Ir ao conteúdo
  • Cadastre-se
Med77

Tela azul pc novo, pop-ups sem autorização, pc lento.

Recommended Posts

Desde ja agradeço a ajuda meus amigos!! Abraço! Não estou conseguindo adicionar os arquivos por causa de um pop up que bloqueia.. vou cola-los..

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16720

Run by user at 13:49:36 on 2013-10-22

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3313.1660 [GMT -2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\ANIWConnService.exe

C:\Program Files\Hi-Rez Studios\HiPatchService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\SlimDrivers\SlimDrivers.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\TIM Communicator\module\devicemon.exe

C:\Users\user\AppData\Roaming\okitspace\protect\PluginProtect.exe

C:\Program Files\SoftwareUpdater\UpdaterService.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.189\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.53\deploy\LolClient.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013

uSearch Page = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: Plus-HD-2.3: {11111111-1111-1111-1111-110311341126} - c:\program files\plus-hd-2.3\Plus-HD-2.3-bho.dll

BHO: OKitSpace: {3543619C-D563-43f7-95EA-4DA7E1CC396A} - c:\users\user\appdata\roaming\okitspace\ie\OkitSpace.dll

BHO: PassWidget: {4996fddf-da1e-4ad2-81f0-2de7d6ee2d66} - c:\program files\pass-widget\134.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe

mRun: [fst_br_3] <no file>

dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\pcapps~1.lnk - c:\windows\system32\rundll32.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 201.17.0.92 201.17.0.64

TCP: Interfaces\{02896D36-8C18-4AB2-8FA3-2723E8439F87} : DHCPNameServer = 200.222.122.134 200.165.132.154 192.168.0.1

TCP: Interfaces\{1F1B3ED5-B7C4-44FB-968A-4E9DE1AEA5A5} : DHCPNameServer = 201.17.0.92 201.17.0.64

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\3hvy9hds.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://br.msn.com/?pc=UP97&ocid=UP97DHP

FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&installDate=15/10/2013&q=

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll

FF - ExtSQL: 2013-10-15 20:07; {348179c6-ba7b-4aaf-92fa-6bd1702662b9}; c:\program files\pass-widget\134.xpi

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2013-10-2 9216]

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-10-15 47456]

R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2013-7-22 12800]

R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2013-7-22 147456]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]

R2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files\tim communicator\module\devicemon.exe [2010-4-20 27040]

R2 srvPlgProtect;Protect your browser's extensions;c:\users\user\appdata\roaming\okitspace\protect\PluginProtect.exe [2013-10-17 52736]

R2 SrvUpdater;Software Updater;c:\program files\softwareupdater\UpdaterService.exe [2013-9-26 32256]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-7-22 364416]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2013-7-22 99992]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-7-22 55104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2013-7-22 722944]

S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [2013-7-22 105088]

S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\Ondausbnmea.sys [2013-7-22 105088]

S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\Ondausbser6k.sys [2013-7-22 105088]

S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [2013-7-22 105088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-7-22 15872]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-7-22 13464]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-7-24 52224]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-24 1343400]

.

=============== Created Last 30 ================

.

2013-10-22 13:17:49 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2b59232b-7e6d-4043-873d-0f7dc2055477}\offreg.dll

2013-10-22 12:42:30 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2b59232b-7e6d-4043-873d-0f7dc2055477}\mpengine.dll

2013-10-20 06:31:09 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10145.bin

2013-10-20 01:23:49 -------- d-----w- c:\program files\predm

2013-10-20 01:03:44 -------- d-----w- c:\program files\SoftwareUpdater

2013-10-16 01:21:08 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-10-16 01:21:08 619520 ----a-w- c:\windows\system32\tdh.dll

2013-10-16 01:21:08 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-10-16 01:21:08 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-10-16 01:21:08 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-10-16 01:15:18 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-10-16 01:15:18 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys

2013-10-16 01:13:21 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-10-16 00:49:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-10-16 00:49:31 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-10-16 00:49:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-10-15 23:37:58 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-10-15 23:37:45 -------- d-----w- c:\programdata\Baidu Security

2013-10-15 23:33:15 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-10-15 23:31:13 -------- d-----w- c:\programdata\Uniblue

2013-10-15 23:26:57 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-10-15 23:19:37 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-15 23:18:11 70656 ----a-w- c:\windows\system32\fontsub.dll

2013-10-15 23:18:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-10-15 23:18:11 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-10-15 23:18:11 26112 ----a-w- c:\windows\system32\lpk.dll

2013-10-15 23:18:11 10240 ----a-w- c:\windows\system32\dciman32.dll

2013-10-15 23:09:36 -------- d-----w- c:\users\user\appdata\local\Programs

2013-10-15 23:08:31 -------- d-----w- c:\program files\iRobinHood

2013-10-15 23:07:29 -------- d-----w- c:\program files\Pass-Widget

2013-10-15 23:06:46 -------- d-----w- c:\users\user\appdata\roaming\okitspace

2013-10-15 23:05:07 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-10-15 23:04:58 81920 ----a-w- c:\windows\system32\davclnt.dll

2013-10-15 23:04:58 205824 ----a-w- c:\windows\system32\WebClnt.dll

2013-10-15 23:04:58 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2013-10-15 23:04:50 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-15 23:04:47 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-15 23:02:11 -------- d-----w- c:\users\user\appdata\local\BeamriseUninstall

2013-10-15 22:52:40 -------- d-----w- c:\users\user\appdata\roaming\Baidu Security

2013-10-15 22:52:40 -------- d-----w- c:\program files\Baidu Security

2013-10-15 22:52:06 -------- d-----w- c:\users\user\appdata\roaming\baidu

2013-10-02 21:05:23 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2013-10-02 21:05:23 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2013-10-02 21:05:23 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2013-10-02 21:05:22 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2013-10-02 21:05:22 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2013-10-02 21:05:22 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2013-10-02 21:05:22 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2013-10-02 21:05:22 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2013-10-02 20:20:56 -------- d-----w- c:\users\user\appdata\roaming\Awesomium

2013-10-02 20:20:36 -------- d-----w- c:\programdata\Hi-Rez Studios

2013-10-02 20:20:26 -------- d-----w- c:\program files\Hi-Rez Studios

.

==================== Find3M ====================

.

2013-10-22 15:17:54 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2013-10-16 00:58:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-16 00:58:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-09-03 17:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 06:24:12 152576 ----a-w- c:\windows\system32\msclmd.dll

.

============= FINISH: 13:50:05,69 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 22/07/2013 14:56:23

System Uptime: 22/10/2013 13:17:30 (0 hours ago)

.

Motherboard: PCWARE | | IPMH61R1

Processor: Intel® Core i5-2300 CPU @ 2.80GHz | CPU 1 | 2801/400mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 888,534 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP44: 04/10/2013 13:52:39 - Windows Update

RP45: 15/10/2013 18:40:18 - Ponto de Verificação Agendado

RP46: 15/10/2013 20:04:05 - Windows Update

RP48: 15/10/2013 20:15:35 - Uniblue DriverScanner installation

RP49: 16/10/2013 03:00:11 - Windows Update

RP50: 19/10/2013 22:55:03 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 12.0

ANIWZCS2 Service

Atualizações da NVIDIA 1.12.12

Cross Fire AL

D-Link Wireless 150 USB Adapter DWA-125

Hi-Rez Studios Authenticate and Update Service

Intel® Management Engine Components

Intel® Trusted Connect Service Client

League of Legends

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

NVIDIA Driver de controle do 3D Vision 314.22

NVIDIA Driver de gráficos 314.22

NVIDIA Driver de áudio HD 1.3.23.1

NVIDIA Driver do 3D Vision 314.22

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Software do sistema PhysX 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Painel de controle da NVIDIA 314.22

Pando Media Booster

PassWidget

Plus-HD-2.3

PokerStars

PokerStars.net

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Skype™ 6.9

SlimDrivers

Smite

SoftwareUpdater

swMSM

System Requirements Lab for Intel

TIM Communicator

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-10-22 14:11:52

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST1000DM003-1CH162 rev.CC46 931,51GB

Running: n2ey3g6t.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwAlpcSendWaitReceivePort [0x8BB59CA0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwAssignProcessToJobObject [0x8BB5ADB0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateFile [0x8BB59310]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateKey [0x8BB58DC0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateProcess [0x8BB5A770]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateProcessEx [0x8BB5A670]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateSection [0x8BB59FF0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateSymbolicLinkObject [0x8BB5A420]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateThread [0x8BB59900]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateThreadEx [0x8BB5AB00]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwCreateUserProcess [0x8BB5AE70]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeleteFile [0x8BB59E60]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeleteKey [0x8BB594F0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeleteValueKey [0x8BB595B0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDeviceIoControlFile [0x8BB59BA0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwDuplicateObject [0x8BB599F0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwEnumerateValueKey [0x8BB59820]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwGetNextProcess [0x8BB5AC10]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwGetNextThread [0x8BB5A930]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwLoadDriver [0x8BB59AE0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwOpenProcess [0x8BB59420]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwOpenSection [0x8BB59F20]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwOpenThread [0x8BB5A860]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwProtectVirtualMemory [0x8BB5A340]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwQueryValueKey [0x8BB59740]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwQueueApcThread [0x8BB5AF80]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwRenameKey [0x8BB5A5B0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwRequestWaitReplyPort [0x8BB59670]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwRestoreKey [0x8BB5B060]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetContextThread [0x8BB5A4F0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetInformationFile [0x8BB58F70]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetSecurityObject [0x8BB5B130]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetSystemInformation [0x8BB59D90]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSetValueKey [0x8BB59150]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSuspendThread [0x8BB5A0E0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwSystemDebugControl [0x8BB5A260]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwTerminateProcess [0x8BB58EB0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwTerminateThread [0x8BB5A1A0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwUnmapViewOfSection [0x8BB5ACF0]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwWriteFile [0x8BB59050]

SSDT \SystemRoot\System32\drivers\Bhbase.sys ZwWriteVirtualMemory [0x8BB59230]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E8FA15 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC9212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82ED04D8 4 Bytes [A0, 9C, B5, 8B]

.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82ED04E8 4 Bytes [b0, AD, B5, 8B] {MOV AL, 0xad; MOV CH, 0x8b}

.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82ED0544 4 Bytes [10, 93, B5, 8B]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82ED0554 4 Bytes [C0, 8D, B5, 8B]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82ED0578 8 Bytes [70, A7, B5, 8B, 70, A6, B5, ...] {JO 0xffffffa9; MOV CH, 0x8b; JO 0xffffffac; MOV CH, 0x8b}

.text ...

? C:\Users\user\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2120] ntdll.dll!LdrGetProcedureAddress + 26 77B022A9 7 Bytes JMP 5D36DFF0 C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Program Files\Mozilla Firefox\firefox.exe[2120] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 768E941E 7 Bytes JMP 5DAF9773 C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Program Files\Mozilla Firefox\firefox.exe[2120] kernel32.dll!QueryPerformanceCounter + 13 768EC425 7 Bytes JMP 5DAF9796 C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Program Files\Mozilla Firefox\firefox.exe[2120] kernel32.dll!LoadAppInitDlls + 355 768EF4E6 7 Bytes JMP 5D375F1A C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Program Files\Mozilla Firefox\firefox.exe[2120] GDI32.dll!GetViewportOrgEx + 26C 77C4884B 7 Bytes JMP 5DAF96F4 C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateFile + 6 77AE560E 4 Bytes [28, E0, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateFile + B 77AE5613 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateKey + 6 77AE564E 4 Bytes [68, E1, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateKey + B 77AE5653 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateMutant + 6 77AE568E 4 Bytes [68, E2, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateMutant + B 77AE5693 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateSection + 6 77AE572E 4 Bytes [A8, E2, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtCreateSection + B 77AE5733 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtMapViewOfSection + B 77AE5C73 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenFile + 6 77AE5D1E 4 Bytes [68, E0, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenFile + B 77AE5D23 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenKey + 6 77AE5D4E 4 Bytes [A8, E1, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenKey + B 77AE5D53 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenKeyEx + B 77AE5D63 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenMutant + 6 77AE5D9E 4 Bytes [28, E2, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenMutant + B 77AE5DA3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenProcess + 6 77AE5DCE 4 Bytes [68, E3, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenProcess + B 77AE5DD3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenProcessToken + 6 77AE5DDE 4 Bytes [A8, E3, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenProcessToken + B 77AE5DE3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenProcessTokenEx + 6 77AE5DEE 4 Bytes [68, E4, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenProcessTokenEx + B 77AE5DF3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenSection + B 77AE5E13 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenThread + 6 77AE5E4E 4 Bytes [28, E3, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenThread + B 77AE5E53 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenThreadToken + 6 77AE5E5E 4 Bytes [28, E4, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenThreadToken + B 77AE5E63 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenThreadTokenEx + 6 77AE5E6E 4 Bytes [A8, E4, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtOpenThreadTokenEx + B 77AE5E73 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtQueryAttributesFile + 6 77AE5F7E 4 Bytes [A8, E0, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtQueryAttributesFile + B 77AE5F83 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtQueryFullAttributesFile + B 77AE6033 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtSetInformationFile + 6 77AE667E 4 Bytes [28, E1, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtSetInformationFile + B 77AE6683 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtSetInformationThread + B 77AE66E3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtUnmapViewOfSection + 6 77AE69FE 4 Bytes [28, E5, 17, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ntdll.dll!NtUnmapViewOfSection + B 77AE6A03 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] kernel32.dll!CreateProcessW 768A204D 5 Bytes JMP 00180030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] kernel32.dll!CreateProcessA 768A2082 5 Bytes JMP 00180070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!ActivateKeyboardLayout 766E8203 5 Bytes JMP 002304F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!ScreenToClient 766EA506 7 Bytes JMP 00230670

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!RegisterClipboardFormatA 766EC091 5 Bytes JMP 002302F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!RegisterClipboardFormatW 766EDF8D 5 Bytes JMP 002302B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!SetCursor 766F3075 5 Bytes JMP 00230530

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!MonitorFromWindow 766F3622 7 Bytes JMP 00230630

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!PostMessageW 766F447B 5 Bytes JMP 002305F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!IsWindowVisible 766F4D69 7 Bytes JMP 002306B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetClientRect 766F54DD 7 Bytes JMP 002305B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!MapWindowPoints 766F5CAA 5 Bytes JMP 00230570

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetParent 766F6029 7 Bytes JMP 002306F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!EmptyClipboard 7670290C 5 Bytes JMP 00230130

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!SetClipboardData 76702962 5 Bytes JMP 00230170

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetClipboardData 76702BA7 5 Bytes JMP 00230030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetClipboardFormatNameW 76705FD2 5 Bytes JMP 00230230

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!SetClipboardViewer 76706FF6 5 Bytes JMP 002304B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetClipboardFormatNameA 7670700A 5 Bytes JMP 00230270

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!ChangeClipboardChain 7671147C 5 Bytes JMP 00230430

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetTopWindow 767124D9 7 Bytes JMP 00230730

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!CloseClipboard 7671446C 5 Bytes JMP 002300B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!OpenClipboard 7671447E 5 Bytes JMP 00230070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!IsClipboardFormatAvailable 767144FF 5 Bytes JMP 002300F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetClipboardSequenceNumber 76714513 5 Bytes JMP 00230330

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetClipboardOwner 76714525 5 Bytes JMP 00230370

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!CountClipboardFormats 7671470A 5 Bytes JMP 002301F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!EnumClipboardFormats 767147EC 5 Bytes JMP 002301B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetOpenClipboardWindow 7671480B 5 Bytes JMP 002303F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!SetCursorPos 7672C1B0 5 Bytes JMP 00230770

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetClipboardViewer 76744AF7 5 Bytes JMP 00230470

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] user32.DLL!GetPriorityClipboardFormat 76744BF9 5 Bytes JMP 002303B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!DeleteObject 77C45F14 5 Bytes JMP 002401B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SelectObject 77C46640 5 Bytes JMP 002405F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetTextColor 77C46906 5 Bytes JMP 00240A30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetBkMode 77C469B1 5 Bytes JMP 002408F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!DeleteDC 77C46EAA 5 Bytes JMP 00240170

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetDeviceCaps 77C46F7F 5 Bytes JMP 002403B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!ExtSelectClipRgn 77C47114 5 Bytes JMP 002402F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SelectClipRgn 77C47242 5 Bytes JMP 002405B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetStretchBltMode 77C47705 5 Bytes JMP 002406B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetCurrentObject 77C47917 5 Bytes JMP 00240370

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextMetricsW 77C47B8F 5 Bytes JMP 00240E30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextAlign 77C47DAF 5 Bytes JMP 00240D70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!IntersectClipRect 77C47DFE 5 Bytes JMP 002403F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!ExtTextOutW 77C48192 5 Bytes JMP 00240970

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetTextAlign 77C4828E 5 Bytes JMP 002409F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetClipBox 77C48525 5 Bytes JMP 00240330

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!MoveToEx 77C48C21 5 Bytes JMP 00240470

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!StretchDIBits 77C4A53E 5 Bytes JMP 00240770

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!RestoreDC 77C4A67B 5 Bytes JMP 00240530

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SaveDC 77C4A74B 5 Bytes JMP 00240570

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextExtentPoint32W 77C4B4B5 5 Bytes JMP 00240670

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextFaceW 77C4B73A 2 Bytes JMP 00240D30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextFaceW + 3 77C4B73D 2 Bytes [5F, 88]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetFontData 77C4BCC4 5 Bytes JMP 00240C70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetWorldTransform 77C4C90A 5 Bytes JMP 002406F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!CreateDCA 77C4CCA9 5 Bytes JMP 002400B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!CreateDCW 77C4CF79 5 Bytes JMP 002400F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!CreateICW 77C4CFD0 5 Bytes JMP 00240130

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextMetricsA 77C4D0F2 5 Bytes JMP 00240DF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!Rectangle 77C4F1FF 5 Bytes JMP 002409B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!LineTo 77C4F59B 5 Bytes JMP 00240430

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetICMMode 77C4FAA4 5 Bytes JMP 00240DB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!ExtTextOutA 77C503F9 5 Bytes JMP 00240930

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextExtentPoint32A 77C507B0 5 Bytes JMP 00240630

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!ExtEscape 77C52949 5 Bytes JMP 002402B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!Escape 77C53939 5 Bytes JMP 00240270

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetTextFaceA 77C53E6A 5 Bytes JMP 00240CF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetPolyFillMode 77C5D851 5 Bytes JMP 00240B30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SetMiterLimit 77C5DA0D 5 Bytes JMP 00240B70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!EndPage 77C600D7 5 Bytes JMP 00240230

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!ResetDCW 77C6050D 5 Bytes JMP 00240AB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!GetGlyphOutlineW 77C6C1BA 5 Bytes JMP 00240CB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!CreateScalableFontResourceW 77C6E817 5 Bytes JMP 00240BB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!AddFontResourceW 77C6EC13 5 Bytes JMP 00240BF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!RemoveFontResourceW 77C6F109 5 Bytes JMP 00240C30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!AbortDoc 77C74C63 5 Bytes JMP 00240030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!EndDoc 77C750AA 5 Bytes JMP 002401F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!StartPage 77C75195 5 Bytes JMP 00240730

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!StartDocW 77C75BB0 5 Bytes JMP 002407F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!BeginPath 77C7635D 5 Bytes JMP 00240830

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!SelectClipPath 77C763B4 5 Bytes JMP 00240AF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!CloseFigure 77C7640F 5 Bytes JMP 00240070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!EndPath 77C76466 5 Bytes JMP 00240A70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!StrokePath 77C76699 5 Bytes JMP 002407B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!FillPath 77C76726 5 Bytes JMP 00240870

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!PolylineTo 77C76B94 5 Bytes JMP 002404F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!PolyBezierTo 77C76C25 5 Bytes JMP 002404B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] GDI32.dll!PolyDraw 77C76CD7 5 Bytes JMP 002408B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ole32.dll!OleSetClipboard 765E0045 5 Bytes JMP 00260030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ole32.dll!OleIsCurrentClipboard 765E36B2 5 Bytes JMP 00260070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[2304] ole32.dll!OleGetClipboard 7660FDCD 5 Bytes JMP 002600B0

.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2332] kernel32.dll!SetUnhandledExceptionFilter 768EF4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3316] USER32.dll!RegisterMessagePumpHook + 2F1 766E8B9E 7 Bytes JMP 5D6B6007 C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3316] USER32.dll!IsDialogMessageW + 340 766F4444 7 Bytes JMP 5D6B6078 C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3316] USER32.dll!GetWindowInfo 766F4B5E 5 Bytes JMP 5D6B9DDF C:\Program Files\Mozilla Firefox\xul.dll

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3316] USER32.dll!ToUnicodeEx + 71 76702223 7 Bytes JMP 5D6B3789 C:\Program Files\Mozilla Firefox\xul.dll

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{FC6813EA-F2F6-11E2-A191-806E6F6E6963} 976612704

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Depois,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo obrigado por responder, vi que a coisa ta um pouco mais séria tem uma chave ao lado de todas caixas de password que assim que ponho a senha ele abre um pop up na hora que deve enviar a senha.. segue os logs!!

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.10.23.10

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16721

user :: USER-PC [administrador]

Proteção: Permitir

23/10/2013 20:03:33

MBAM-log-2013-10-23 (20-07-35).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 208626

Tempo decorrido: 3 minuto(s), 45 segundo(s)

Processos de Memória Detectados: 3

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bg.exe (PUP.Optional.PlusHD.A) -> 1136 -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\UpdaterService.exe (PUP.Optional.SoftwareUpdater.A) -> 2176 -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\PluginProtect.exe (PUP.Optional.OKitSpace.A) -> 2148 -> Nenhuma ação foi feita.

Módulos de Memória Detectados: 4

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\IE\OkitSpace.dll (PUP.Optional.OfferBox.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\Interop.Shell32.dll (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\utilsDll.dll (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

Chaves de Registro Detectadas: 25

HKCR\CLSID\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKCR\TypeLib\{44444444-4444-4444-4444-440344344426} (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKCR\Interface\{55555555-5555-5555-5555-550355345526} (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKCR\CrossriderApp0033426.BHO.1 (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKCR\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3543619C-D563-43F7-95EA-4DA7E1CC396A} (PUP.Optional.OfferBox.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

HKCR\CrossriderApp0033426.BHO (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.

HKCR\CrossriderApp0033426.Sandbox (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.

HKCR\CrossriderApp0033426.Sandbox.1 (PUP.Optional.CrossRider.A) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nenhuma ação foi feita.

HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Freesofttoday (Adware.EoRezo) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Plus-HD-2.3 (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\SOFTWAREUPDATER (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3 (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

HKLM\SYSTEM\CurrentControlSet\Services\srvPlgProtect (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

Valores de Registro Detectadas: 3

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1M1R1K1L2W -> Nenhuma ação foi feita.

HKLM\SOFTWARE\SoftwareUpdater|partner_keyword (PUP.Optional.SoftwareUpdater.A) -> Data: DESCARGARES -> Nenhuma ação foi feita.

HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater|ImagePath (PUP.Optional.SoftwareUpdater.A) -> Data: C:\Program Files\SoftwareUpdater\UpdaterService.exe -> Nenhuma ação foi feita.

Itens de Dados no Registro Detectadas: 4

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Ruim: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013) Bom: (http://www.google.com) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Ruim: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013) Bom: (http://www.google.com) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Ruim: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013) Bom: (http://www.google.com) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Ruim: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013) Bom: (http://www.google.com) -> Nenhuma ação foi feita.

Pastas Detectadas: 19

C:\Program Files\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3 (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Chrome (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\content (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\content\icons (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\skin (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\IE (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\files (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\updateSrv (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Windows\System32\config\systemprofile\AppData\Roaming\okitSpace (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Windows\System32\config\systemprofile\AppData\Roaming\okitSpace\Chrome (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Windows\System32\config\systemprofile\AppData\Roaming\okitSpace\Firefox (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Windows\System32\config\systemprofile\AppData\Roaming\okitSpace\IE (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

Arquivos Detectados: 55

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bho.dll (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-bg.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\IE\OkitSpace.dll (PUP.Optional.OfferBox.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Local\Temp\is1275519350\cor_ar_201374152357_portaldosites.exe (PUP.Optional.Elex) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Local\Temp\is1275519350\LyriXeeker_1060-2027_v116.exe (PUP.Optional.LyricXeeker.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Local\Temp\is1275519350\plus-hd-2-3_BR.exe (PUP.Optional.CrossRider) -> Nenhuma ação foi feita.

C:\Windows\Temp\installer.exe (PUP.Optional.Vittalia) -> Nenhuma ação foi feita.

C:\Users\user\Downloads\installer_office-2010_Portuguese.exe (PUP.Optional.VIT) -> Nenhuma ação foi feita.

C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Windows\Tasks\Plus-HD-2.3-enabler.job (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Windows\Tasks\Plus-HD-2.3-updater.job (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\KeyGen.dll (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\AppsUpdater.exe (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\AppsUpdater.exe.config (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\config.xml (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\Interop.Shell32.dll (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\translations.xml (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\uninstall.exe (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\SoftwareUpdater\UpdaterService.exe (PUP.Optional.SoftwareUpdater.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\background.html (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Installer.log (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil.dll (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-helper.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3-updater.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Plus-HD-2.3.ico (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\Uninstall.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Program Files\Plus-HD-2.3\utils.exe (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\uninstall.exe (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Chrome\OKitSpace.crx (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome.manifest (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\install.rdf (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\content\background.html (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\content\content.xul (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\content\main.js (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\content\icons\okitspace-19x19.png (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\content\icons\okitspace-48x48.png (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\Firefox\chrome\skin\overlay.css (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\IE\config (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\config.xml (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\Interop.Shell32.dll (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\PluginProtect.exe (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\PluginProtect.exe_old (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\sqlite3.exe (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\utilsDll.dll (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\versionPPSrv (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\files\crxID (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\files\OkitSpace.crx (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\files\OkitSpace.dll (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\files\OkitSpace.xpi (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

C:\Users\user\AppData\Roaming\okitspace\protect\files\version (PUP.Optional.OKitSpace.A) -> Nenhuma ação foi feita.

(fim)

ComboFix 13-10-23.02 - user 23/10/2013 20:12:20.1.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3313.2451 [GMT -2:00]

Executando de: c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UQTGTPT\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\cflog\EPLog.txt

c:\program files\SoftwareUpdater\KeyGen.dll

c:\users\user\Desktop\Search.lnk

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_SrvUpdater

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-09-23 to 2013-10-23 ))))))))))))))))))))))))))))

.

.

2013-10-23 22:16 . 2013-10-23 22:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-10-23 22:16 . 2013-10-23 22:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-23 22:13 . 2013-10-23 22:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B59232B-7E6D-4043-873D-0F7DC2055477}\offreg.dll

2013-10-23 22:02 . 2013-10-23 22:02 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes

2013-10-23 22:01 . 2013-10-23 22:01 -------- d-----w- c:\programdata\Malwarebytes

2013-10-23 22:01 . 2013-10-23 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-23 22:01 . 2013-04-04 16:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-22 12:42 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B59232B-7E6D-4043-873D-0F7DC2055477}\mpengine.dll

2013-10-20 06:31 . 2013-10-20 06:31 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

2013-10-20 01:23 . 2013-10-20 01:23 -------- d-----w- c:\program files\predm

2013-10-20 01:03 . 2013-10-23 22:16 -------- d-----w- c:\program files\SoftwareUpdater

2013-10-16 01:21 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-10-16 01:21 . 2013-08-29 01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-10-16 01:21 . 2013-08-29 01:50 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-10-16 01:21 . 2013-08-29 01:50 619520 ----a-w- c:\windows\system32\tdh.dll

2013-10-16 01:21 . 2013-08-29 01:48 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-10-16 01:15 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-10-16 01:15 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys

2013-10-16 01:13 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-10-16 00:49 . 2013-09-14 00:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-10-16 00:49 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-10-16 00:49 . 2013-09-08 02:03 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-10-15 23:37 . 2013-09-03 11:59 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-10-15 23:37 . 2013-10-15 23:37 -------- d-----w- c:\programdata\Baidu Security

2013-10-15 23:33 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-10-15 23:31 . 2013-10-15 23:31 -------- d-----w- c:\programdata\Uniblue

2013-10-15 23:26 . 2013-08-01 11:03 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-10-15 23:19 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-15 23:18 . 2013-06-06 04:52 26112 ----a-w- c:\windows\system32\lpk.dll

2013-10-15 23:18 . 2013-06-06 04:51 70656 ----a-w- c:\windows\system32\fontsub.dll

2013-10-15 23:18 . 2013-06-06 04:50 10240 ----a-w- c:\windows\system32\dciman32.dll

2013-10-15 23:18 . 2013-06-06 03:01 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-10-15 23:18 . 2013-06-06 03:01 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-10-15 23:17 . 2013-10-15 23:17 -------- d-----w- c:\program files\Microsoft Silverlight

2013-10-15 23:09 . 2013-10-15 23:09 -------- d-----w- c:\users\user\AppData\Local\Programs

2013-10-15 23:08 . 2013-10-20 01:19 -------- d-----w- c:\program files\iRobinHood

2013-10-15 23:07 . 2013-10-15 23:07 -------- d-----w- c:\program files\Pass-Widget

2013-10-15 23:06 . 2013-10-20 01:03 -------- d-----w- c:\users\user\AppData\Roaming\okitspace

2013-10-15 23:05 . 2013-08-28 01:04 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-10-15 23:04 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll

2013-10-15 23:04 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll

2013-10-15 23:04 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2013-10-15 23:04 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-15 23:04 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-15 23:02 . 2013-10-15 23:02 -------- d-----w- c:\users\user\AppData\Local\BeamriseUninstall

2013-10-15 22:52 . 2013-10-20 00:50 -------- d-----w- c:\program files\Baidu Security

2013-10-15 22:52 . 2013-10-20 00:50 -------- d-----w- c:\users\user\AppData\Roaming\Baidu Security

2013-10-15 22:52 . 2013-10-15 22:52 -------- d-----w- c:\users\user\AppData\Roaming\baidu

2013-10-02 21:05 . 2010-06-02 07:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2013-10-02 21:05 . 2010-06-02 07:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2013-10-02 21:05 . 2010-05-26 14:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2013-10-02 21:05 . 2010-05-26 14:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2013-10-02 21:05 . 2010-05-26 14:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2013-10-02 21:05 . 2010-05-26 14:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2013-10-02 21:05 . 2010-02-04 13:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2013-10-02 21:05 . 2007-04-04 21:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2013-10-02 20:20 . 2013-10-02 20:20 -------- d-----w- c:\users\user\AppData\Roaming\Awesomium

2013-10-02 20:20 . 2013-10-02 20:20 -------- d-----w- c:\programdata\Hi-Rez Studios

2013-10-02 20:20 . 2013-10-02 20:20 -------- d-----w- c:\program files\Hi-Rez Studios

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-23 22:18 . 2013-07-22 19:08 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2013-10-16 00:58 . 2013-07-22 19:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-16 00:58 . 2013-07-22 19:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-03 17:35 . 2013-07-22 19:45 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-08-05 01:56 . 2013-09-12 10:46 133056 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50 . 2013-09-12 10:46 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 01:49 . 2013-09-12 10:46 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 01:48 . 2013-09-12 10:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 01:48 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-08-02 00:52 . 2013-09-12 10:46 271360 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:43 . 2013-09-12 10:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43 . 2013-09-12 10:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-07-26 06:03 . 2013-07-26 06:03 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-07-26 06:03 . 2013-07-26 06:03 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-07-26 06:03 . 2013-07-26 06:03 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-07-26 06:03 . 2013-07-26 06:03 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-07-26 06:03 . 2013-07-26 06:03 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-07-26 06:03 . 2013-07-26 06:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-07-26 06:03 . 2013-07-26 06:03 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-07-26 06:03 . 2013-07-26 06:03 361984 ----a-w- c:\windows\system32\html.iec

2013-07-26 06:03 . 2013-07-26 06:03 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-07-26 06:03 . 2013-07-26 06:03 158720 ----a-w- c:\windows\system32\msls31.dll

2013-07-26 06:03 . 2013-07-26 06:03 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-07-26 06:03 . 2013-07-26 06:03 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-26 06:03 . 2013-07-26 06:03 138752 ----a-w- c:\windows\system32\wextract.exe

2013-07-26 06:03 . 2013-07-26 06:03 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-26 06:03 . 2013-07-26 06:03 12800 ----a-w- c:\windows\system32\mshta.exe

2013-07-26 06:03 . 2013-07-26 06:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-07-26 06:03 . 2013-07-26 06:03 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-07-26 06:03 . 2013-07-26 06:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 906240 ----a-w- c:\windows\system32\FntCache.dll

2013-07-26 06:03 . 2013-07-26 06:03 604160 ----a-w- c:\windows\system32\d3d10level9.dll

2013-07-26 06:03 . 2013-07-26 06:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-07-26 06:03 . 2013-07-26 06:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-07-26 06:03 . 2013-07-26 06:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 3419136 ----a-w- c:\windows\system32\d2d1.dll

2013-07-26 06:03 . 2013-07-26 06:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 293376 ----a-w- c:\windows\system32\dxgi.dll

2013-07-26 06:03 . 2013-07-26 06:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-07-26 06:03 . 2013-07-26 06:03 249856 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-07-26 06:03 . 2013-07-26 06:03 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-07-26 06:03 . 2013-07-26 06:03 220160 ----a-w- c:\windows\system32\d3d10core.dll

2013-07-26 06:03 . 2013-07-26 06:03 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-07-26 06:03 . 2013-07-26 06:03 1988096 ----a-w- c:\windows\system32\d3d10warp.dll

2013-07-26 06:03 . 2013-07-26 06:03 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2013-07-26 06:03 . 2013-07-26 06:03 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2013-07-26 06:03 . 2013-07-26 06:03 1158144 ----a-w- c:\windows\system32\XpsPrint.dll

2013-07-26 06:03 . 2013-07-26 06:03 1080832 ----a-w- c:\windows\system32\d3d10.dll

2013-07-26 06:03 . 2013-07-26 06:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4996fddf-da1e-4ad2-81f0-2de7d6ee2d66}]

2013-10-15 23:07 143872 ----a-w- c:\program files\Pass-Widget\134.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-02 20472992]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-07-28 4287536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-25 280576]

.

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PC App Store Uninstall 3.8.8.1435.lnk - c:\windows\System32\rundll32.exe "c:\users\user\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini" [2009-7-13 44544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2000-01-01 364416]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]

R3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-04-17 722944]

R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2010-06-02 105088]

R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2010-06-02 105088]

R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2010-06-02 105088]

R3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\DRIVERS\ONDAusbvoice.sys [2010-06-02 105088]

R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-10-23 13464]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-24 1343400]

R3 XDva403;XDva403;c:\windows\system32\XDva403.sys [x]

R3 XDva404;XDva404;c:\windows\system32\XDva404.sys [x]

S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2013-09-03 47456]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]

S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-02-26 147456]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files\TIM Communicator\module\devicemon.exe [2010-04-20 27040]

S2 srvPlgProtect;Protect your browser's extensions;c:\users\user\AppData\Roaming\okitspace\protect\PluginProtect.exe [2013-10-22 52736]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2012-07-19 99992]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2000-01-01 55104]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 00:58]

.

2013-10-23 c:\windows\Tasks\PassWidget Update.job

- c:\program files\Pass-Widget\PassWidget_.exe [2013-10-15 23:07]

.

2013-10-23 c:\windows\Tasks\Plus-HD-2.3-codedownloader.job

- c:\program files\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-07-22 19:34]

.

2013-10-23 c:\windows\Tasks\Plus-HD-2.3-enabler.job

- c:\program files\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-07-22 19:34]

.

2013-10-23 c:\windows\Tasks\Plus-HD-2.3-updater.job

- c:\program files\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-07-22 19:34]

.

2013-10-23 c:\windows\Tasks\SlimDrivers Startup.job

- c:\program files\SlimDrivers\SlimDrivers.exe [2013-07-10 11:58]

.

.

------- Scan Suplementar -------

.

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013

TCP: DhcpNameServer = 201.17.0.92 201.17.0.64

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3hvy9hds.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://br.msn.com/?pc=UP97&ocid=UP97DHP

FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&installDate=15/10/2013&q=

FF - ExtSQL: 2013-10-08 05:25; OKitSpace@OKitSpace.es; c:\users\user\AppData\Roaming\okitSpace\Firefox

FF - ExtSQL: 2013-10-15 20:07; {348179c6-ba7b-4aaf-92fa-6bd1702662b9}; c:\program files\Pass-Widget\134.xpi

.

- - - - ORFÃOS REMOVIDOS - - - -

.

HKLM-Run-fst_br_3 - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Hi-Rez Studios\HiPatchService.exe

c:\windows\system32\taskhost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\UI0Detect.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-10-23 20:20:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-10-23 22:20

.

Pré-execução: 956.275.507.200 bytes disponíveis

Pós execução: 957.288.472.576 bytes disponíveis

.

- - End Of File - - 0ADC0EA5BE5394AA9C32EB476A3008DF

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

  • Faça download do ADWCleaner.
  • Feche todos os aplicativos, principalmente seus navegadores.
  • Execute a ferramenta.
  • Marque para excluir cada vez que lhe for perguntado a ação que deseja tomar.
  • Seus ícones no desktop podem sumir momentanemante, não se assuste.
  • Após o fim do scan, seu computador será reiniciado.
  • Quando voltar, um arquivo de texto aparecerá, salve o seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v3.010 - Relatório criado 24/10/2013 às 14:05:02

# Atualizado 20/10/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)

# Usuário : user - USER-PC

# Executando de : C:\Users\user\Downloads\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : srvPlgProtect

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Uniblue\DriverScanner

Pasta Deletada : C:\Program Files\Plus-HD-2.3

Pasta Deletada : C:\Program Files\SoftwareUpdater

Pasta Deletada : C:\users\user\AppData\Roaming\baidu

Pasta Deletada : C:\users\user\AppData\Roaming\okitspace

Pasta Deletada : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla

Arquivo Deletada : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk

Arquivo Deletada : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3hvy9hds.default\searchplugins\Web Search.xml

Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job

Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader

Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-enabler.job

Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-enabler

Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-updater.job

Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-updater

***** [ Atalhos ] *****

***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-codedownloader

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C118FE63-A224-4E1F-B72D-95129AB3D5AE}

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C118FE63-A224-4E1F-B72D-95129AB3D5AE}

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-enabler

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D96070F9-7EEA-4903-891C-16C892887A74}

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D96070F9-7EEA-4903-891C-16C892887A74}

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.3-updater

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{648FB618-9C03-4E79-974A-2CEAD453D30D}

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{648FB618-9C03-4E79-974A-2CEAD453D30D}

Chave Deletedo : HKLM\SOFTWARE\Classes\driverscanner

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO

Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox

Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3543619C-D563-43F7-95EA-4DA7E1CC396A}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3543619C-D563-43F7-95EA-4DA7E1CC396A}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3543619C-D563-43F7-95EA-4DA7E1CC396A}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3543619C-D563-43F7-95EA-4DA7E1CC396A}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\installedbrowserextensions

Chave Deletedo : HKCU\Software\lollipop

Chave Deletedo : HKCU\Software\Tutorials

Chave Deletedo : HKCU\Software\TutoTag

Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider

Chave Deletedo : HKCU\Software\AppDataLow\Software\Plus-HD-2.3

Chave Deletedo : HKLM\Software\FreeSoftToday

Chave Deletedo : HKLM\Software\Plus-HD-2.3

Chave Deletedo : HKLM\Software\SoftwareUpdater

Chave Deletedo : HKLM\Software\Tutorials

Chave Deletedo : HKLM\Software\Vittalia

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v24.0 (en-US)

[ Arquivo : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3hvy9hds.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "Web Search");

Linha deletada : user_pref("browser.search.selectedEngine", "Web Search");

Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);

Linha deletada : user_pref("extensions.helperbar.LastHiddenTime", 23037192);

Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", true);

Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Linha deletada : user_pref("extensions.helperbar.Visibility", true);

Linha deletada : user_pref("extensions.helperbar.countryiso", "tj");

Linha deletada : user_pref("extensions.helperbar.downloadprovider", "vittalia");

Linha deletada : user_pref("extensions.helperbar.installationid", "c36fed51-bdd8-cc04-ad5e-893a36e16651");

Linha deletada : user_pref("extensions.helperbar.installdate", "15/10/2013");

Linha deletada : user_pref("extensions.helperbar.publisher", "vittalia");

-\\ Google Chrome v

[ Arquivo : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7836 octets] - [24/10/2013 14:03:50]

AdwCleaner[s0].txt - [6062 octets] - [24/10/2013 14:05:02]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6122 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste novo log do DDS e informe como está o computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo computador parou de dar tela azul, porém os pop ups continuam .. mas isso é o de menos .. seguem os logs

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 22/07/2013 14:56:23

System Uptime: 25/10/2013 03:36:52 (11 hours ago)

.

Motherboard: PCWARE | | IPMH61R1

Processor: Intel® Core i5-2300 CPU @ 2.80GHz | CPU 1 | 2801/400mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 891,644 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP49: 16/10/2013 03:00:11 - Windows Update

RP50: 19/10/2013 22:55:03 - Windows Update

RP51: 23/10/2013 20:10:40 - ComboFix created restore point

RP52: 25/10/2013 08:51:55 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 12.0

ANIWZCS2 Service

Atualizações da NVIDIA 1.12.12

Cross Fire AL

D-Link Wireless 150 USB Adapter DWA-125

Hi-Rez Studios Authenticate and Update Service

Intel® Management Engine Components

Intel® Trusted Connect Service Client

League of Legends

Malwarebytes Anti-Malware versão 1.75.0.1300

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

mIRC AgeMania versão 1.1

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

NVIDIA Driver de controle do 3D Vision 314.22

NVIDIA Driver de gráficos 314.22

NVIDIA Driver de áudio HD 1.3.23.1

NVIDIA Driver do 3D Vision 314.22

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Software do sistema PhysX 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Painel de controle da NVIDIA 314.22

Pando Media Booster

PassWidget

PokerStars

PokerStars.net

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Skype™ 6.9

SlimDrivers

Smite

swMSM

System Requirements Lab for Intel

TIM Communicator

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16720

Run by user at 14:28:41 on 2013-10-25

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3313.2409 [GMT -2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\ANIWConnService.exe

C:\Program Files\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\TIM Communicator\module\devicemon.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\SlimDrivers\SlimDrivers.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&q={searchTerms}&installDate=15/10/2013

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: PassWidget: {4996fddf-da1e-4ad2-81f0-2de7d6ee2d66} - c:\program files\pass-widget\134.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe

dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\pcapps~1.lnk - c:\windows\system32\rundll32.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 201.17.0.92 201.17.0.64

TCP: Interfaces\{02896D36-8C18-4AB2-8FA3-2723E8439F87} : DHCPNameServer = 200.222.122.134 200.165.132.154 192.168.0.1

TCP: Interfaces\{1F1B3ED5-B7C4-44FB-968A-4E9DE1AEA5A5} : DHCPNameServer = 201.17.0.92 201.17.0.64

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\3hvy9hds.default\

FF - prefs.js: browser.startup.homepage - hxxp://br.msn.com/?pc=UP97&ocid=UP97DHP

FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=BR&userid=c36fed51-bdd8-cc04-ad5e-893a36e16651&searchtype=ds&installDate=15/10/2013&q=

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll

FF - ExtSQL: 2013-10-15 20:07; {348179c6-ba7b-4aaf-92fa-6bd1702662b9}; c:\program files\pass-widget\134.xpi

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2013-10-2 9216]

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-10-15 47456]

R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2013-7-22 12800]

R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2013-7-22 147456]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-23 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-23 701512]

R2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files\tim communicator\module\devicemon.exe [2010-4-20 27040]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-7-22 364416]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2013-7-22 99992]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-23 22856]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-7-22 55104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2013-7-22 722944]

S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [2013-7-22 105088]

S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\Ondausbnmea.sys [2013-7-22 105088]

S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\Ondausbser6k.sys [2013-7-22 105088]

S3 ONDAusbvoice;ONDA VoUSB Port;c:\windows\system32\drivers\ONDAusbvoice.sys [2013-7-22 105088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-7-22 15872]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-7-22 13464]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-7-24 52224]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-24 1343400]

.

=============== Created Last 30 ================

.

2013-10-25 11:41:01 -------- d-----w- c:\users\user\appdata\roaming\mIRC

2013-10-25 11:40:26 -------- d-----w- c:\program files\mIRC-AgeMania-v1.1

2013-10-25 11:36:34 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f74f2b28-dcce-4d51-bb8f-a3dc2b7df241}\offreg.dll

2013-10-25 10:52:18 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f74f2b28-dcce-4d51-bb8f-a3dc2b7df241}\mpengine.dll

2013-10-24 16:03:40 -------- d-----w- C:\AdwCleaner

2013-10-23 22:18:52 -------- d-sh--w- C:\$RECYCLE.BIN

2013-10-23 22:10:36 98816 ----a-w- c:\windows\sed.exe

2013-10-23 22:10:36 256000 ----a-w- c:\windows\PEV.exe

2013-10-23 22:10:36 208896 ----a-w- c:\windows\MBR.exe

2013-10-23 22:10:33 -------- d-----w- C:\ComboFix

2013-10-23 22:02:04 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

2013-10-23 22:01:51 -------- d-----w- c:\programdata\Malwarebytes

2013-10-23 22:01:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-23 22:01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-20 06:31:09 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10145.bin

2013-10-20 01:23:49 -------- d-----w- c:\program files\predm

2013-10-16 01:21:08 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-10-16 01:21:08 619520 ----a-w- c:\windows\system32\tdh.dll

2013-10-16 01:21:08 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-10-16 01:21:08 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-10-16 01:21:08 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-10-16 01:15:18 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-10-16 01:15:18 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys

2013-10-16 01:13:21 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-10-16 00:49:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-10-16 00:49:31 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-10-16 00:49:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-10-15 23:37:58 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-10-15 23:37:45 -------- d-----w- c:\programdata\Baidu Security

2013-10-15 23:33:15 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-10-15 23:31:13 -------- d-----w- c:\programdata\Uniblue

2013-10-15 23:26:57 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-10-15 23:19:37 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-15 23:18:11 70656 ----a-w- c:\windows\system32\fontsub.dll

2013-10-15 23:18:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-10-15 23:18:11 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-10-15 23:18:11 26112 ----a-w- c:\windows\system32\lpk.dll

2013-10-15 23:18:11 10240 ----a-w- c:\windows\system32\dciman32.dll

2013-10-15 23:09:36 -------- d-----w- c:\users\user\appdata\local\Programs

2013-10-15 23:08:31 -------- d-----w- c:\program files\iRobinHood

2013-10-15 23:07:29 -------- d-----w- c:\program files\Pass-Widget

2013-10-15 23:05:07 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-10-15 23:04:58 81920 ----a-w- c:\windows\system32\davclnt.dll

2013-10-15 23:04:58 205824 ----a-w- c:\windows\system32\WebClnt.dll

2013-10-15 23:04:58 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2013-10-15 23:04:50 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-15 23:04:47 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-15 23:02:11 -------- d-----w- c:\users\user\appdata\local\BeamriseUninstall

2013-10-15 22:52:40 -------- d-----w- c:\users\user\appdata\roaming\Baidu Security

2013-10-15 22:52:40 -------- d-----w- c:\program files\Baidu Security

2013-10-02 21:05:23 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2013-10-02 21:05:23 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2013-10-02 21:05:23 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2013-10-02 21:05:22 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2013-10-02 21:05:22 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2013-10-02 21:05:22 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2013-10-02 21:05:22 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2013-10-02 21:05:22 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2013-10-02 20:20:56 -------- d-----w- c:\users\user\appdata\roaming\Awesomium

2013-10-02 20:20:36 -------- d-----w- c:\programdata\Hi-Rez Studios

2013-10-02 20:20:26 -------- d-----w- c:\program files\Hi-Rez Studios

.

==================== Find3M ====================

.

2013-10-24 16:06:19 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2013-10-16 00:58:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-16 00:58:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-09-03 17:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 14:28:58,17 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Que tipo de pop up tem aparecido? Poderia postar um print screen?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato pararam de aparecer!! Muito obrigado pela ajuda, acho que ta tudo certo.. foi so reniciar!! obrigado novamente!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

Faça download do OTC

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone do OTC.
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×