ======================
     
    C:\$RECYCLE.BIN successfully emptied
     
    ==== Deleting Files / Folders ======================
     
    "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
     
    ==== EOF on 02/09/2014 at 19:53:48,55 ======================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O problema inicial do tópico não existe. Agora depois de utilizar o eset ele passou a ficar lento, contudo ao utilizar o zoek deu uma melhorada, mas ainda continua um pouco.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×