Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Drones

possivel virus

Recommended Posts

Ultimamente meu computador vem demorando para abrir alguns programas e consumindo muita memoria sem motivo aparente;

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660

Run by Sky at 13:30:48 on 2013-09-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4095.2936 [GMT -3:00]

.

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Sky\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Steam\GameOverlayUI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://br.yahoo.com/?fr=fp-comodo

uProxyServer = localhost:21320

mWinlogon: Userinit = userinit.exe,

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Memory Cleaner] C:\Users\Sky\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{F579D7AA-915A-4C5C-BCC9-6E4CA690CD05} : DHCPNameServer = 200.204.0.10 200.204.0.138

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\t7nxtj0m.default-1378133973841\

FF - prefs.js: browser.startup.homepage - www.uol.com.br

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - ExtSQL: 2013-07-31 21:22; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-8-31 12368]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-8-31 270824]

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-31 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-31 189936]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-8-31 131232]

R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-8-31 22600]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-31 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-31 378944]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-7-8 708632]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-31 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-31 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-31 46808]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-8-31 137960]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-1 1817560]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-1 1033688]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-1 171928]

R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-30 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-30 701512]

S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-30 25928]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-31 19456]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-7-31 29696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-31 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-31 30208]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-11 1255736]

SUnknown tsusbhub;tsusbhub; [x]

.

=============== Created Last 30 ================

.

2013-09-03 10:34:23 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-08-31 03:51:47 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2013-08-31 03:51:47 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2013-08-31 03:51:46 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2013-08-31 03:51:46 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys

2013-08-30 15:20:34 -------- d-----w- C:\Users\Sky\AppData\Roaming\Malwarebytes

2013-08-30 15:20:03 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-30 15:20:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-30 15:20:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-30 14:22:04 -------- d-----w- C:\Users\Sky\AppData\Roaming\Natural Selection 2

2013-08-14 21:16:55 224256 ----a-w- C:\Windows\System32\wintrust.dll

.

==================== Find3M ====================

.

2013-08-01 06:33:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-01 06:33:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-01 01:06:09 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-01 00:58:08 0 ----a-w- C:\Windows\ativpsrm.bin

2013-08-01 00:23:08 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-08-01 00:23:08 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-09 00:59:54 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-04 18:58:48 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2013-07-04 18:57:00 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2013-07-04 18:57:00 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2013-07-04 18:57:00 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2013-07-04 18:56:58 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

2013-06-18 19:16:10 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-06-18 19:16:08 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-06-18 19:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-06-18 19:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll

2013-06-18 19:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-06-18 19:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-06-18 19:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-06-18 19:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-06-18 19:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

.

============= FINISH: 13:31:46,21 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 31/07/2013 20:42:41

System Uptime: 04/09/2013 14:44:12 (47 hours ago)

.

Motherboard: MEGAWARE | | MW-G31T-M7

Processor: Intel® Core2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2670/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 845,358 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP30: 30/08/2013 13:56:50 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Auslogics DiskDefrag

avast! Internet Security

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

COMODO Firewall

Counter-Strike: Global Offensive

Counter-Strike: Source

Garry's Mod

God Mode

Killing Floor

Left 4 Dead 2

Malwarebytes Anti-Malware versão 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

Oracle VM VirtualBox 4.2.16

Revo Uninstaller 1.95

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Spybot - Search & Destroy

Steam

TortoiseSVN 1.8.1.24570 (64 bit)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ainda estou com problemas para postar o log do gmer...

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660

Run by Sky at 19:10:12 on 2013-09-09

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4095.2773 [GMT -3:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Sky\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Steam\GameOverlayUI.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://br.yahoo.com/?fr=fp-comodo

uProxyServer = localhost:21320

mWinlogon: Userinit = userinit.exe,

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Memory Cleaner] C:\Users\Sky\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{F579D7AA-915A-4C5C-BCC9-6E4CA690CD05} : DHCPNameServer = 200.204.0.10 200.204.0.138

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\t7nxtj0m.default-1378133973841\

FF - prefs.js: browser.startup.homepage - www.uol.com.br

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - ExtSQL: 2013-07-31 21:22; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-8-31 22600]

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-8-31 12368]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-8-31 270824]

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-31 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-31 204880]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-8-31 131232]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-31 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-31 378944]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-7-8 708632]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-31 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-31 80816]

R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-30 25928]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-31 19456]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-7-31 29696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-31 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-31 30208]

SUnknown tsusbhub;tsusbhub; [x]

.

=============== Created Last 30 ================

.

2013-09-07 21:09:31 6656 ----a-w- C:\Windows\System32\drivers\beep.sys_old

2013-09-03 10:34:23 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-08-31 03:51:47 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2013-08-31 03:51:47 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2013-08-31 03:51:46 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2013-08-31 03:51:46 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys

2013-08-30 15:20:34 -------- d-----w- C:\Users\Sky\AppData\Roaming\Malwarebytes

2013-08-30 15:20:03 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-30 15:20:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-30 15:20:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-30 14:22:04 -------- d-----w- C:\Users\Sky\AppData\Roaming\Natural Selection 2

2013-08-14 21:16:55 224256 ----a-w- C:\Windows\System32\wintrust.dll

.

==================== Find3M ====================

.

2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr

2013-08-01 06:33:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-01 06:33:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-01 01:06:09 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-01 00:58:08 0 ----a-w- C:\Windows\ativpsrm.bin

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-09 00:59:54 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-04 18:58:48 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2013-07-04 18:57:00 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2013-07-04 18:57:00 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2013-07-04 18:57:00 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2013-07-04 18:56:58 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

2013-06-18 19:16:10 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-06-18 19:16:08 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-06-18 19:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-06-18 19:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll

2013-06-18 19:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-06-18 19:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-06-18 19:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-06-18 19:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-06-18 19:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

.

============= FINISH: 19:11:38,22 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 31/07/2013 20:42:41

System Uptime: 08/09/2013 16:19:15 (27 hours ago)

.

Motherboard: MEGAWARE | | MW-G31T-M7

Processor: Intel® Core2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2670/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 840,759 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP30: 30/08/2013 13:56:50 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Auslogics DiskDefrag

avast! Internet Security

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

COMODO Firewall

Counter-Strike: Global Offensive

Counter-Strike: Source

Garry's Mod

God Mode

Killing Floor

Left 4 Dead 2

Malwarebytes Anti-Malware versão 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

Oracle VM VirtualBox 4.2.16

Revo Uninstaller 1.95

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Spybot - Search & Destroy

Steam

TortoiseSVN 1.8.1.24570 (64 bit)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Drones

Ultimamente meu computador vem demorando para abrir alguns programas e consumindo muita memoria sem motivo aparente;
Creio que o motivo seja este daqui:
SP: avast! Internet Security

SP: Windows Defender

SP: Spybot - Search and Destroy

SP: COMODO Antivirus

FW: avast! Internet Security

FW: COMODO Firewall

Você tem instalado 4 antispyware e dois firewall, o recomendado é somente 1 de cada. Portanto, escolha um SP e um FW e desinstale os outros.

A propósito, você conhece:

uProxyServer = localhost:21320

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela assistencia diego;

Não, não conheço isso "uProxyServer = localhost:21320".

Inclusive diego, para resolver esses problemas de modem e roteador com proxy suspeito(vitimas de invasão), eu posso resolve-los apenas resetando os mesmos? à casos em que a firmware tem que ser trocada?

Obrigado e boa tarde!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Drones

Inclusive diego, para resolver esses problemas de modem e roteador com proxy suspeito(vitimas de invasão), eu posso resolve-los apenas resetando os mesmos? à casos em que a firmware tem que ser trocada?
Dê uma lida neste artigo: http://www.linhadefensiva.org/2012/03/criminosos-alteram-dns-de-modems-usando-falha-para-realizar-fraudes/

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D
  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Executei o combofix com os programas de proteção desabilitados, entretanto o mesmo alertava que o anti-virus e a anti spyware encontravam-se habilitados;

Tem algum problema? Se voce duvidar do resultado do log, não há problema algum em gerar outro ^^

Segue o log:

ComboFix 13-09-17.01 - Sky 18/09/2013 3:33.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4095.2659 [GMT -3:00]

Executando de: c:\users\Sky\Downloads\ComboFix.exe

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

A cópia de c:\windows\system32\samsrv.dll foi encontrada e desinfectada

Cópia restaurada de - c:\windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_10145eccb79418a5\samsrv.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-18 to 2013-09-18 ))))))))))))))))))))))))))))

.

.

2013-09-11 17:19 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-11 08:54 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-09-11 08:53 . 2013-08-02 02:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2013-09-07 21:09 . 2009-07-14 00:00 6656 ----a-w- c:\windows\system32\drivers\beep.sys_old

2013-09-03 10:34 . 2013-09-03 10:34 -------- d-----w- c:\programdata\Kaspersky Lab

2013-08-31 03:51 . 2013-08-30 07:48 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-08-31 03:51 . 2013-08-30 07:48 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-08-31 03:51 . 2013-08-30 07:48 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-08-31 03:51 . 2013-03-13 18:01 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2013-08-30 15:20 . 2013-08-30 15:20 -------- d-----w- c:\users\Sky\AppData\Roaming\Malwarebytes

2013-08-30 15:20 . 2013-08-30 15:20 -------- d-----w- c:\programdata\Malwarebytes

2013-08-30 15:20 . 2013-08-30 15:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-30 15:20 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-30 14:22 . 2013-08-30 14:34 -------- d-----w- c:\users\Sky\AppData\Roaming\Natural Selection 2

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-14 05:11 . 2013-08-01 00:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-14 05:11 . 2013-08-01 00:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-11 17:17 . 2013-07-31 23:41 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-30 07:48 . 2013-08-01 00:23 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-30 07:48 . 2013-08-01 00:22 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48 . 2013-08-01 00:22 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-08-30 07:48 . 2013-08-01 00:22 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48 . 2013-08-01 00:22 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48 . 2013-08-01 00:22 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48 . 2013-08-01 00:23 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-08-30 07:48 . 2013-08-01 00:22 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:47 . 2013-08-01 00:22 41664 ----a-w- c:\windows\avastSS.scr

2013-08-30 07:47 . 2013-08-01 00:22 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-08-02 01:48 . 2013-09-11 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-01 01:07 . 2013-08-01 01:07 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-08-01 01:07 . 2013-08-01 01:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-08-01 01:07 . 2013-08-01 01:07 81408 ----a-w- c:\windows\system32\icardie.dll

2013-08-01 01:07 . 2013-08-01 01:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-08-01 01:07 . 2013-08-01 01:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-08-01 01:07 . 2013-08-01 01:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-08-01 01:07 . 2013-08-01 01:07 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-08-01 01:07 . 2013-08-01 01:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-08-01 01:07 . 2013-08-01 01:07 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-08-01 01:07 . 2013-08-01 01:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-08-01 01:07 . 2013-08-01 01:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-08-01 01:07 . 2013-08-01 01:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-08-01 01:07 . 2013-08-01 01:07 441856 ----a-w- c:\windows\system32\html.iec

2013-08-01 01:07 . 2013-08-01 01:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-08-01 01:07 . 2013-08-01 01:07 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-08-01 01:07 . 2013-08-01 01:07 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-08-01 01:07 . 2013-08-01 01:07 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-08-01 01:07 . 2013-08-01 01:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-08-01 01:07 . 2013-08-01 01:07 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-08-01 01:07 . 2013-08-01 01:07 235008 ----a-w- c:\windows\system32\url.dll

2013-08-01 01:07 . 2013-08-01 01:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-08-01 01:07 . 2013-08-01 01:07 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-08-01 01:07 . 2013-08-01 01:07 216064 ----a-w- c:\windows\system32\msls31.dll

2013-08-01 01:07 . 2013-08-01 01:07 197120 ----a-w- c:\windows\system32\msrating.dll

2013-08-01 01:07 . 2013-08-01 01:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-08-01 01:07 . 2013-08-01 01:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-08-01 01:07 . 2013-08-01 01:07 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-08-01 01:07 . 2013-08-01 01:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-08-01 01:07 . 2013-08-01 01:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-08-01 01:07 . 2013-08-01 01:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-08-01 01:07 . 2013-08-01 01:07 149504 ----a-w- c:\windows\system32\occache.dll

2013-08-01 01:07 . 2013-08-01 01:07 144896 ----a-w- c:\windows\system32\wextract.exe

2013-08-01 01:07 . 2013-08-01 01:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-08-01 01:07 . 2013-08-01 01:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-08-01 01:07 . 2013-08-01 01:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-08-01 01:07 . 2013-08-01 01:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-08-01 01:07 . 2013-08-01 01:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-08-01 01:07 . 2013-08-01 01:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-08-01 01:07 . 2013-08-01 01:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-08-01 01:07 . 2013-08-01 01:07 102912 ----a-w- c:\windows\system32\inseng.dll

2013-08-01 01:07 . 2013-08-01 01:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-08-01 01:07 . 2013-08-01 01:07 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-08-01 01:07 . 2013-08-01 01:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-08-01 01:07 . 2013-08-01 01:07 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-08-01 01:07 . 2013-08-01 01:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-08-01 01:07 . 2013-08-01 01:07 13824 ----a-w- c:\windows\system32\mshta.exe

2013-08-01 01:07 . 2013-08-01 01:07 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-08-01 01:07 . 2013-08-01 01:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-08-01 01:07 . 2013-08-01 01:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-08-01 01:06 . 2013-08-01 01:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-08-01 01:06 . 2013-08-01 01:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-08-01 01:06 . 2013-08-01 01:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-08-01 01:06 . 2013-08-01 01:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-08-01 01:06 . 2013-08-01 01:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-08-01 01:06 . 2013-08-01 01:06 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-08-01 01:06 . 2013-08-01 01:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-08-01 01:06 . 2013-08-01 01:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-08-01 01:06 . 2013-08-01 01:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-08-01 01:06 . 2013-08-01 01:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-08-01 01:06 . 2013-08-01 01:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-08-01 01:06 . 2013-08-01 01:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-08-01 01:06 . 2013-08-01 01:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-08-01 01:06 . 2013-08-01 01:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-08-01 01:06 . 2013-08-01 01:06 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-08-01 01:06 . 2013-08-01 01:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-08-01 01:06 . 2013-08-01 01:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-08-01 01:06 . 2013-08-01 01:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-06 1811368]

"Memory Cleaner"="c:\users\Sky\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe" [2013-02-03 791560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;tsusbhub [x]

S0 aswKbd;aswKbd; [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01 05:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-09 1502424]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://br.yahoo.com/?fr=fp-comodo

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = localhost:21320

TCP: DhcpNameServer = 192.168.1.6

FF - ProfilePath - c:\users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\t7nxtj0m.default-1378133973841\

FF - prefs.js: browser.startup.homepage - www.uol.com.br

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-07-31 21:22; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Notify-SDWinLogon - SDWinLogon.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

c:\program files\AVAST Software\Avast\AvastEmUpdate.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-09-18 03:51:34 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-09-18 06:51

.

Pré-execução: 896.517.652.480 bytes disponíveis

Pós execução: 896.432.443.392 bytes disponíveis

.

- - End Of File - - 4FF273BBF13DD4BCF78E78746719DCD2

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você chegou a desinstalar e deixar somente um FW e um SP?

FW: avast! Internet Security

FW: COMODO Firewall

SP: avast! Internet Security

SP: COMODO Antivirus

SP: Spybot - Search and Destroy

SP: Windows Defender

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nossa diego, me desculpe pelo inconveniente; apenas desabilitei. O único que tentei desinstalar foi o windows defender! (o que não consegui, então tive que somente desabilitar no "serviços". xD

Agora troquei o avast para o avira, deixando apenas ele e o comodo, tudo bem?(a minha versão é aquela que vem somente um firewall) oO. Se voce quiser posso gerar outro log;

Inclusive diego, só de passar o combofix, percebi uma melhora significativa na inicialização do sistema. Antes ficava travado na logo do windows por 15 segundos ou mais. As vezes 30. Agora dificilmente passa dos 8...

Muito obrigado mesmo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Drones

Nossa diego, me desculpe pelo inconveniente; apenas desabilitei. O único que tentei desinstalar foi o windows defender! (o que não consegui, então tive que somente desabilitar no "serviços". xD
Ok :)
Agora troquei o avast para o avira, deixando apenas ele e o comodo, tudo bem
Ok :)

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

DDS::
uInternet Settings,ProxyServer = localhost:21320

SecCenter::
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mais uma vez, obrigado pela assistencia diego =D

Do que se trata esses proxy, diego?

ComboFix 13-09-24.02 - Sky 25/09/2013 17:13:47.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.4095.2887 [GMT -3:00]

Executando de: c:\users\Sky\Downloads\ComboFix.exe

Comandos utilizados :: c:\users\Sky\Desktop\CFScript.txt.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\wininit.ini

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-25 to 2013-09-25 ))))))))))))))))))))))))))))

.

.

2013-09-25 20:21 . 2013-09-25 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-25 10:52 . 2013-09-25 10:52 -------- d-----w- C:\VTRoot

2013-09-20 03:00 . 2013-09-20 03:00 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-09-20 03:00 . 2013-09-20 03:00 -------- d-----w- c:\users\Sky\AppData\Roaming\Avira

2013-09-20 02:58 . 2013-09-20 02:58 -------- d-----w- c:\programdata\AskPartnerNetwork

2013-09-20 02:58 . 2013-09-20 02:58 -------- d-----w- c:\program files (x86)\AskPartnerNetwork

2013-09-20 02:58 . 2013-09-20 02:58 -------- d-----w- c:\programdata\APN

2013-09-20 02:57 . 2013-09-20 02:55 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-09-20 02:57 . 2013-09-20 02:55 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-09-20 02:57 . 2013-09-20 02:55 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-09-20 02:57 . 2013-09-20 02:57 -------- d-----w- c:\programdata\Avira

2013-09-20 02:57 . 2013-09-20 02:57 -------- d-----w- c:\program files (x86)\Avira

2013-09-20 02:40 . 2013-09-20 02:40 -------- d-s---w- c:\windows\SysWow64\Microsoft

2013-09-11 08:54 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-09-11 08:53 . 2013-08-02 02:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2013-09-07 21:09 . 2009-07-14 00:00 6656 ----a-w- c:\windows\system32\drivers\beep.sys_old

2013-09-03 10:34 . 2013-09-03 10:34 -------- d-----w- c:\programdata\Kaspersky Lab

2013-08-30 15:20 . 2013-08-30 15:20 -------- d-----w- c:\users\Sky\AppData\Roaming\Malwarebytes

2013-08-30 15:20 . 2013-08-30 15:20 -------- d-----w- c:\programdata\Malwarebytes

2013-08-30 15:20 . 2013-08-30 15:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-30 15:20 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-30 14:22 . 2013-08-30 14:34 -------- d-----w- c:\users\Sky\AppData\Roaming\Natural Selection 2

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-24 10:54 . 2013-06-18 19:16 96800 ----a-w- c:\windows\system32\drivers\inspect.sys

2013-09-24 10:54 . 2013-06-18 19:16 48872 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2013-09-24 10:54 . 2013-07-09 00:59 709144 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2013-09-24 10:54 . 2013-06-18 19:16 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys

2013-09-24 10:53 . 2013-06-18 19:15 43216 ----a-w- c:\windows\system32\cmdcsr.dll

2013-09-24 10:53 . 2013-06-18 19:15 354240 ----a-w- c:\windows\SysWow64\guard32.dll

2013-09-24 10:53 . 2013-06-18 19:15 444392 ----a-w- c:\windows\system32\guard64.dll

2013-09-24 10:53 . 2013-06-18 19:15 347864 ----a-w- c:\windows\system32\cmdvrt64.dll

2013-09-24 10:53 . 2013-06-18 19:15 45784 ----a-w- c:\windows\system32\cmdkbd64.dll

2013-09-24 10:53 . 2013-06-18 19:15 280792 ----a-w- c:\windows\SysWow64\cmdvrt32.dll

2013-09-24 10:53 . 2013-06-18 19:15 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll

2013-09-20 12:11 . 2013-08-01 00:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-20 12:11 . 2013-08-01 00:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-11 17:17 . 2013-07-31 23:41 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-30 07:47 . 2013-08-01 00:22 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-08-02 01:48 . 2013-09-11 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-01 01:07 . 2013-08-01 01:07 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-08-01 01:07 . 2013-08-01 01:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-08-01 01:07 . 2013-08-01 01:07 81408 ----a-w- c:\windows\system32\icardie.dll

2013-08-01 01:07 . 2013-08-01 01:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-08-01 01:07 . 2013-08-01 01:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-08-01 01:07 . 2013-08-01 01:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-08-01 01:07 . 2013-08-01 01:07 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-08-01 01:07 . 2013-08-01 01:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-08-01 01:07 . 2013-08-01 01:07 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-08-01 01:07 . 2013-08-01 01:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-08-01 01:07 . 2013-08-01 01:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-08-01 01:07 . 2013-08-01 01:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-08-01 01:07 . 2013-08-01 01:07 441856 ----a-w- c:\windows\system32\html.iec

2013-08-01 01:07 . 2013-08-01 01:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-08-01 01:07 . 2013-08-01 01:07 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-08-01 01:07 . 2013-08-01 01:07 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-08-01 01:07 . 2013-08-01 01:07 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-08-01 01:07 . 2013-08-01 01:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-08-01 01:07 . 2013-08-01 01:07 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-08-01 01:07 . 2013-08-01 01:07 235008 ----a-w- c:\windows\system32\url.dll

2013-08-01 01:07 . 2013-08-01 01:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-08-01 01:07 . 2013-08-01 01:07 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-08-01 01:07 . 2013-08-01 01:07 216064 ----a-w- c:\windows\system32\msls31.dll

2013-08-01 01:07 . 2013-08-01 01:07 197120 ----a-w- c:\windows\system32\msrating.dll

2013-08-01 01:07 . 2013-08-01 01:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-08-01 01:07 . 2013-08-01 01:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-08-01 01:07 . 2013-08-01 01:07 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-08-01 01:07 . 2013-08-01 01:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-08-01 01:07 . 2013-08-01 01:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-08-01 01:07 . 2013-08-01 01:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-08-01 01:07 . 2013-08-01 01:07 149504 ----a-w- c:\windows\system32\occache.dll

2013-08-01 01:07 . 2013-08-01 01:07 144896 ----a-w- c:\windows\system32\wextract.exe

2013-08-01 01:07 . 2013-08-01 01:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-08-01 01:07 . 2013-08-01 01:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-08-01 01:07 . 2013-08-01 01:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-08-01 01:07 . 2013-08-01 01:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-08-01 01:07 . 2013-08-01 01:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-08-01 01:07 . 2013-08-01 01:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-08-01 01:07 . 2013-08-01 01:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-08-01 01:07 . 2013-08-01 01:07 102912 ----a-w- c:\windows\system32\inseng.dll

2013-08-01 01:07 . 2013-08-01 01:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-08-01 01:07 . 2013-08-01 01:07 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-08-01 01:07 . 2013-08-01 01:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-08-01 01:07 . 2013-08-01 01:07 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-08-01 01:07 . 2013-08-01 01:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-08-01 01:07 . 2013-08-01 01:07 13824 ----a-w- c:\windows\system32\mshta.exe

2013-08-01 01:07 . 2013-08-01 01:07 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-08-01 01:07 . 2013-08-01 01:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-08-01 01:07 . 2013-08-01 01:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-08-01 01:06 . 2013-08-01 01:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-08-01 01:06 . 2013-08-01 01:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-08-01 01:06 . 2013-08-01 01:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-08-01 01:06 . 2013-08-01 01:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-08-01 01:06 . 2013-08-01 01:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-08-01 01:06 . 2013-08-01 01:06 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-08-01 01:06 . 2013-08-01 01:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-08-01 01:06 . 2013-08-01 01:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-08-01 01:06 . 2013-08-01 01:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-01 01:06 . 2013-08-01 01:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-08-01 01:06 . 2013-08-01 01:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-08-01 01:06 . 2013-08-01 01:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-08-01 01:06 . 2013-08-01 01:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-08-01 01:06 . 2013-08-01 01:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-08-01 01:06 . 2013-08-01 01:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-08-01 01:06 . 2013-08-01 01:06 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-08-01 01:06 . 2013-08-01 01:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-08-01 01:06 . 2013-08-01 01:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-08-01 01:06 . 2013-08-01 01:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]

2013-07-26 20:30 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]

.

[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-21 1814440]

"Memory Cleaner"="c:\users\Sky\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe" [2013-02-03 791560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-20 347192]

"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;tsusbhub [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

S2 APNMCP;Serviço de atualização Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01 12:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 13:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-09-24 1612504]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://br.yahoo.com/?fr=fp-comodo

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

FF - ProfilePath - c:\users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\t7nxtj0m.default-1378133973841\

FF - prefs.js: browser.startup.homepage - www.uol.com.br

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-07-26 17:31; toolbar_AVIRA-V7@apn.ask.com; c:\users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\t7nxtj0m.default-1378133973841\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-09-25 17:34:06

ComboFix-quarantined-files.txt 2013-09-25 20:34

ComboFix2.txt 2013-09-18 06:51

.

Pré-execução: 890.062.467.072 bytes disponíveis

Pós execução: 892.201.955.328 bytes disponíveis

.

- - End Of File - - 2C9FE5873C460315450A1C3FE0321A4A

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Drones

Do que se trata esses proxy, diego?
Não vou saber te responder, sei que ele é de acesso local, eu/você teria que fazer o acesso no seu PC na parta especificada para ver o que era ;)

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.09.30.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Sky :: SKY-PC [administrador]

30/09/2013 17:09:32

mbam-log-2013-09-30 (17-09-32).txt

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 379385

Tempo decorrido: 53 minuto(s), 17 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1

C:\Users\Sky\Downloads\revo-uninstaller-195-32-bits.exe (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Drones

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa diego, no scan do kaspersky nada foi detectado. Mas aconteceu algo estranho. Eu estava jogando, quando de repente meu mouse congelou! tudo no sistema funcionava normalmente, menos o mouse. Dei um Alt+ Tab e testei outro mouse, mas mesmo assim o problema persistia. Tentei reiniciar pelo teclado, mas de alguma maneira, o enter não funcionava justamente no ícone "desligar" do menu iniciar. Tive que apelar para tecla power do teclado.

Será um bug normal ou o marvado virus ainda se abriga aqui? XDDDD

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Drones

Travamento assim pode ser fonte, ou então aquecimento do PC. Aí você teria que testar ambos, ver temperatura, por exemplo, do processador. Um bom programa é HWMonitor ;)

Procure na área do fórum responsável por isso e se quiser pode linkar este tópico ;)

Mais alguma coisa?

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Entendi.

Valeu mesmo diego! agradeço muito a sua assistência.

Continuo com todos os programas que você mandou instalar?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Drones

Continuo com todos os programas que você mandou instalar?
Não precisa...

# Etapa nº 1 #

Vamos desinstalar o ComboFix:

Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

Ou se preferir vá em,

iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

# Etapa nº 2 #

Faça download do OTC by OldTimer e salve em seu desktop.

  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.

# Etapa nº 3 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe pela demora diego!

Admiro sua simpatia do incio ao fim com o meu caso.

Valeu cara, saude e paz pra ti brother!

Grande abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×