Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Lipeeh'

Recem Formatado, apps suspeitos

Recommended Posts

Meu pc foi recem formatado em uma loja, porém, venho notado algumas extensoes, barras suspeitas em meus navegadores, alguns aplicativos suspeitos(como mobogene, whallat, etc)...tentei remover eles normalmente, mas nao sei se ficou algum restício...quem puder ajudar, agradeço.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.45.2

Run by Usuario at 0:11:49 on 2013-12-03

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1787.654 [GMT -2:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\taskhost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\CCleaner\CCleaner64.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=hp&installDate={installDate}

uSearch Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=ds&q={searchTerms}&installDate={installDate}

uSearch Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=ds&q={searchTerms}&installDate={installDate}

uDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

mStart Page = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=ds&q={searchTerms}&installDate={installDate}

mWinlogon: Userinit = userinit.exe

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRunOnce: [Del8929107] cmd.exe /Q /D /c del "C:\Users\Usuario\AppData\Local\Temp\0.del"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Del8929107] cmd.exe /Q /D /c del "C:\Users\Usuario\AppData\Local\Temp\0.del"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1 200.220.202.4

TCP: Interfaces\{EEA512AD-3494-4EDF-A04F-12F3BE070D15} : DHCPNameServer = 192.168.1.1 200.220.202.4

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S4 dealplylive;Serviço do DealPly Live (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-12-2 148000]

S4 dealplylivem;Serviço do DealPly Live (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-12-2 148000]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

.

=============== Created Last 30 ================

.

2013-12-03 01:54:02 -------- d-----w- C:\Program Files\CCleaner

2013-12-03 01:52:46 -------- d-----w- C:\Users\Usuario\AppData\Roaming\OpenCandy

2013-12-03 01:29:38 -------- d-----w- C:\Users\Usuario\AppData\Local\Lollipop

2013-12-03 01:28:49 -------- d-----w- C:\ProgramData\WPM

2013-12-03 01:25:11 -------- d-----w- C:\Users\Usuario\.android

2013-12-03 01:24:48 -------- d-----w- C:\Users\Usuario\AppData\Local\DealPlyLive

2013-12-03 01:24:48 -------- d-----w- C:\ProgramData\DealPlyLive

2013-12-03 01:24:48 -------- d-----w- C:\Program Files (x86)\DealPlyLive

2013-12-03 01:24:38 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Dealply

2013-12-03 01:24:25 -------- d-----w- C:\Program Files (x86)\DealPly

2013-12-03 01:23:47 -------- d-----w- C:\Users\Usuario\AppData\Local\cache

2013-12-03 01:23:46 -------- d-----w- C:\Users\Usuario\AppData\Local\Mobogenie

2013-12-03 01:22:50 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security

2013-12-03 01:20:25 -------- d-----w- C:\Program Files (x86)\IminentToolbar

2013-12-03 01:20:08 -------- d-----w- C:\ProgramData\Baidu Security

2013-12-03 01:20:08 -------- d-----w- C:\Program Files (x86)\Baidu Security

2013-12-03 01:20:00 -------- d-----w- C:\Program Files (x86)\Iminent

2013-12-03 01:18:04 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1FB0E9B-8EFE-4B4B-9BB5-8AC995A2705E}\offreg.dll

2013-12-02 23:16:56 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-02 23:16:30 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1FB0E9B-8EFE-4B4B-9BB5-8AC995A2705E}\mpengine.dll

2013-12-02 16:28:53 -------- d-----w- C:\Windows\Panther

2013-12-02 16:21:49 0 ----a-w- C:\Windows\ativpsrm.bin

2013-12-02 16:20:21 50053120 ----a-w- C:\Program Files (x86)\GUT5310.tmp

2013-12-02 16:20:21 -------- d-----w- C:\Program Files (x86)\GUM530F.tmp

2013-12-02 16:14:57 -------- d-----w- C:\Users\Usuario\AppData\Local\Google

2013-12-02 16:14:38 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C82CF94-6AA4-4BE4-8A67-373F5324B51E}\gapaengine.dll

2013-12-02 16:14:01 -------- d-----w- C:\Users\Usuario\AppData\Local\Apps

2013-12-02 16:14:00 -------- d-----w- C:\Users\Usuario\AppData\Local\Deployment

2013-12-02 16:13:53 -------- d-----w- C:\ProgramData\Oracle

2013-12-02 16:08:09 -------- d-----r- C:\Program Files (x86)\Skype

2013-12-02 16:02:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-12-02 16:02:10 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-12-02 16:01:57 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-12-02 16:01:57 1898376 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-12-02 15:42:25 -------- d-sh--w- C:\Windows\Installer

2013-12-02 15:24:57 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2028A86F-A7FC-4EF2-B264-51B34C29C269}\mpengine.dll

2013-12-02 15:24:54 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-02 14:59:16 -------- d-----w- C:\Windows\PCHEALTH

2013-12-02 14:56:10 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-12-02 14:55:36 -------- d-----w- C:\Users\Usuario\AppData\Local\Microsoft Help

2013-12-02 14:38:57 -------- d-sh--w- C:\Recovery

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Modelos

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Menu Iniciar

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Favoritos

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Documentos

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Dados de aplicativos

2013-12-02 14:38:56 -------- d-sh--we C:\Program Files\Common Files\Sistema

2013-12-02 14:38:56 -------- d-sh--we C:\Program Files\Arquivos Comuns

2013-12-02 14:38:56 -------- d-sh--we C:\Arquivos de Programas

.

==================== Find3M ====================

.

.

============= FINISH: 0:12:23,27 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 02/12/2013 12:39:01

System Uptime: 02/12/2013 20:55:50 (4 hours ago)

.

Motherboard: Hewlett-Packard | | 1445

Processor: AMD Turion II P560 Dual-Core Processor | Socket S1G4 | 800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 279,012 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}

Description: Standard VGA Graphics Adapter

Device ID: PCI\VEN_1002&DEV_68E4&SUBSYS_1445103C&REV_00\4&373AC18D&0&0018

Manufacturer: (Tipos padrão de vídeo)

Name: Standard VGA Graphics Adapter

PNP Device ID: PCI\VEN_1002&DEV_68E4&SUBSYS_1445103C&REV_00\4&373AC18D&0&0018

Service: vga

.

==== System Restore Points ===================

.

RP1: 02/12/2013 12:54:51 - Installed Microsoft Office Enterprise 2007

RP2: 02/12/2013 12:56:57 - Windows Update

RP3: 02/12/2013 13:24:40 - Windows Update

RP4: 02/12/2013 13:42:00 - Installed Microsoft Office Enterprise 2007

RP5: 02/12/2013 13:58:17 - Installed Adobe Reader XI.

RP6: 02/12/2013 14:00:30 - Installed Java 7 Update 5

RP7: 02/12/2013 14:01:44 - Windows Update

RP8: 02/12/2013 14:05:48 - Windows Update

RP9: 02/12/2013 14:12:18 - Installed Java 7 Update 45

RP10: 02/12/2013 21:15:54 - Windows Update

RP11: 02/12/2013 21:50:06 - Installed 7-Zip 9.20 (x64 edition)

RP12: 02/12/2013 21:50:56 - Installed 7-Zip 9.20 (x64 edition)

RP13: 02/12/2013 23:21:34 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Reader XI (11.0.03)

CCleaner

Google Chrome

Google Update Helper

Java 7 Update 45

Java Auto Updater

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Antimalware

Microsoft Antimalware Service PT-BR Language Pack

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Security Client

Microsoft Security Client PT-BR Language Pack

Microsoft Security Essentials

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Skype™ 6.7

.

==== End Of File ===========================

GMER.txt

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-03 00:36:14

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10002 298,09GB

Running: gmer.exe; Driver: C:\Users\Usuario\AppData\Local\Temp\kxtiafow.sys

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [1048:1980] 000007fef89c0ea8

Thread C:\Windows\system32\svchost.exe [1048:1984] 000007fef89b9db0

Thread C:\Windows\system32\svchost.exe [1048:1436] 000007fef89c1c94

Thread C:\Windows\system32\svchost.exe [1048:2508] 000007fef89baa10

Thread C:\Windows\system32\svchost.exe [1048:608] 000007fef2f6d3c8

Thread C:\Windows\system32\svchost.exe [1048:2404] 000007fef2f6d3c8

Thread C:\Windows\system32\svchost.exe [1048:1828] 000007fef2f6d3c8

Thread C:\Windows\system32\svchost.exe [1048:2424] 000007fef2f6d3c8

Thread C:\Windows\system32\svchost.exe [1048:4676] 000007fef7376848

Thread C:\Windows\system32\WLANExt.exe [1300:1456] 000007fef9762f9c

Thread C:\Windows\System32\spoolsv.exe [1488:1848] 000007fef79d10c8

Thread C:\Windows\System32\spoolsv.exe [1488:704] 000007fef7996144

Thread C:\Windows\System32\spoolsv.exe [1488:1964] 000007fef7785fd0

Thread C:\Windows\System32\spoolsv.exe [1488:1092] 000007fef7773438

Thread C:\Windows\System32\spoolsv.exe [1488:1636] 000007fef77863ec

Thread C:\Windows\System32\spoolsv.exe [1488:1268] 000007fef7a85e5c

Thread C:\Windows\System32\spoolsv.exe [1488:1812] 000007fef7b24828

Thread C:\Windows\System32\rundll32.exe [2344:3076] 000007fefda03570

Thread C:\Program Files\Microsoft Security Client\msseces.exe [2580:2832] 0000000074d0f868

Thread C:\Program Files\Microsoft Security Client\msseces.exe [2580:2836] 0000000074d0f868

Thread C:\Program Files\Microsoft Security Client\msseces.exe [2580:2840] 0000000074d0f868

Thread C:\Windows\System32\svchost.exe [2740:2316] 000007fef7eefd00

Thread C:\Windows\System32\svchost.exe [2740:4172] 000007fef9509874

Thread C:\Windows\system32\WUDFHost.exe [2460:1444] 000007fef0a7e8ec

Thread C:\Windows\system32\WUDFHost.exe [2460:3432] 000007feee4a5eb0

Thread C:\Windows\system32\svchost.exe [4036:4056] 000007fef7785fd0

Thread C:\Windows\system32\svchost.exe [4036:1968] 000007fef7773438

Thread C:\Windows\system32\svchost.exe [4036:284] 000007fef77863ec

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???z????? 0??????n?????INF??STORAGE\VolumeSnapshot????????N????????????D???????????????????????????????????????????????????????s?m??{00000000-0000-0000-0000-000000000000}?e\1??? ?????????????t???????0??L???????Ta ??????lum??? ?????????????????????0??????????or&?????????????????????????N???????????D?????{533c5b84-ec70-11d2-9505-00c04f79deaf}??????? ???????????????????????????? ?F?????????????X?????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0009?????????????????????? ???????.??????????????????????`???Z???????????????????????????????????????????????????? ????????????????????????????????????#?????????#?????`?????????????????STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT10?????????????????????????\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT10#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???????????????????????h??volsnap.inf?????????? ????????????x????????0????????????&???????????????????????? ?????????????????????0????????????????????? ???????????????????m?0???????????????????????????????????????????????????????

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af6e25bc

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af6e25bc (not active ControlSet)

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá diego, problema nenhum.

segue os logs atualizado abaixo:

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.45.2

Run by Usuario at 21:37:43 on 2013-12-04

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1787.802 [GMT -2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\taskhost.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=hp&installDate={installDate}

uSearch Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=ds&q={searchTerms}&installDate={installDate}

uSearch Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=ds&q={searchTerms}&installDate={installDate}

uDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

mStart Page = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=BR&userid=06846348-e96a-4324-acac-40c6a13700c8&searchtype=ds&q={searchTerms}&installDate={installDate}

mWinlogon: Userinit = userinit.exe

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1 200.220.202.4

TCP: Interfaces\{EEA512AD-3494-4EDF-A04F-12F3BE070D15} : DHCPNameServer = 192.168.1.1 200.220.202.4

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709

x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1386034089&from=obw&uid=SAMSUNGXHM321HI_S26VJ9EB807709&q={searchTerms}

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]

S4 dealplylive;Serviço do DealPly Live (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-12-2 148000]

S4 dealplylivem;Serviço do DealPly Live (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-12-2 148000]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

.

=============== Created Last 30 ================

.

2013-12-04 00:57:23 -------- d-----w- C:\Users\Usuario\.jmc

2013-12-04 00:57:15 -------- d-----w- C:\Users\Usuario\.eclipse

2013-12-03 23:37:13 -------- d-----w- C:\Users\Usuario\AppData\Local\Eclipse

2013-12-03 23:36:28 -------- d-----w- C:\Users\Usuario\workspace

2013-12-03 23:28:11 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-12-03 19:49:12 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB30C0DA-9200-4C5B-A36F-74740E4C35EA}\mpengine.dll

2013-12-03 02:25:01 -------- d-----w- C:\Users\Usuario\AppData\Local\Adobe

2013-12-03 01:54:02 -------- d-----w- C:\Program Files\CCleaner

2013-12-03 01:52:46 -------- d-----w- C:\Users\Usuario\AppData\Roaming\OpenCandy

2013-12-03 01:29:38 -------- d-----w- C:\Users\Usuario\AppData\Local\Lollipop

2013-12-03 01:28:49 -------- d-----w- C:\ProgramData\WPM

2013-12-03 01:25:11 -------- d-----w- C:\Users\Usuario\.android

2013-12-03 01:24:48 -------- d-----w- C:\Users\Usuario\AppData\Local\DealPlyLive

2013-12-03 01:24:48 -------- d-----w- C:\ProgramData\DealPlyLive

2013-12-03 01:24:48 -------- d-----w- C:\Program Files (x86)\DealPlyLive

2013-12-03 01:24:38 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Dealply

2013-12-03 01:24:25 -------- d-----w- C:\Program Files (x86)\DealPly

2013-12-03 01:23:47 -------- d-----w- C:\Users\Usuario\AppData\Local\cache

2013-12-03 01:23:46 -------- d-----w- C:\Users\Usuario\AppData\Local\Mobogenie

2013-12-03 01:22:50 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security

2013-12-03 01:21:55 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-12-03 01:21:55 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-12-03 01:21:55 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-12-03 01:21:54 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-12-03 01:21:54 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-12-03 01:21:54 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-12-03 01:21:54 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-12-03 01:21:54 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-12-03 01:21:54 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-12-03 01:21:53 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-12-03 01:20:25 -------- d-----w- C:\Program Files (x86)\IminentToolbar

2013-12-03 01:20:08 -------- d-----w- C:\ProgramData\Baidu Security

2013-12-03 01:20:08 -------- d-----w- C:\Program Files (x86)\Baidu Security

2013-12-02 23:51:26 -------- d-----w- C:\eclipse

2013-12-02 23:16:56 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-02 16:28:53 -------- d-----w- C:\Windows\Panther

2013-12-02 16:21:49 0 ----a-w- C:\Windows\ativpsrm.bin

2013-12-02 16:20:21 50053120 ----a-w- C:\Program Files (x86)\GUT5310.tmp

2013-12-02 16:20:21 -------- d-----w- C:\Program Files (x86)\GUM530F.tmp

2013-12-02 16:14:57 -------- d-----w- C:\Users\Usuario\AppData\Local\Google

2013-12-02 16:14:38 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C82CF94-6AA4-4BE4-8A67-373F5324B51E}\gapaengine.dll

2013-12-02 16:14:01 -------- d-----w- C:\Users\Usuario\AppData\Local\Apps

2013-12-02 16:14:00 -------- d-----w- C:\Users\Usuario\AppData\Local\Deployment

2013-12-02 16:13:53 -------- d-----w- C:\ProgramData\Oracle

2013-12-02 16:08:09 -------- d-----r- C:\Program Files (x86)\Skype

2013-12-02 16:02:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-12-02 16:02:10 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-12-02 16:01:57 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-12-02 16:01:57 1898376 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-12-02 15:42:25 -------- d-sh--w- C:\Windows\Installer

2013-12-02 15:24:57 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2028A86F-A7FC-4EF2-B264-51B34C29C269}\mpengine.dll

2013-12-02 15:24:54 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-02 14:59:16 -------- d-----w- C:\Windows\PCHEALTH

2013-12-02 14:56:10 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-12-02 14:55:36 -------- d-----w- C:\Users\Usuario\AppData\Local\Microsoft Help

2013-12-02 14:38:57 -------- d-sh--w- C:\Recovery

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Modelos

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Menu Iniciar

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Favoritos

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Documentos

2013-12-02 14:38:56 -------- d-sh--we C:\ProgramData\Dados de aplicativos

2013-12-02 14:38:56 -------- d-sh--we C:\Program Files\Common Files\Sistema

2013-12-02 14:38:56 -------- d-sh--we C:\Program Files\Arquivos Comuns

2013-12-02 14:38:56 -------- d-sh--we C:\Arquivos de Programas

.

==================== Find3M ====================

.

.

============= FINISH: 21:38:29,19 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 02/12/2013 12:39:01

System Uptime: 04/12/2013 21:32:55 (0 hours ago)

.

Motherboard: Hewlett-Packard | | 1445

Processor: AMD Turion II P560 Dual-Core Processor | Socket S1G4 | 800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 276,688 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}

Description: Standard VGA Graphics Adapter

Device ID: PCI\VEN_1002&DEV_68E4&SUBSYS_1445103C&REV_00\4&373AC18D&0&0018

Manufacturer: (Tipos padrão de vídeo)

Name: Standard VGA Graphics Adapter

PNP Device ID: PCI\VEN_1002&DEV_68E4&SUBSYS_1445103C&REV_00\4&373AC18D&0&0018

Service: vga

.

==== System Restore Points ===================

.

RP1: 02/12/2013 12:54:51 - Installed Microsoft Office Enterprise 2007

RP2: 02/12/2013 12:56:57 - Windows Update

RP3: 02/12/2013 13:24:40 - Windows Update

RP4: 02/12/2013 13:42:00 - Installed Microsoft Office Enterprise 2007

RP5: 02/12/2013 13:58:17 - Installed Adobe Reader XI.

RP6: 02/12/2013 14:00:30 - Installed Java 7 Update 5

RP7: 02/12/2013 14:01:44 - Windows Update

RP8: 02/12/2013 14:05:48 - Windows Update

RP9: 02/12/2013 14:12:18 - Installed Java 7 Update 45

RP10: 02/12/2013 21:15:54 - Windows Update

RP11: 02/12/2013 21:50:06 - Installed 7-Zip 9.20 (x64 edition)

RP12: 02/12/2013 21:50:56 - Installed 7-Zip 9.20 (x64 edition)

RP13: 02/12/2013 23:21:34 - Windows Update

RP14: 03/12/2013 21:25:39 - Installed Java SE Development Kit 7 Update 45 (64-bit)

RP15: 03/12/2013 21:27:22 - Installed Java 7 Update 45 (64-bit)

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Reader XI (11.0.03)

CCleaner

Google Chrome

Google Update Helper

Java 7 Update 45

Java 7 Update 45 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 45 (64-bit)

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Antimalware

Microsoft Antimalware Service PT-BR Language Pack

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Security Client

Microsoft Security Client PT-BR Language Pack

Microsoft Security Essentials

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Skype™ 6.7

.

==== End Of File ===========================

gmer.txt

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-04 21:57:40

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10002 298,09GB

Running: gmer.exe; Driver: C:\Users\Usuario\AppData\Local\Temp\kxtiafow.sys

---- Threads - GMER 2.1 ----

Thread c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [1608:2140] 000007fef72ec778

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2540:824] 000007fefbe02a74

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af6e25bc

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af6e25bc (not active ControlSet)

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lipeeh

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

jrt.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Ultimate x64

Ran by Usuario on 05/12/2013 at 17:57:42,93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-814161914-4008314960-2242574460-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickctrl.9

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.oneclickprocesslaunchermachine.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplylive.update3webcontrol.3

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.cocreateasync.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coreclass.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.coremachineclass.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.credentialdialogmachine.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachine.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclassmachinefallback.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.ondemandcomclasssvc.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.processlauncher.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3comclassservice.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachine.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3webmachinefallback.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dealplyliveupdate.update3websvc.1.0

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dealplylive.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DEALPL~1_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DEALPL~1_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DEALPL~1_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DEALPL~1_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\dealplylive"

Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\dealply"

Failed to delete: [Folder] "C:\Users\Usuario\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\Usuario\appdata\local\dealplylive"

Successfully deleted: [Folder] "C:\Users\Usuario\appdata\local\lollipop"

Successfully deleted: [Folder] "C:\Program Files (x86)\dealply"

Successfully deleted: [Folder] "C:\Program Files (x86)\dealplylive"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 05/12/2013 at 18:03:01,63

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwcleaner.txt

# AdwCleaner v3.014 - Relatório criado 05/12/2013 às 18:08:49

# Atualizado 01/12/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate (64 bits)

# Usuário : Usuario - USUARIO-PC

# Executando de : C:\Users\Usuario\Desktop\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : dealplylive

[#] Serviço Deletada : dealplylivem

***** [ Arquivos / Pastas ] *****

[!] Pasta Deletada : C:\Program Files (x86)\IminentToolbar

[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\Smartbar

[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\OpenCandy

[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml

Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Public\Desktop\Google Chrome.lnk

Atalho Desinfectada : C:\Users\Usuario\Desktop\Internet Explorer (64-bit).lnk

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\SIEN SA

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Chave Deletedo : HKCU\Software\lollipop

Chave Deletedo : HKLM\Software\aartemisSoftware

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.16385

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Google Chrome v31.0.1650.63

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6713 octets] - [05/12/2013 18:08:07]

AdwCleaner[s0].txt - [4671 octets] - [05/12/2013 18:08:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4731 octets] ##########

combofix.txt

ComboFix 13-12-04.04 - Usuario 05/12/2013 18:15:08.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1787.846 [GMT -2:00]

Executando de: c:\users\Usuario\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-05 to 2013-12-05 ))))))))))))))))))))))))))))

.

.

2013-12-05 20:19 . 2013-12-05 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-05 20:08 . 2013-12-05 20:09 -------- d-----w- C:\AdwCleaner

2013-12-05 19:57 . 2013-12-05 19:57 -------- d-----w- c:\windows\ERUNT

2013-12-03 23:28 . 2013-12-03 23:28 312744 ----a-w- c:\windows\system32\javaws.exe

2013-12-03 23:28 . 2013-12-03 23:28 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-12-03 23:28 . 2013-12-03 23:28 189352 ----a-w- c:\windows\system32\javaw.exe

2013-12-03 23:28 . 2013-12-03 23:28 189352 ----a-w- c:\windows\system32\java.exe

2013-12-03 23:26 . 2013-12-03 23:27 -------- d-----w- c:\program files\Java

2013-12-03 19:49 . 2013-11-18 03:28 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB30C0DA-9200-4C5B-A36F-74740E4C35EA}\mpengine.dll

2013-12-03 01:54 . 2013-12-03 01:54 -------- d-----w- c:\program files\CCleaner

2013-12-03 01:28 . 2013-12-03 01:45 -------- d-----w- c:\programdata\WPM

2013-12-03 01:21 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2013-12-03 01:21 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2013-12-03 01:21 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2013-12-03 01:21 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2013-12-03 01:21 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2013-12-03 01:21 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2013-12-03 01:21 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-12-03 01:21 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2013-12-03 01:21 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2013-12-03 01:21 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2013-12-03 01:20 . 2013-12-03 01:22 -------- d-----w- c:\programdata\Baidu Security

2013-12-03 01:20 . 2013-12-03 01:20 -------- d-----w- c:\program files (x86)\Baidu Security

2013-12-02 23:51 . 2013-12-04 00:46 -------- d-----w- C:\eclipse

2013-12-02 23:51 . 2013-12-02 23:51 -------- d-----w- c:\program files\7-Zip

2013-12-02 23:16 . 2013-11-18 03:28 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-02 16:38 . 2013-12-02 16:38 -------- d-----w- c:\windows\system32\Macromed

2013-12-02 16:28 . 2013-12-03 02:01 -------- d-----w- c:\windows\Panther

2013-12-02 16:21 . 2013-12-02 16:21 0 ----a-w- c:\windows\ativpsrm.bin

2013-12-02 16:20 . 2013-12-02 16:20 -------- d-----w- c:\program files (x86)\GUM530F.tmp

2013-12-02 16:20 . 2013-12-02 16:20 50053120 ----a-w- c:\program files (x86)\GUT5310.tmp

2013-12-02 16:15 . 2013-12-02 16:17 -------- d-----w- c:\program files (x86)\Google

2013-12-02 16:14 . 2012-10-23 08:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C82CF94-6AA4-4BE4-8A67-373F5324B51E}\gapaengine.dll

2013-12-02 16:13 . 2013-12-02 16:14 -------- d-----w- c:\programdata\Oracle

2013-12-02 16:13 . 2013-12-02 16:13 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-12-02 16:13 . 2013-12-02 16:13 -------- d-----w- c:\program files (x86)\Java

2013-12-02 16:08 . 2013-12-02 16:08 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-12-02 16:08 . 2013-12-02 16:08 -------- d-----r- c:\program files (x86)\Skype

2013-12-02 16:08 . 2013-12-02 16:08 -------- d-----w- c:\programdata\Skype

2013-12-02 16:02 . 2013-12-02 16:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-12-02 16:02 . 2013-12-02 16:02 -------- d-----w- c:\program files\Microsoft Security Client

2013-12-02 16:01 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-12-02 16:01 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2013-12-02 15:59 . 2013-12-02 15:59 -------- d-----w- c:\windows\SysWow64\Macromed

2013-12-02 15:58 . 2013-12-02 15:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-12-02 15:46 . 2013-12-02 15:46 -------- d-----w- c:\program files (x86)\Microsoft Works

2013-12-02 15:45 . 2013-12-03 01:28 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-12-02 15:42 . 2013-12-03 23:28 -------- d-sh--w- c:\windows\Installer

2013-12-02 15:24 . 2013-11-18 03:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2028A86F-A7FC-4EF2-B264-51B34C29C269}\mpengine.dll

2013-12-02 15:24 . 2013-11-19 10:21 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-12-02 14:59 . 2013-12-02 14:59 -------- d-----w- c:\windows\PCHEALTH

2013-12-02 14:56 . 2013-12-02 14:56 -------- d-----w- c:\program files\Microsoft Office

2013-12-02 14:56 . 2013-12-02 15:43 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2013-12-02 14:55 . 2013-12-02 15:48 -------- d-----w- c:\programdata\Microsoft Help

2013-12-02 14:55 . 2013-12-02 14:55 -------- d-----r- C:\MSOCache

2013-12-02 14:39 . 2013-12-04 00:57 -------- d-----w- c:\users\Usuario

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-04 20:35 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02 16:15]

.

2013-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02 16:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 200.220.202.4

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-05 18:20:46

ComboFix-quarantined-files.txt 2013-12-05 20:20

.

Pré-execução: 296.723.501.056 bytes disponíveis

Pós execução: 296.329.289.728 bytes disponíveis

.

- - End Of File - - A4559D794C0758B9FFECCF589CF6449D

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lipeeh

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\windows\SYSNATIVE\drivers\BprotectEx.sys

Folder::
c:\programdata\Baidu Security
c:\program files (x86)\Baidu Security

Driver::
BprotectEx


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix.txt

ComboFix 13-12-08.01 - Usuario 09/12/2013 20:46:47.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1787.463 [GMT -2:00]

Executando de: c:\users\Usuario\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Usuario\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\BprotectEx.sys"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Baidu Security

c:\programdata\Baidu Security

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2032276-x64_7a81073cd18804a989db2e214c588c2bc3ca9fb5.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2124261-x64_367a7810fcfd2d0553fa502d1fe2f384be081ee4.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2271195-x64_207d444e266b1a29da6c3bdfc81438a786643d99.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2281679-x64_13d72091eea6b3a36e1dc83d4214c1eabadb095d.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2296011-x64_24ddd0db0564e2aa86695913314e39b5dbd7f69a.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2305420-x64_229c7da22ea9f5b60df4b2969fea89002e122829.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2347290-x64_ff889e37e58edac6e121b9bbe3d8bbbccd8e71de.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2378111-x64_b0de5bd82535a7c3f334716d9891d4875d895a04.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2393802-x64_1eba297f187b449686436c1071edf2312804a4e3.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2419640-x64_e1c8d2dd4961e9a758affa8cdcfe138e2668068a.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2423089-x64_79779f621a7f9babf236c4c1c054c9cab69eace2.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2442962-x64_6fd758531ede996c6f582c56ffef2723172af3f6.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2479943-x64_5f7466309ee6a343cf69bd88d29de4029d3647ce.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2483614-x64_0db7bdde245db948cfa85028a66d6319e6aad5ae.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2491683-x64_ab7326434d6b1ba8f04b4f53f82fd85a64912f6a.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2506212-x64_68431032794b007090bed18fc1adfc349f717375.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2509553-x64_bcfe608b4d9e514ba1dc24a9e9dd6d45016ed3e5.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2511455-x64_ecfb3fe8e2378fe6f613d723cff6f97ea6798d90.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2535512-x64_9abaedef698156c8a01bc2bd2dd17ff32510905a.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2536275-x64_ac86ae4ce126344bd7913ba527f112c717a385ec.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2536276-v2-x64_5980a26e376c8fc98e589cc1b85b03eeb0c3da8d.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2544893-x64_21bb7cf8af8571e12267e165c4687429dc966544.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2552343-x64_51acdacad4855a2a04f35e2ac511fd3832a5d931.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2560656-x64_a68ffedc9b03d6c95129e468baf42cd06bdc9853.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2564958-x64_656c242c83fae2c63b243e1c8941d7253a4114eb.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2570947-x64_381ccb025636afa9935bd39b64f444e497f37816.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2579686-x64_936d4dc7de3d7cac4f66a65da7c87a65c1398218.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2584146-x64_e0c816a683326f69e8df8178889f555acbb051ce.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2585542-x64_e72f3f3a9af91a9ed6b3e444954a53fbf33e1b0d.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2604114-x64_d1fd3debcb8dd2da164c45f689a1c0e449c38159.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2618451-x64_2577daae1a4c1f972a54d644d5c2b49eea901e8c.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2619339-x64_ed46064e0138564a6cb0000dea96fe5bf8198ec1.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2620704-x64_c631fef931252fbf25a4a61875738021876d78a9.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2621440-x64_c38a7ca505cd266b6d1fcb25fea4b2a421096f54.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2631813-x64_626b002a3957fdf3e7512331efa1a8987519f6db.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2644615-x64_29dd7e13efb5d772252c60cd3120094499ca88df.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2645640-x64_6684c1b4cb5c18090ff3d7f903404894704330d3.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2653956-x64_5cfdaba5a52326088faab671f21fcd807c8b8768.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2654428-x64_47bc9f3fd4bac1e6d5263fd71ad4e9611e6a209f.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2655992-x64_6fc3816b974ab92b861ff4109ed92307721991db.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2656355-x64_2e7caf92b258c076267a6b76740c5b68d1a2a440.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2656410-x64_eedb105f4dacad913eedfb90e5764189865a17a3.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2658846-x64_cd1e26b7f5b7e0cf8e3705aed38a4ec3954c65db.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2659262-x64_8b64a234945f48bedf21f9406ec3e238b7859e4d.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2660649-x64_a5634f8f60522dbcae1baf00373d4010768b0e5f.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2667402-v2-x64_69f4c36d8349e589b0e8937efea6134de881c5b5.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2676562-x64_ef1435c87d5e42d6866549733e10b5df59b48990.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2685939-x64_a2223c234072710efd1c0f18ee31d271fc8f424d.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2690533-x64_636fd758b1266c6c8ddbe9994847e45f51a73cf8.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2691442-x64_77b15a8245fe43591a5c254c1c5ca41acbe924ba.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2698365-x64_bf20bb36fc73c0d1f53ea1e635b8aa46c71d7b1f.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2705219-v2-x64_8e8e0175d46b5a8d52c4856fa3d282faa12acd63.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2706045-x64_bfff5d3f12c8eaf897ea7abf15dc123765eaa552.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2712808-x64_060b60401b3de3dce053a68c65e9eb050874eb80.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2727528-x64_80bd082f9278d5db8c7373720c26330e592ebfd8.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2729451-x64_444bda5997b67b7df06a22464c3cb358e686cea6.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2736418-x64_5699216a6c5a5e736af288a4b746ec3501c94525.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2742598-x64_89092d187dc5c73ea3d982421ad3d71bf73f5dcd.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2743555-x64_35dedba60a04e482820e3217418b58f6a9ee6aba.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2753842-v2-x64_f2020b71bd0b4c9d78953e5557ff48a8f04bf18b.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2756920-x64_2957fdf8a23872f7631f0d680df678ef5795e4c2.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2757638-x64_b5903142a221eedd9f50ea7c55b917f9dec261c5.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2758857-x64_5e0aa18e88295276eb27aee6161c6a0ba3093d70.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2769369-x64_8c8def195e62a06262d3076c74fe2d67716ef9e9.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2770660-x64_8b9d890a943130e35b7c7c1c729fcc7f112b2487.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2772930-x64_7293ed604d7d270b0e3c8e67bdf3b4832ddaa637.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2785220-x64_6897c0bc2789911a1bb5bea4fd85a01f28dcbc89.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2789644-x64_4b0403b2579b47a107630e0f8e5bdab44c002491.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2790113-x64_f56469c9a6d44724fc77157aca76f54362c556e6.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2790655-x64_ad9dcbc4088018ca8593d4526b3e8a070adeb318.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2807986-x64_7382d49f2769d90a69ed430b7a991531bf7bcf51.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2808735-x64_a07b1cc8da70f45af2eed21a32b18d252859cf83.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2813170-x64_25bc8e62b2dca1144b58358114caadd0fc8db6d0.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2813347-x64_1838da1b088b18a9474de29d77fd7249fd83e94b.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2817183-x64_294aede930edbb2867d8b39904fd72ddc2253c8b.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb2840149-x64_26191fcca52d4d37b1771187c0760d669f486e52.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb958690-x64-beta_a877269efb8d490de92d79a28d42c2144180eaec.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb972270-x64_44d2e6541138061257003636909d404cc4675f2c.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb974571-x64_d2f3d4fab18a871eb5a6eb5f7b7fbb4b7715a439.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb975467-x64_beb1354bba1be5de8cdbe68bf537d5df1618eabb.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb975560-x64_a0d3312d011a53695ecabc12954690bfa9e1a230.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb978542-x64_2729aa5ee7dd850b989779ca6c325a3af94ce8db.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb979309-x64_373c976af04d6e07a40208b80b809de45d3767c5.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb979482-x64_8936a701fc7a868f988e37f3800bde8be231577f.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb979687-x64_74870b28d731ce1a1d356264e722a6145ff01069.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb979688-x64_d838e7b615c37297db60c05d9a4a553c38019c18.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb982132-x64_fedb8850b907f3152a7834f15f60e4fb8561167e.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb982665-x64_a62b617e879cdf79f3452316730f6c75c11848a4.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb982666-x64_7d0e54fa035887f9ac998ea16f146df0aaf6c377.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\Plugins\Plugin.LeakRepair\Hotfix\windows6.1-kb982799-x64_7d99070fbab8d935c790a6ef93fd20be41cda762.cab

c:\programdata\Baidu Security\PC Faster\3.7.0.0\sysopt\opthis.dat

c:\programdata\Baidu Security\RpData\2013-12-02 23_54_29_0828RpData.dat

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BPROTECTEX

-------\Service_BprotectEx

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-09 to 2013-12-09 ))))))))))))))))))))))))))))

.

.

2013-12-09 23:01 . 2013-12-09 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-09 00:55 . 2013-11-18 03:28 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6C7DF44-DEA8-4256-9D4A-E55662EAFF79}\mpengine.dll

2013-12-05 23:44 . 2013-12-05 23:44 -------- d-----w- c:\programdata\ATI

2013-12-05 23:40 . 2013-12-05 23:40 -------- dc----w- c:\windows\system32\DRVSTORE

2013-12-05 23:40 . 2010-04-29 07:43 38528 ----a-w- c:\windows\system32\drivers\usbfilter.sys

2013-12-05 23:38 . 2013-12-05 23:38 -------- d-----w- c:\program files (x86)\ATI Technologies

2013-12-05 23:38 . 2013-12-05 23:40 -------- d-----w- c:\program files\ATI Technologies

2013-12-05 23:38 . 2013-12-05 23:38 -------- d-----w- c:\program files\ATI

2013-12-05 23:35 . 2013-12-05 23:35 -------- d-----w- C:\swsetup

2013-12-05 20:08 . 2013-12-05 20:09 -------- d-----w- C:\AdwCleaner

2013-12-05 19:57 . 2013-12-05 19:57 -------- d-----w- c:\windows\ERUNT

2013-12-03 23:28 . 2013-12-03 23:28 312744 ----a-w- c:\windows\system32\javaws.exe

2013-12-03 23:28 . 2013-12-03 23:28 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-12-03 23:28 . 2013-12-03 23:28 189352 ----a-w- c:\windows\system32\javaw.exe

2013-12-03 23:28 . 2013-12-03 23:28 189352 ----a-w- c:\windows\system32\java.exe

2013-12-03 23:26 . 2013-12-03 23:27 -------- d-----w- c:\program files\Java

2013-12-03 01:54 . 2013-12-03 01:54 -------- d-----w- c:\program files\CCleaner

2013-12-03 01:28 . 2013-12-03 01:45 -------- d-----w- c:\programdata\WPM

2013-12-03 01:21 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2013-12-03 01:21 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2013-12-03 01:21 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2013-12-03 01:21 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2013-12-03 01:21 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2013-12-03 01:21 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2013-12-03 01:21 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-12-03 01:21 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2013-12-03 01:21 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2013-12-03 01:21 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2013-12-02 23:51 . 2013-12-04 00:46 -------- d-----w- C:\eclipse

2013-12-02 23:51 . 2013-12-02 23:51 -------- d-----w- c:\program files\7-Zip

2013-12-02 23:16 . 2013-11-18 03:28 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-02 16:38 . 2013-12-02 16:38 -------- d-----w- c:\windows\system32\Macromed

2013-12-02 16:28 . 2013-12-03 02:01 -------- d-----w- c:\windows\Panther

2013-12-02 16:21 . 2013-12-02 16:21 0 ----a-w- c:\windows\ativpsrm.bin

2013-12-02 16:20 . 2013-12-02 16:20 -------- d-----w- c:\program files (x86)\GUM530F.tmp

2013-12-02 16:20 . 2013-12-02 16:20 50053120 ----a-w- c:\program files (x86)\GUT5310.tmp

2013-12-02 16:15 . 2013-12-02 16:17 -------- d-----w- c:\program files (x86)\Google

2013-12-02 16:14 . 2012-10-23 08:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C82CF94-6AA4-4BE4-8A67-373F5324B51E}\gapaengine.dll

2013-12-02 16:13 . 2013-12-02 16:14 -------- d-----w- c:\programdata\Oracle

2013-12-02 16:13 . 2013-12-02 16:13 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-12-02 16:13 . 2013-12-02 16:13 -------- d-----w- c:\program files (x86)\Java

2013-12-02 16:08 . 2013-12-02 16:08 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-12-02 16:08 . 2013-12-02 16:08 -------- d-----r- c:\program files (x86)\Skype

2013-12-02 16:08 . 2013-12-02 16:08 -------- d-----w- c:\programdata\Skype

2013-12-02 16:02 . 2013-12-02 16:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-12-02 16:02 . 2013-12-02 16:02 -------- d-----w- c:\program files\Microsoft Security Client

2013-12-02 16:01 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-12-02 16:01 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2013-12-02 15:59 . 2013-12-02 15:59 -------- d-----w- c:\windows\SysWow64\Macromed

2013-12-02 15:58 . 2013-12-02 15:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-12-02 15:46 . 2013-12-02 15:46 -------- d-----w- c:\program files (x86)\Microsoft Works

2013-12-02 15:45 . 2013-12-03 01:28 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-12-02 15:42 . 2013-12-05 23:40 -------- d-sh--w- c:\windows\Installer

2013-12-02 15:24 . 2013-11-18 03:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2028A86F-A7FC-4EF2-B264-51B34C29C269}\mpengine.dll

2013-12-02 15:24 . 2013-11-19 10:21 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-12-02 14:59 . 2013-12-02 14:59 -------- d-----w- c:\windows\PCHEALTH

2013-12-02 14:56 . 2013-12-02 14:56 -------- d-----w- c:\program files\Microsoft Office

2013-12-02 14:56 . 2013-12-02 15:43 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2013-12-02 14:55 . 2013-12-02 15:48 -------- d-----w- c:\programdata\Microsoft Help

2013-12-02 14:55 . 2013-12-02 14:55 -------- d-----r- C:\MSOCache

2013-12-02 14:39 . 2013-12-04 00:57 -------- d-----w- c:\users\Usuario

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-04 20:35 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02 16:15]

.

2013-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02 16:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 200.220.202.4

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\users\Usuario\Downloads\mbam-setup-1.75.0.1300.exe

c:\users\Usuario\AppData\Local\Temp\is-91BA5.tmp\mbam-setup-1.75.0.1300.tmp

.

**************************************************************************

.

Tempo para conclusão: 2013-12-09 21:19:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-12-09 23:18

ComboFix2.txt 2013-12-05 20:20

.

Pré-execução: 294.124.208.128 bytes disponíveis

Pós execução: 293.455.228.928 bytes disponíveis

.

- - End Of File - - 5CD285208F2C1F37FB4C3919B6195C09

A36C5E4F47E84449FF07ED3517B43A31

Mbam log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.12.09.08

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Usuario :: USUARIO-PC [administrador]

Proteção: Permitir

09/12/2013 21:23:23

mbam-log-2013-12-09 (21-23-23).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 208750

Tempo decorrido: 2 minuto(s), 52 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lipeeh

Faça o download do Kaspersky AVP Tool de um desses links:

Alternativa 1

Alternativa 2

  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
    • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador;
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.

KRT_install2_.png

  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Uma vez finalizado o scan, proceda da seguinte forma:

  1. Na tela principal, caso tenha sido detectado algo, então salve o log.
  2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
  4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  5. Escolha um local de fácil acesso e salve como log.txt
  6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  7. Se nada for detectado, então não precisa salvar o log, apenas avise.
  8. Para sair do programa, basta clicar no X no canto superior direito.

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro lipeeh

Log limpo :)

>>>> Como está o computador?

# Etapa nº 1 #

Vamos desinstalar o ComboFix:

Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

Ou se preferir vá em,

iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

# Etapa nº 2 #

Faça download do OTC by OldTimer e salve em seu desktop.

  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.

# Etapa nº 3 #

  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.

# Etapa nº 4 #
<<@>> Instale o CCleaner
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner

  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×