Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
LizLanus

Note lento e com muitas janelas de propaganda abrindo

Recommended Posts

Bom dia!

Semana passada emprestei meu note para meu irmão, e agora ele anda muito esquisito.

Ele jura que não instalou nada, mas programas novos apareceram, e sempre que estou na internet fica abrindo um monte de janelas de propagandas e outros sites cada vez que clico em algum link. O bloqueador de pop-ups está ativo e ainda assim abre esse montão de janelas desagradáveis.

O note ficou mais lento para iniciar e na navegação. Acho que está com algum vírus ou malware.

Log do DDS:

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume1

Install Date: 30/04/2010 19:56:09

System Uptime: 03/09/2013 09:57:30 (1 hours ago)

.

Motherboard: | | W7410

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 52,833 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP424: 12/07/2013 18:46:57 - Windows Update

RP425: 15/07/2013 20:19:40 - Windows Update

RP426: 21/07/2013 20:51:22 - Windows Update

RP427: 24/07/2013 21:50:08 - Windows Update

RP428: 29/07/2013 17:32:31 - Windows Update

RP429: 03/08/2013 19:54:38 - Windows Update

RP430: 13/08/2013 22:45:58 - Windows Update

RP431: 24/08/2013 10:52:20 - Windows Update

RP432: 24/08/2013 13:20:45 - Windows Update

RP433: 02/09/2013 14:58:53 - Windows Update

RP435: 02/09/2013 16:01:07 - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4 - Português

ALPS Touch Pad Driver

AmIcoSingLun

Apple Mobile Device Support

Apple Software Update

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Free Antivirus

BitTorrent

Bonjour

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CyberLink DVD Suite

CyberLink Power2Go

CyberLink PowerDVD

D3DX10

DAEMON Tools Toolbar

DealPly

DVD Shrink 3.2

EA Download Manager UI

EasyCap

Funmoods on IE and Chrome

Gerenciador de Downloads da EA

Hotkey Utility

iCloud

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

IrfanView (remove only)

iTunes

K-Lite Mega Codec Pack 8.6.0

Legendas 2.30

Lollipop

Malwarebytes' Anti-Malware

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Motorola SM56 Data Fax Modem

Movier-media Toolbar

Movier 1.0.16

MSVCRT

Nero 7 Essentials

OGA Notifier 2.0.0048.0

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Portaldosties

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

REALTEK Wireless LAN Driver

RealUpgrade 1.1

RMVB Converter 1.8

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

Software Version Updater

Software WIDCOMM Bluetooth

Spelling Dictionaries Support For Adobe Reader 9

Suporte para Aplicativos Apple

System Requirements Lab

The Sims™ 3

Uniblue RegistryBooster

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

VoiceOver Kit

Windows Driver Package - First International Computer, Inc. (UPCDRV) System (07/06/2009 1.00.00)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

Yontoo 1.10.03

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16660

Run by Erika at 10:52:27 on 2013-09-03

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.2009.769 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\simplo\EasyCap\EasyMnt.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Erika\AppData\Local\Lollipop\Lollipop.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\windows\system32\conhost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\System32\MsSpellCheckingFacility.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.terra.com.br/portal/

uURLSearchHooks: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - <orphaned>

uURLSearchHooks: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - <orphaned>

mURLSearchHooks: Movier-media Toolbar: {ce10bf86-da68-441e-91fa-38336363e3cd} - c:\program files\movier-media\prxtbMov0.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files\funmoods\funmoods\1.5.19.3\bh\funmoods.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll

BHO: Movier-media Toolbar: {ce10bf86-da68-441e-91fa-38336363e3cd} - c:\program files\movier-media\prxtbMov0.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Movier-media Toolbar: {CE10BF86-DA68-441E-91FA-38336363E3CD} - c:\program files\movier-media\prxtbMov0.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Movier-media Toolbar: {ce10bf86-da68-441e-91fa-38336363e3cd} - c:\program files\movier-media\prxtbMov0.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files\funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [EasyMnt] c:\program files\simplo\easycap\EasyMnt.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: c:\users\erika\appdata\roaming\micros~1\windows\startm~1\programs\startup\lollipop.lnk - c:\users\erika\appdata\local\lollipop\Lollipop.exe

StartupFolder: c:\users\erika\appdata\roaming\micros~1\windows\startm~1\programs\startup\pcapps~1.lnk - c:\windows\system32\rundll32.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 201.17.0.52 201.17.0.84 201.6.4.116

TCP: Interfaces\{E6F3715A-0A11-49AA-AA26-A42614E30694} : DHCPNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3} : DHCPNameServer = 201.17.0.52 201.17.0.84 201.6.4.116

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\5427963616D275966696 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\75966496 : DHCPNameServer = 202.96.134.133 202.96.134.133 192.168.1.1

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\960586F6E65602465602542796B616 : DHCPNameServer = 200.169.117.221 200.169.117.222

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-28 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-28 175176]

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-8-24 64480]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-17 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-25 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-3 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-3 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-3 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2013-5-14 46808]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-10 29472]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-10 230912]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\RTL8192SE.SYS [2009-12-10 862208]

R3 UPCDRV;Utility Program Component Service;c:\windows\system32\drivers\UPCDRV.sys [2009-10-12 10240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-24 52224]

.

=============== Created Last 30 ================

.

2013-09-02 18:00:36 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72baf468-921b-4196-b98d-3658509b8211}\mpengine.dll

2013-08-26 01:24:46 -------- d-----w- c:\users\erika\appdata\local\{5EF0DF23-78FC-48BB-A986-4806E3EBF0ED}

2013-08-24 16:23:10 -------- d-----w- c:\windows\system32\MRT

2013-08-24 15:16:10 -------- d-----w- c:\program files\iPod

2013-08-24 15:16:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2013-08-24 15:06:37 64480 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-08-24 15:06:11 -------- d-----w- c:\programdata\Baidu Security

2013-08-24 15:04:29 -------- d-----w- c:\program files\Baidu Security

2013-08-24 15:04:28 -------- d-----w- c:\users\erika\appdata\roaming\Baidu Security

2013-08-24 15:04:24 -------- d-----w- c:\program files\FLVPlayer

2013-08-24 14:16:36 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-24 14:09:36 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-24 14:09:35 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-24 14:09:34 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-24 14:09:33 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-24 14:03:50 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-24 14:03:48 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-24 14:03:47 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-24 14:01:09 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-24 13:59:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-24 13:51:28 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-24 13:51:22 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

==================== Find3M ====================

.

2013-08-24 15:48:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-24 15:48:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-07-01 23:36:22 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-07-01 23:36:22 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

.

============= FINISH: 10:54:07,79 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obriga resposta Diego.

Segue conforme solicitado:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16660

Run by Erika at 22:07:45 on 2013-09-12

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.2009.438 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\simplo\EasyCap\EasyMnt.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\vssvc.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.terra.com.br/portal/

uURLSearchHooks: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - <orphaned>

uURLSearchHooks: {29acf17c-1713-4286-8f40-bfd05f1e70c8} - <orphaned>

mURLSearchHooks: Movier-media Toolbar: {ce10bf86-da68-441e-91fa-38336363e3cd} - c:\program files\movier-media\prxtbMov0.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files\funmoods\funmoods\1.5.19.3\bh\funmoods.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll

BHO: Movier-media Toolbar: {ce10bf86-da68-441e-91fa-38336363e3cd} - c:\program files\movier-media\prxtbMov0.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Movier-media Toolbar: {CE10BF86-DA68-441E-91FA-38336363E3CD} - c:\program files\movier-media\prxtbMov0.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Movier-media Toolbar: {ce10bf86-da68-441e-91fa-38336363e3cd} - c:\program files\movier-media\prxtbMov0.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files\funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [EasyMnt] c:\program files\simplo\easycap\EasyMnt.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: c:\users\erika\appdata\roaming\micros~1\windows\startm~1\programs\startup\pcapps~1.lnk - c:\windows\system32\rundll32.exe

StartupFolder: c:\users\erika\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\erika\appdata\local\temp\_uninst_99518172.bat

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 201.17.0.52 201.17.0.84 201.6.4.116

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3} : DHCPNameServer = 201.17.0.52 201.17.0.84 201.6.4.116

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\5427963616D275966696 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\75966496 : DHCPNameServer = 202.96.134.133 202.96.134.133 192.168.1.1

TCP: Interfaces\{FEA79D70-8AFA-443C-9360-CD04ABF09AE3}\960586F6E65602465602542796B616 : DHCPNameServer = 200.169.117.221 200.169.117.222

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 99518172;99518172;c:\windows\system32\drivers\99518172.sys [2013-9-3 133208]

R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-17 21576]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-28 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-28 177864]

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-8-24 64480]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-25 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-3 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-3 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-3 66336]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-10 29472]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-10 230912]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\RTL8192SE.SYS [2009-12-10 862208]

R3 UPCDRV;Utility Program Component Service;c:\windows\system32\drivers\UPCDRV.sys [2009-10-12 10240]

RUnknown 1262404drv;1262404drv; [x]

RUnknown 90555750;90555750; [x]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-24 52224]

.

=============== Created Last 30 ================

.

2013-09-13 01:06:55 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{37d8f19b-69c0-430d-9ad1-593473d7cf5f}\mpengine.dll

2013-09-03 15:27:27 7166848 ------w- c:\programdata\microsoft\windows defender\definition updates\{a8dcfef6-bea1-4d9e-849a-e0f7f981aa2a}\mpengine.dll

2013-09-03 14:25:50 -------- d-----w- c:\programdata\Kaspersky Lab

2013-09-03 14:24:19 133208 ----a-w- c:\windows\system32\drivers\99518172.sys

2013-08-26 01:24:46 -------- d-----w- c:\users\erika\appdata\local\{5EF0DF23-78FC-48BB-A986-4806E3EBF0ED}

2013-08-24 16:23:10 -------- d-----w- c:\windows\system32\MRT

2013-08-24 15:16:10 -------- d-----w- c:\program files\iPod

2013-08-24 15:16:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2013-08-24 15:09:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2013-08-24 15:06:37 64480 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-08-24 15:04:29 -------- d-----w- c:\program files\Baidu Security

2013-08-24 15:04:24 -------- d-----w- c:\program files\FLVPlayer

2013-08-24 14:16:36 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-24 14:09:36 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-24 14:09:35 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-24 14:09:34 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-24 14:09:33 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-24 14:03:50 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-24 14:03:48 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-24 14:03:47 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-24 14:01:09 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-24 13:59:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-24 13:51:28 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-24 13:51:22 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

==================== Find3M ====================

.

2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48:12 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:48:11 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr

2013-08-24 15:48:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-24 15:48:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

.

============= FINISH: 22:11:08,69 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume1

Install Date: 30/04/2010 19:56:09

System Uptime: 12/09/2013 21:50:05 (1 hours ago)

.

Motherboard: | | W7410

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 53,049 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP426: 21/07/2013 20:51:22 - Windows Update

RP427: 24/07/2013 21:50:08 - Windows Update

RP428: 29/07/2013 17:32:31 - Windows Update

RP429: 03/08/2013 19:54:38 - Windows Update

RP430: 13/08/2013 22:45:58 - Windows Update

RP431: 24/08/2013 10:52:20 - Windows Update

RP432: 24/08/2013 13:20:45 - Windows Update

RP433: 02/09/2013 14:58:53 - Windows Update

RP435: 02/09/2013 16:01:07 - Windows Defender Checkpoint

RP436: 04/09/2013 23:05:16 - Removed Bonjour

RP437: 05/09/2013 11:27:53 - Windows Update

RP438: 05/09/2013 23:26:18 - Windows Update

RP439: 12/09/2013 22:06:00 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4 - Português

ALPS Touch Pad Driver

AmIcoSingLun

Apple Mobile Device Support

Apple Software Update

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Free Antivirus

BitTorrent

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CyberLink DVD Suite

CyberLink Power2Go

CyberLink PowerDVD

D3DX10

DAEMON Tools Toolbar

DealPly

DVD Shrink 3.2

EA Download Manager UI

EasyCap

Funmoods on IE and Chrome

Gerenciador de Downloads da EA

Hotkey Utility

iCloud

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

IrfanView (remove only)

iTunes

K-Lite Mega Codec Pack 8.6.0

Legendas 2.30

Malwarebytes' Anti-Malware

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Motorola SM56 Data Fax Modem

Movier-media Toolbar

Movier 1.0.16

MSVCRT

Nero 7 Essentials

OGA Notifier 2.0.0048.0

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Portaldosties

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

REALTEK Wireless LAN Driver

RealUpgrade 1.1

RMVB Converter 1.8

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

Software Version Updater

Software WIDCOMM Bluetooth

Spelling Dictionaries Support For Adobe Reader 9

Suporte para Aplicativos Apple

System Requirements Lab

The Sims™ 3

Uniblue RegistryBooster

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

VoiceOver Kit

Windows Driver Package - First International Computer, Inc. (UPCDRV) System (07/06/2009 1.00.00)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

Yontoo 1.10.03

.

==== End Of File ===========================

Editado por diego_moicano
Remover CITAR

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro LizLanus

Por favor, use o botão CITAR somente se necessário.

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Não é aconselhável manter dois antispyware, desative (ou desinstale) um deles.

SP: avast! Antivirus

SP: Windows Defender

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigada novamente pela resposta.

Segue os logs solicitados do Junk e do ADW. Na próxima resposta coloco o do combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.1 (09.15.2013:1)

OS: Windows 7 Starter x86

Ran by Erika on 16/09/2013 at 13:15:54,11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\f

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.dskbnd

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.dskbnd.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.funmoodshlpr

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.funmoodshlpr.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoodsapp.appcore

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoodsapp.appcore.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealply

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funmoods

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminentsetup_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminentsetup_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\dealply

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\desk 365

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2186473

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2849856

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2851643

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2181B3CC-C658-498E-A97C-22A3DF3635E8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

~~~ Files

Successfully deleted: [File] C:\windows\System32\Tasks\DealPly

Successfully deleted: [File] C:\windows\System32\Tasks\DealPlyUpdate

Successfully deleted: [File] C:\windows\Tasks\amiupdxp.job

Successfully deleted: [File] "C:\windows\system32\conduitengine.tmp"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Erika\AppData\Roaming\dealply"

Successfully deleted: [Folder] "C:\Users\Erika\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\Erika\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Erika\appdata\local\lollipop"

Successfully deleted: [Folder] "C:\Users\Erika\appdata\local\opencandy"

Successfully deleted: [Folder] "C:\Users\Erika\appdata\local\swvupdater"

Failed to delete: [Folder] "C:\Users\Erika\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Erika\appdata\locallow\conduitengine"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\conduitengine"

Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"

Failed to delete: [Folder] "C:\Program Files\dealply"

Successfully deleted: [Folder] "C:\Program Files\funmoods"

Successfully deleted: [Folder] "C:\Program Files\iminent"

Successfully deleted: [Folder] "C:\Program Files\torntv.com"

Failed to delete: [Folder] "C:\Program Files\yontoo"

Failed to delete: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

Successfully deleted: [Folder] "C:\Users\Erika\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"

Successfully deleted: [Folder] "C:\ProgramData\start menu\programs\uniblue"

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{01FC823F-305C-4752-AC09-A6E1D49E622A}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{08DB779A-8152-444E-898A-E2765AE062D8}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{09366DA1-7A5E-4C61-868A-347AE17D6836}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{0ACBE64B-4513-42E4-9CE2-0FD055E6684C}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{13339AEB-C0F8-48E6-9CF4-7914884D0E5B}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{14D1F920-1DC7-4AF4-84C3-1461BF4B86BB}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{190FC107-1BCA-49A7-AAA1-752ECC906715}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{1AA164BF-E19B-432C-98E2-5EA24CEE617F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{1AE9783E-7161-4DDF-8C6E-A675E75CA478}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{1CB27B5D-C240-4737-88B7-3CFFD3EFC048}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{220B445D-D63A-46B1-BEF0-CE16DF3D7FA6}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{226C0E03-F70A-4631-9376-3A85CEC436B1}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{252BF75C-A3D6-431C-AFFC-BF1175FAFF0E}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{284F780B-7FE9-4389-B5FF-285ED8A5D6D0}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{28A03D97-D6DC-407D-B5CA-BCAA09B58352}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{29D56514-D127-460D-9139-5EBCA3F31BEC}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{2B252549-5EB5-4B5F-B678-029BFD7F0F71}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{2B3EECBA-E4D1-4055-B123-9BE74D47E305}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{2D35CF84-C27A-44A5-B879-DDE77247FFB5}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{2D95A49F-9436-4D2C-A208-EA7CAF534C1D}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{301FC25F-26D9-4719-BDD9-10A7ED0D4676}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{37FB5B83-FF4C-43FE-8171-2B6CBB90C75B}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{38EF0567-2652-407D-A247-681FBFAC44CF}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{3C51E7FA-846C-4E95-8463-9C8434BCAD78}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{3E647F1A-6E30-4DA5-AEC3-CA0C22D866EB}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{3EAA2709-41FD-4F86-8D1F-4DE2A442B313}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{3F97BF88-350E-4A19-AC29-34D6FD6132DB}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{4156CC08-3C1E-4F31-98C5-33CFB81EC60F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{42466CCF-58D8-4B0A-8706-A465F61B6554}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{43DB8F34-1064-4EE8-AFF3-2CACC64F7CAB}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{45E63D08-F02C-45DC-B196-37FD99DAB4C9}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{4DED1F34-5393-44FD-900D-D4B39FF04B92}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{4F223596-DD92-42E9-A0B4-6D660FB5794C}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{53591799-DEA8-4FB7-B54A-1D1AD714B230}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{55874E1C-52A7-4407-9173-ADF4F03E9A12}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{55AABA44-480F-47A0-9BCF-A159566F90AD}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{56D964FB-ABA9-4373-8E66-22D9016A4B3F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{57D35F92-A3E0-4C59-A2D5-C575BD497A90}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{5BD475C9-C24A-4231-B43C-2B941878BD48}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{5C3C3176-6B2A-437E-9025-C1140770E524}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{5EF0DF23-78FC-48BB-A986-4806E3EBF0ED}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{60DF3C05-6DB4-47B6-A978-6F6B0C2B0E4F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{616F2923-3057-44FE-9A57-070595A7C397}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{640E78D5-06CD-487C-B1FD-DE98C2FE6C4A}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{65086888-C22D-4AEC-AB42-F88B89BFDC94}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{673E2484-264D-4E13-80F7-7F010C6A87B1}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{68575F16-0548-4F68-A0EB-885C5026105C}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{68E6C1B9-29E6-4295-91B7-17B4A1E926D6}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{69A1E2BF-AF3B-4ADA-BCCF-7EF0092A8855}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{70E519F8-C7D1-4B31-B15C-310EE7EF152E}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{75EA2E6B-43A7-4417-BDE1-22B04196A6BD}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{76F9696A-236A-44D9-99C2-A247F2854075}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{7AA91F2F-1951-49FB-8614-A8E06D8ADD32}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{7C255A49-5225-4F55-BC09-583CBFB2151B}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{7E9BA2A6-EE1B-4B69-8AA7-89185B208BC6}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{817E35A5-8B6F-4FDC-87A8-6E774E0E3756}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{81F0AA1B-2A0F-4133-90AF-D62D51FC2B4C}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{82CDB7B9-18FF-4FAC-A705-6B89A4CEB739}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{84486220-6232-4D5E-8B12-AE981DD84602}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{880B4D0A-CA20-43AC-ABB6-3889D6A180FD}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{8906665B-7095-4DEF-880D-FEACEF95395F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{8ACF350D-0AEE-4DCA-A573-E84CB820B0BC}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{8B12740F-7C1F-455D-8376-9610E16F929F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{901AD44E-7673-4216-ACC2-7F93F58A6DD9}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{939686CA-2298-4993-B671-F3F52F81B551}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{944C6AF5-6FE0-4DDC-AFB5-F200009117CC}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{960E3611-11C2-4AA7-944A-011AD720BCE6}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{97D9D35F-1CFD-43E8-9751-9737AFC997AB}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{98B5F120-2507-4BC3-8907-0ABA76D6F24D}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{9A3FDA59-C312-4043-90AC-C6D6596E2D96}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{9D3E5752-7325-40A1-A1B4-BCA826014D0A}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{A02E35F9-448B-4CE2-8046-28FF0DA9AF66}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{A57D5E18-A7D8-450B-8DCC-BAE0A81DCBD2}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{A90F779E-E39B-462C-9F8E-84CFA22DA5E5}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{AA5F26CA-91B6-46EE-B5C9-FBF57535E4F3}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{AC29C502-6397-4E59-8587-CAA791939D92}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{B02C50BF-AAA2-46A3-B7DC-3332AEB768C8}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{B273ED44-9CBD-467E-8D32-C6BE8C4796C2}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{B426721E-7806-420E-917E-EA096C791D3C}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{B4C01417-1C06-445F-B757-E7351FC5A153}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{B727386F-7216-4533-9752-6A7A89EB86F8}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{BC3D221B-8077-4BDE-854F-21AF6C991C99}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{BC86E8AF-5EE0-4216-8E93-BC7C3420222C}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{BCA71166-70A2-4ADE-8F52-A86E74B9D55D}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{BF47997B-A9DC-465B-B761-01369913CCA9}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{BF679CB2-9CF6-46A6-A7C0-2D7886E8CC15}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C094E39B-D056-45E5-AF77-879F2A608988}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C1CCE336-2E6C-4E1C-AF55-A4ACE9886538}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C26034CC-61AF-4F3A-9586-178938A61F14}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C410D1EA-81A3-4591-999D-5CFB280F34B7}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C50957F7-EDE8-4939-9F1B-1A05C443EEE8}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C6174F76-63E6-4929-BDAF-1AAFF3AF72BE}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C6A7CCC5-4A0F-480B-9E17-1339D8715EC3}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C7298F30-4245-4CBE-89CC-8711EBBCF9AB}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{C79ED862-CB99-461E-9978-8BE0BD5D7327}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{CBBC87A7-4091-4E36-854B-C1CC01BC4174}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{CC4A788A-5DF3-4240-B366-02E49718038A}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{CC6C4EA7-E9C7-4A06-B2B2-6E5C8F0E7A54}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{CE2E2872-BC48-4B0E-8FFD-5AEF865D169F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{CF968B86-BAB7-47C8-9496-867E7517FF3B}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{D1145D64-BF2F-4C9B-9CA3-079270651C50}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{D43B5997-84B7-4BB0-83CD-D3E41028B936}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{D4B83B76-92DD-4412-9B09-C79F5A983B72}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{D4C47265-3726-46DF-BC07-B75166AA19A4}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{D4D1FA15-D82E-4A66-9401-4D20B89707A2}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{D71714CF-73AC-42EE-81DB-47B7487012E6}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{D8BB628B-BED0-4F25-882A-EACC50237C76}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{DC507F2F-4633-40F2-95C4-9C2EC6E86973}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{DC88C6AD-8A1D-465B-88CE-034A268A1039}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{DCA00F8F-015A-49B7-A761-8E8B1392CCC3}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{DE99FFF3-5B7B-439F-84D0-D038621C845B}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{DF4F7C1D-632B-4E83-B82F-1E236B574309}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{E0E85116-65BD-4EE4-B600-2475321F5567}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{E15CAA17-4067-40F6-9A32-380281FB560A}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{E1B5F44C-54F5-43A5-BEDD-4E7E3D59C764}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{E1E03E45-D46A-4522-9BF4-8B4D9D98A9C2}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{E34C0CF2-3AC6-4213-B434-C484B1E64AD1}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{E581B645-727C-4A20-B6E3-0583548A9477}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{E6F287C0-A01E-47F0-8ABC-BBCED9CF96F9}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{EAD43C1E-299F-4397-9E0A-DF52C3E3C19E}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{EB6A2959-43F9-4427-B704-A4AD87EE2178}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{F0F50231-C36A-4096-9096-CDD85949CBA6}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{F2D82F2F-A912-4CB0-AC90-7A36F6EC67E4}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{F2DE95EE-0849-47ED-9918-4BD2D7364935}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{F31070F4-13C1-4657-96B6-DA03FAAB8A8F}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{F4A151BD-F0FD-4BB7-8EFC-675389BD1DBB}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{F4AD9F53-9B8F-4BB2-99FD-E6E1FEB7517A}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{F7EE87A5-E486-4190-858D-B5E39D74FA7B}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{FBB3A454-2B47-4D1E-B689-27F19BB379FC}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{FF171B64-2F19-4596-944D-F40CFA3B7429}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{FF73FBF1-C1B3-49F6-8754-1FB4D3EBB93D}

Successfully deleted: [Empty Folder] C:\Users\Erika\appdata\local\{FFDCF1AF-975C-4685-B80D-C9458859854E}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16/09/2013 at 13:19:44,00

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.004 - Relatório criado 16/09/2013 no 13:23:09

# Atualizado 15/09/2013 por Xplode

# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)

# Usuário : Erika - ERIKA_BARROS

# Executando de : C:\Users\Erika\Downloads\adwcleaner.exe

# Opção : Examinar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Encontrado : C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla

Pasta Encontrado C:\Program Files\DealPly

Pasta Encontrado C:\Program Files\Gophoto.it

Pasta Encontrado C:\Program Files\Movier-media

Pasta Encontrado C:\Program Files\Yontoo

Pasta Encontrado C:\Users\Erika\AppData\LocalLow\Conduit

Pasta Encontrado C:\Users\Erika\AppData\LocalLow\Movier-media

Pasta Encontrado C:\Users\Erika\AppData\Roaming\eIntaller

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AppDataLow\Software\Movier-media

Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Encontrada : HKCU\Software\lollipop

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CE10BF86-DA68-441E-91FA-38336363E3CD}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE10BF86-DA68-441E-91FA-38336363E3CD}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFA2F2AC-F8CA-4A04-A665-9CA5FB3F1FE5}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CE10BF86-DA68-441E-91FA-38336363E3CD}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{DFA2F2AC-F8CA-4A04-A665-9CA5FB3F1FE5}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FDC1A6E-2E4E-4A23-A288-51B70DA072D9}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E14662BF-9065-401F-A274-6001AE60ADEE}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Dealply

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\DealPlyUpdate

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Dealply

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\DealPlyUpdate

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE10BF86-DA68-441E-91FA-38336363E3CD}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DFA2F2AC-F8CA-4A04-A665-9CA5FB3F1FE5}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movier-media Toolbar

Chave Encontrada : HKLM\Software\Movier-media

Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CE10BF86-DA68-441E-91FA-38336363E3CD}]

Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE10BF86-DA68-441E-91FA-38336363E3CD}]

Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

-\\ Google Chrome v

[ Arquivo : C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrada : homepage

Encontrada : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8634 octets] - [16/09/2013 13:23:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8694 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do combo fix

ComboFix 13-09-16.01 - Erika 16/09/2013 13:41:37.1.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.2009.1159 [GMT -3:00]

Executando de: c:\users\Erika\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-16 to 2013-09-16 ))))))))))))))))))))))))))))

.

.

2013-09-16 16:50 . 2013-09-16 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-16 16:45 . 2013-09-16 16:45 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD580097-9A5E-4328-91D7-AA835CD1158B}\offreg.dll

2013-09-16 16:22 . 2013-09-16 16:30 -------- d-----w- C:\AdwCleaner

2013-09-16 16:15 . 2013-09-16 16:15 -------- d-----w- c:\windows\ERUNT

2013-09-14 19:36 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD580097-9A5E-4328-91D7-AA835CD1158B}\mpengine.dll

2013-09-13 14:54 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-09-13 01:28 . 2013-08-02 01:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-03 14:25 . 2013-09-03 14:25 -------- d-----w- c:\programdata\Kaspersky Lab

2013-09-03 14:24 . 2013-09-03 19:30 133208 ----a-w- c:\windows\system32\drivers\99518172.sys

2013-08-24 16:23 . 2013-09-13 02:17 -------- d-----w- c:\windows\system32\MRT

2013-08-24 15:16 . 2013-08-24 15:16 -------- d-----w- c:\program files\iPod

2013-08-24 15:16 . 2013-08-24 15:17 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-08-24 15:08 . 2013-08-24 15:09 -------- d-----w- c:\program files\QuickTime

2013-08-24 15:06 . 2013-08-08 03:25 64480 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-08-24 15:04 . 2013-08-24 15:40 -------- d-----w- c:\program files\Baidu Security

2013-08-24 15:04 . 2013-08-24 15:04 -------- d-----w- c:\program files\FLVPlayer

2013-08-24 14:16 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-24 14:09 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-24 14:09 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-24 14:09 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-24 14:09 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-24 14:03 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-24 14:03 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-24 14:03 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-24 14:01 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-24 13:59 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-24 13:51 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-24 13:51 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-13 14:48 . 2012-08-19 00:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-13 14:48 . 2011-08-16 17:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-02 17:54 . 2013-09-02 17:54 22 ----a-w- c:\windows\system32\.zip

2013-08-30 07:48 . 2013-04-28 23:41 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48 . 2010-07-03 23:03 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-30 07:48 . 2010-07-03 23:03 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-08-30 07:48 . 2013-04-28 23:41 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48 . 2012-03-16 23:02 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48 . 2011-05-25 23:04 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48 . 2012-06-18 00:28 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-08-30 07:48 . 2010-07-03 23:03 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-08-30 07:48 . 2010-07-03 23:03 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:47 . 2010-07-03 23:03 41664 ----a-w- c:\windows\avastSS.scr

2013-08-30 07:47 . 2010-07-03 23:03 229648 ----a-w- c:\windows\system32\aswBoot.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-31 233472]

"EasyMnt"="c:\program files\simplo\EasyCap\EasyMnt.exe" [2009-09-04 225280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]

.

c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PC App Store Uninstall 3.8.8.1435.lnk - c:\windows\System32\rundll32.exe "c:\users\Erika\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini" [2009-7-13 44544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S0 99518172;99518172;c:\windows\system32\DRIVERS\99518172.sys [2013-09-03 133208]

S0 aswKbd;aswKbd; [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2013-08-08 64480]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-03 691696]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-06 230912]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]

S3 UPCDRV;Utility Program Component Service;c:\windows\system32\DRIVERS\UPCDRV.sys [2009-07-06 10240]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 14:48]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/portal/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 201.17.0.52 201.17.0.84 201.6.4.116

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

URLSearchHooks-{29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{E0301295-AB3E-4AF3-979F-3D453C5F9F48} - (no file)

WebBrowser-{29ACF17C-1713-4286-8F40-BFD05F1E70C8} - (no file)

c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_99518172.lnk - c:\users\Erika\AppData\Local\Temp\_uninst_99518172.bat

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(3436)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Tempo para conclusão: 2013-09-16 13:51:51

ComboFix-quarantined-files.txt 2013-09-16 16:51

.

Pré-execução: 53.610.434.560 bytes disponíveis

Pós execução: 53.405.503.488 bytes disponíveis

.

- - End Of File - - E9A892F79D2EE2EEBDBDD00C008F0C5B

5C616939100B85E558DA92B899A0FC36

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro LizLanus

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\windows\System32\drivers\BprotectEx.sys
c:\windows\System32\drivers\Bhbase.sys
c:\windows\system32\DRIVERS\99518172.sys

Folder::
c:\program files\Baidu Security


Driver::
BprotectEx
99518172
Bhbase

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

ADS::


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi.

Desculpe a demora. cabei viajando a trabalho.

Fiz o que me pediu.. segue o log do combo fix

ComboFix 13-09-16.01 - Erika 23/09/2013 10:44:49.2.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.2009.1153 [GMT -3:00]

Executando de: c:\users\Erika\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Erika\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

FILE ::

"c:\windows\system32\DRIVERS\99518172.sys"

"c:\windows\System32\drivers\Bhbase.sys"

"c:\windows\System32\drivers\BprotectEx.sys"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Baidu Security

c:\windows\system32\DRIVERS\99518172.sys

c:\windows\System32\drivers\Bhbase.sys

.

A cópia de c:\windows\system32\Drivers\atapi.sys foi encontrada e desinfectada

Cópia restaurada de - c:\windows\erdnt\cache\atapi.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_99518172

-------\Legacy_BHBASE

-------\Legacy_BPROTECTEX

-------\Service_99518172

-------\Service_Bhbase

-------\Service_BprotectEx

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-23 to 2013-09-23 ))))))))))))))))))))))))))))

.

.

2013-09-23 13:54 . 2013-09-23 13:57 -------- d-----w- c:\users\Erika\AppData\Local\temp

2013-09-23 13:54 . 2013-09-23 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-16 16:45 . 2013-09-16 16:45 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD580097-9A5E-4328-91D7-AA835CD1158B}\offreg.dll

2013-09-16 16:22 . 2013-09-16 16:30 -------- d-----w- C:\AdwCleaner

2013-09-16 16:15 . 2013-09-16 16:15 -------- d-----w- c:\windows\ERUNT

2013-09-14 19:36 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD580097-9A5E-4328-91D7-AA835CD1158B}\mpengine.dll

2013-09-13 14:54 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-09-13 01:28 . 2013-08-02 01:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-03 14:25 . 2013-09-03 14:25 -------- d-----w- c:\programdata\Kaspersky Lab

2013-08-24 16:23 . 2013-09-13 02:17 -------- d-----w- c:\windows\system32\MRT

2013-08-24 15:16 . 2013-08-24 15:16 -------- d-----w- c:\program files\iPod

2013-08-24 15:16 . 2013-08-24 15:17 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-08-24 15:09 . 2013-08-24 15:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-08-24 15:08 . 2013-08-24 15:09 -------- d-----w- c:\program files\QuickTime

2013-08-24 15:04 . 2013-08-24 15:04 -------- d-----w- c:\program files\FLVPlayer

2013-08-24 14:16 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-24 14:09 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-24 14:09 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-24 14:09 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-24 14:09 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-24 14:03 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-24 14:03 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-24 14:03 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-24 14:01 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-24 13:59 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-13 14:48 . 2012-08-19 00:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-13 14:48 . 2011-08-16 17:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-02 17:54 . 2013-09-02 17:54 22 ----a-w- c:\windows\system32\.zip

2013-08-30 07:48 . 2013-04-28 23:41 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48 . 2010-07-03 23:03 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-30 07:48 . 2010-07-03 23:03 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-08-30 07:48 . 2013-04-28 23:41 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48 . 2012-03-16 23:02 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48 . 2011-05-25 23:04 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48 . 2012-06-18 00:28 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-08-30 07:48 . 2010-07-03 23:03 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-08-30 07:48 . 2010-07-03 23:03 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:47 . 2010-07-03 23:03 41664 ----a-w- c:\windows\avastSS.scr

2013-08-30 07:47 . 2010-07-03 23:03 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-07-06 05:05 . 2013-08-24 13:51 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-31 233472]

"EasyMnt"="c:\program files\simplo\EasyCap\EasyMnt.exe" [2009-09-04 225280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]

.

c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PC App Store Uninstall 3.8.8.1435.lnk - c:\windows\System32\rundll32.exe "c:\users\Erika\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini" [2009-7-13 44544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S0 aswKbd;aswKbd; [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-03 691696]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-06 230912]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]

S3 UPCDRV;Utility Program Component Service;c:\windows\system32\DRIVERS\UPCDRV.sys [2009-07-06 10240]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 14:48]

.

.

------- Scan Suplementar -------

.

uStart Page = https://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 201.17.0.52 201.17.0.84 201.6.4.116

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(2804)

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-09-23 11:01:07 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-09-23 14:01

ComboFix2.txt 2013-09-16 16:51

.

Pré-execução: 53.195.960.320 bytes disponíveis

Pós execução: 53.017.071.616 bytes disponíveis

.

- - End Of File - - 07B1E693CFF8E11CF54ACBB96CDB05D2

5C616939100B85E558DA92B899A0FC36

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara LizLanus :)

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego..

Fiz o que você pediu. Nada foi encontrado e também não foi solicitada a reinicialização do sistema.

Agradeço muito pela ajuda dispensada.

Segue o log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4056

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.10.9200.16686

29/09/2013 11:35:39

mbam-log-2013-09-29 (11-35-39).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 122493

Tempo decorrido: 6 minuto(s), 59 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara LizLanus

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Diego,

Fiz o que pediu e nada foi encontrado.

O que faço agora?

Grata

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara LizLanus ;)

Log limpo :)

>>>> Como está o computador?

# Etapa nº 1 #

Vamos desinstalar o ComboFix:

Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

Ou se preferir vá em,

iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

# Etapa nº 2 #

Faça download do OTC by OldTimer e salve em seu desktop.

  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.

# Etapa nº 3 #

  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.

# Etapa nº 4 #
<<@>> Instale o CCleaner
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner

  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×