Ir ao conteúdo
  • Cadastre-se
galupo

modelo.exe

Recommended Posts

Boa tarde!

De uns dias pra cá estou constantemente recebendo um aviso de algum arquivo chamado modelo.exe, pedindo permissão para ser executado em meu computador. Alguém pode me dizer que tipo de problema é esse? E se for prejudicial, como resolvo?

Muito obrigado.

dds.txt

gmer.txt

attach.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue abaixo os logs refeitos:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16921  BrowserJavaVersion: 10.60.2
Run by Galupo at 16:51:59 on 2014-06-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.6016.3263 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Galupo\AppData\Roaming\SearchFiles.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.libertyweb.com.br/
uProxyServer = 66.35.68.145:8089
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [searchFiles.exe] C:\Users\Galupo\AppData\Roaming\SearchFiles.exe
uRun: [settingsConnection.exe] C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.254.254 192.168.1.1
TCP: Interfaces\{63A30A2A-CD47-4861-9D35-517228DE91BD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2} : DHCPNameServer = 192.168.254.254 192.168.1.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\44C696E6B60214E616 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\745737471667F6 : DHCPNameServer = 201.17.128.73 201.17.128.78 192.168.0.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\E45647659627475716F5530303F5130323 : DHCPNameServer = 201.17.128.78 201.17.128.73
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\E65647026796274757160253030302140502130323 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Galupo\AppData\Roaming\Mozilla\Firefox\Profiles\anfo37sb.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Galupo\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-8 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-8 207904]
R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-28 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-29 28992]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-10 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-7 421704]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-29 98208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-7 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-3-8 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-11-12 196616]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-5-6 519720]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-11-28 1695040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-17 381760]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-28 363800]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-29 331264]
R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-28 356120]
R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-28 788760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-29 565352]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-16 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-16 860472]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-8 80184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-16 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-16 63704]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-11-29 398144]
S3 PrintNotify;Extensões e Notificações da Impressora;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-22 19:43:28 731136 ----a-w- C:\Users\Galupo\AppData\Roaming\modelo.exe
2014-06-22 03:41:07 -------- d-----w- C:\Users\Galupo\AppData\Roaming\22062014
2014-06-21 20:22:21 -------- d-----w- C:\Program Files (x86)\Neocodex
2014-06-21 14:30:58 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4AAFF337-D504-4E72-954F-899C9429E077}\offreg.dll
2014-06-21 07:48:14 -------- d-----w- C:\Users\Galupo\AppData\Local\Adobe
2014-06-21 03:17:24 -------- d-----w- C:\Users\Galupo\AppData\Roaming\21062014
2014-06-21 02:56:13 -------- d-----w- C:\Users\Galupo\AppData\Local\Apple
2014-06-21 02:56:01 -------- d-----w- C:\Users\Galupo\AppData\Local\Apple Computer
2014-06-21 02:26:49 -------- d-----w- C:\ProgramData\EPS
2014-06-21 02:26:49 -------- d-----w- C:\Program Files (x86)\Didsoft
2014-06-21 02:23:01 -------- d-----w- C:\Users\Galupo\AppData\Local\Apps
2014-06-21 02:15:58 -------- d-----w- C:\Windows\System32\MRT
2014-06-21 02:09:36 -------- d-----w- C:\LinhaDefensiva
2014-06-21 00:47:11 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4AAFF337-D504-4E72-954F-899C9429E077}\mpengine.dll
2014-06-17 04:38:45 2354528 ----a-w- C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
2014-06-17 01:13:12 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-17 01:12:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-17 01:12:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-17 01:12:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-17 01:12:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 19:07:45 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-16 16:57:32 248 ----a-w- C:\Windows\SysWow64\PARTIZAL.EXE
2014-06-16 16:56:09 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-06-16 16:47:48 -------- d-----w- C:\ProgramData\RegRun
2014-06-16 16:05:14 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-06-16 16:04:57 2 --shatr- C:\Windows\winstart.bat
2014-06-16 16:04:48 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2014-06-16 16:04:40 -------- d-----w- C:\Program Files (x86)\UnHackMe
2014-06-16 05:35:10 465 ----a-w- C:\Users\Galupo\AppData\Roaming\16062014.bat
2014-06-16 05:35:10 2367328 ----a-w- C:\Users\Galupo\AppData\Roaming\SearchFiles.exe
2014-06-15 20:09:56 -------- d-----w- C:\Users\Galupo\.aria2
2014-06-11 15:49:52 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 15:49:52 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 15:49:50 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 15:49:50 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 15:49:24 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 15:49:24 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 15:49:24 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 15:49:24 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-11 15:48:31 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 15:48:30 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-10 23:56:37 -------- d-----w- C:\Users\Galupo\AppData\Local\Skype
2014-06-09 01:30:08 -------- d-----w- C:\Users\Galupo\AppData\Roaming\Curse Client
2014-06-09 01:29:59 -------- d-----w- C:\Users\Galupo\AppData\Roaming\Curse
2014-06-05 16:50:22 -------- d-----w- C:\ProgramData\Oracle
2014-06-05 16:50:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-03 00:44:46 458 ----a-w- C:\Users\Galupo\AppData\Roaming\02062014.bat
2014-05-27 22:53:27 -------- d-----w- C:\Users\Galupo\AppData\Roaming\Scilab
2014-05-27 22:49:27 -------- d-----w- C:\Program Files\scilab-5.5.0
.
==================== Find3M  ====================
.
2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-24 00:13:44 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-05-24 00:06:55 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-05-06 16:34:55 815314 ----a-w- C:\Users\Galupo\AppData\Roaming\unins001.exe
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-11 23:31:16 720594 ----a-w- C:\Users\Galupo\AppData\Roaming\unins000.exe
2014-04-01 01:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-31 12:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:52:38,59 ===============
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16921  BrowserJavaVersion: 10.60.2
Run by Galupo at 16:51:59 on 2014-06-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.6016.3263 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Galupo\AppData\Roaming\SearchFiles.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.libertyweb.com.br/
uProxyServer = 66.35.68.145:8089
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [searchFiles.exe] C:\Users\Galupo\AppData\Roaming\SearchFiles.exe
uRun: [settingsConnection.exe] C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.254.254 192.168.1.1
TCP: Interfaces\{63A30A2A-CD47-4861-9D35-517228DE91BD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2} : DHCPNameServer = 192.168.254.254 192.168.1.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\44C696E6B60214E616 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\745737471667F6 : DHCPNameServer = 201.17.128.73 201.17.128.78 192.168.0.1
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\E45647659627475716F5530303F5130323 : DHCPNameServer = 201.17.128.78 201.17.128.73
TCP: Interfaces\{768E89BA-ACFC-47D6-8678-755E9C831EA2}\E65647026796274757160253030302140502130323 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Galupo\AppData\Roaming\Mozilla\Firefox\Profiles\anfo37sb.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Galupo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Galupo\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-8 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-8 207904]
R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-28 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-29 28992]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-10 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-7 421704]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-29 98208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-7 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-3-8 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-11-12 196616]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-5-6 519720]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-11-28 1695040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-17 381760]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-28 363800]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-29 331264]
R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-28 356120]
R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-28 788760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-29 565352]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-16 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-16 860472]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-8 80184]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-16 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-16 63704]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-11-29 398144]
S3 PrintNotify;Extensões e Notificações da Impressora;C:\Windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-22 19:43:28 731136 ----a-w- C:\Users\Galupo\AppData\Roaming\modelo.exe
2014-06-22 03:41:07 -------- d-----w- C:\Users\Galupo\AppData\Roaming\22062014
2014-06-21 20:22:21 -------- d-----w- C:\Program Files (x86)\Neocodex
2014-06-21 14:30:58 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4AAFF337-D504-4E72-954F-899C9429E077}\offreg.dll
2014-06-21 07:48:14 -------- d-----w- C:\Users\Galupo\AppData\Local\Adobe
2014-06-21 03:17:24 -------- d-----w- C:\Users\Galupo\AppData\Roaming\21062014
2014-06-21 02:56:13 -------- d-----w- C:\Users\Galupo\AppData\Local\Apple
2014-06-21 02:56:01 -------- d-----w- C:\Users\Galupo\AppData\Local\Apple Computer
2014-06-21 02:26:49 -------- d-----w- C:\ProgramData\EPS
2014-06-21 02:26:49 -------- d-----w- C:\Program Files (x86)\Didsoft
2014-06-21 02:23:01 -------- d-----w- C:\Users\Galupo\AppData\Local\Apps
2014-06-21 02:15:58 -------- d-----w- C:\Windows\System32\MRT
2014-06-21 02:09:36 -------- d-----w- C:\LinhaDefensiva
2014-06-21 00:47:11 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4AAFF337-D504-4E72-954F-899C9429E077}\mpengine.dll
2014-06-17 04:38:45 2354528 ----a-w- C:\Users\Galupo\AppData\Roaming\SettingsConnection.exe
2014-06-17 01:13:12 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-17 01:12:57 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-17 01:12:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-17 01:12:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-17 01:12:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 19:07:45 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-16 16:57:32 248 ----a-w- C:\Windows\SysWow64\PARTIZAL.EXE
2014-06-16 16:56:09 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-06-16 16:47:48 -------- d-----w- C:\ProgramData\RegRun
2014-06-16 16:05:14 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-06-16 16:04:57 2 --shatr- C:\Windows\winstart.bat
2014-06-16 16:04:48 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2014-06-16 16:04:40 -------- d-----w- C:\Program Files (x86)\UnHackMe
2014-06-16 05:35:10 465 ----a-w- C:\Users\Galupo\AppData\Roaming\16062014.bat
2014-06-16 05:35:10 2367328 ----a-w- C:\Users\Galupo\AppData\Roaming\SearchFiles.exe
2014-06-15 20:09:56 -------- d-----w- C:\Users\Galupo\.aria2
2014-06-11 15:49:52 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 15:49:52 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 15:49:50 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 15:49:50 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 15:49:24 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 15:49:24 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 15:49:24 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 15:49:24 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 15:49:24 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-11 15:48:31 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 15:48:30 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-10 23:56:37 -------- d-----w- C:\Users\Galupo\AppData\Local\Skype
2014-06-09 01:30:08 -------- d-----w- C:\Users\Galupo\AppData\Roaming\Curse Client
2014-06-09 01:29:59 -------- d-----w- C:\Users\Galupo\AppData\Roaming\Curse
2014-06-05 16:50:22 -------- d-----w- C:\ProgramData\Oracle
2014-06-05 16:50:03 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-03 00:44:46 458 ----a-w- C:\Users\Galupo\AppData\Roaming\02062014.bat
2014-05-27 22:53:27 -------- d-----w- C:\Users\Galupo\AppData\Roaming\Scilab
2014-05-27 22:49:27 -------- d-----w- C:\Program Files\scilab-5.5.0
.
==================== Find3M  ====================
.
2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-24 00:13:44 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-05-24 00:06:55 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-05-06 16:34:55 815314 ----a-w- C:\Users\Galupo\AppData\Roaming\unins001.exe
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-11 23:31:16 720594 ----a-w- C:\Users\Galupo\AppData\Roaming\unins000.exe
2014-04-01 01:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 01:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-31 12:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:52:38,59 ===============
 
Não foi possível postar o log do gmer, pois não coube.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro galupo

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Galupo on 23/06/2014 at 15:37:15,39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASMANCS

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23/06/2014 at 15:42:55,31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 


# AdwCleaner v3.213 - Relatório criado 23/06/2014 às 15:49:19

# Atualizado 23/06/2014 por Xplode

# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuário : Galupo - GALUPO-PC

# Executando de : C:\Users\Galupo\Downloads\adwcleaner_3.213.exe

# Opção : Limpar

 

***** [ Serviços ] *****

 

 

***** [ Arquivos / Pastas ] *****

 

[x] Não Deletada : C:\Users\Galupo\Desktop\NP

 

***** [ Atalhos ] *****

 

 

***** [ Registro ] *****

 

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS

 

***** [ Navegadores ] *****

 

-\\ Internet Explorer v10.0.9200.16921

 

 

-\\ Mozilla Firefox v27.0.1 (pt-BR)

 

[ Arquivo : C:\Users\Galupo\AppData\Roaming\Mozilla\Firefox\Profiles\anfo37sb.default\prefs.js ]

 

 

-\\ Google Chrome v35.0.1916.153

 

[ Arquivo : C:\Users\Galupo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [1363 octets] - [23/06/2014 15:47:11]

AdwCleaner[R1].txt - [1423 octets] - [23/06/2014 15:48:07]

AdwCleaner[s0].txt - [1331 octets] - [23/06/2014 15:49:19]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1391 octets] ##########

 

 

 

 


ComboFix 14-06-23.01 - Galupo 23/06/2014  15:57:26.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.6016.3250 [GMT -3:00]

Executando de: c:\users\Galupo\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Java\jre7\bin\jp2ssv.dll

c:\programdata\app

c:\programdata\app\drivers.ini

c:\users\Galupo\AppData\Roaming\02062014.bat

c:\users\Galupo\AppData\Roaming\16062014.bat

c:\users\Galupo\AppData\Roaming\23062014

c:\users\Galupo\AppData\Roaming\23062014\ComConnect.exe

c:\users\Galupo\AppData\Roaming\ComConnect.exe

c:\users\Galupo\AppData\Roaming\dht_feed.dll

c:\users\Galupo\AppData\Roaming\modelo.exe

c:\users\Galupo\AppData\Roaming\SearchFiles.exe

c:\users\Galupo\AppData\Roaming\unins001.exe

c:\windows\SysWow64\PARTIZAL.EXE

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2014-05-23 to 2014-06-23  ))))))))))))))))))))))))))))

.

.

2014-06-23 19:02 . 2014-06-23 19:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-06-23 19:02 . 2014-06-23 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-06-23 18:46 . 2014-06-23 18:49 -------- d-----w- C:\AdwCleaner

2014-06-23 18:37 . 2014-06-23 18:37 -------- d-----w- c:\windows\ERUNT

2014-06-21 20:22 . 2014-06-21 20:22 -------- d-----w- c:\program files (x86)\Neocodex

2014-06-21 07:48 . 2014-06-21 07:48 -------- d-----w- c:\users\Galupo\AppData\Local\Adobe

2014-06-21 02:56 . 2014-06-21 02:56 -------- d-----w- c:\users\Galupo\AppData\Local\Apple

2014-06-21 02:56 . 2014-06-21 02:56 -------- d-----w- c:\users\Galupo\AppData\Local\Apple Computer

2014-06-21 02:26 . 2014-06-21 02:26 -------- d-----w- c:\programdata\EPS

2014-06-21 02:26 . 2014-06-21 02:26 -------- d-----w- c:\program files (x86)\Didsoft

2014-06-21 02:23 . 2014-06-21 02:23 -------- d-----w- c:\users\Galupo\AppData\Local\Apps

2014-06-21 02:15 . 2014-06-21 02:17 -------- d-----w- c:\windows\system32\MRT

2014-06-21 02:09 . 2014-06-21 02:12 -------- d-----w- C:\LinhaDefensiva

2014-06-21 00:47 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AAFF337-D504-4E72-954F-899C9429E077}\mpengine.dll

2014-06-17 01:13 . 2014-06-23 18:50 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-17 01:12 . 2014-05-12 10:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-06-17 01:12 . 2014-05-12 10:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-06-17 01:12 . 2014-06-17 01:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-06-17 01:12 . 2014-05-12 10:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-06-16 19:07 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-06-16 16:56 . 2014-06-16 16:56 40720 ----a-w- c:\windows\system32\Partizan.exe

2014-06-16 16:47 . 2014-06-17 01:39 -------- d-----w- c:\programdata\RegRun

2014-06-16 16:05 . 2014-06-16 16:05 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys

2014-06-16 16:04 . 2014-06-16 16:04 2 --shatr- c:\windows\winstart.bat

2014-06-16 16:04 . 2014-03-28 16:01 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys

2014-06-16 16:04 . 2014-06-16 16:06 -------- d-----w- c:\program files (x86)\UnHackMe

2014-06-15 20:09 . 2014-06-16 02:12 -------- d-----w- c:\users\Galupo\.aria2

2014-06-15 08:39 . 2014-06-15 08:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2014-06-11 15:49 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll

2014-06-11 15:49 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2014-06-11 15:49 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2014-06-11 15:49 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2014-06-11 15:49 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll

2014-06-11 15:49 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll

2014-06-11 15:49 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll

2014-06-11 15:49 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-06-11 15:49 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll

2014-06-11 15:49 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

2014-06-11 15:49 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll

2014-06-11 15:49 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2014-06-11 15:48 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll

2014-06-11 15:48 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll

2014-06-10 23:56 . 2014-06-10 23:56 -------- d-----w- c:\users\Galupo\AppData\Local\Skype

2014-06-10 23:56 . 2014-06-10 23:56 -------- d-----w- c:\program files (x86)\Common Files\Skype

2014-06-09 01:30 . 2014-06-11 15:31 -------- d-----w- c:\users\Galupo\AppData\Roaming\Curse Client

2014-06-09 01:29 . 2014-06-09 01:29 -------- d-----w- c:\users\Galupo\AppData\Roaming\Curse

2014-06-05 16:50 . 2014-06-05 16:50 -------- d-----w- c:\programdata\Oracle

2014-06-05 16:50 . 2014-06-05 16:49 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-05-27 22:53 . 2014-05-27 22:53 -------- d-----w- c:\users\Galupo\AppData\Roaming\Scilab

2014-05-27 22:49 . 2014-05-27 22:52 -------- d-----w- c:\program files\scilab-5.5.0

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-04-12 02:22 . 2014-05-14 16:33 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2014-04-12 02:22 . 2014-05-14 16:33 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2014-04-12 02:19 . 2014-05-14 16:33 29184 ----a-w- c:\windows\system32\sspisrv.dll

2014-04-12 02:19 . 2014-05-14 16:33 136192 ----a-w- c:\windows\system32\sspicli.dll

2014-04-12 02:19 . 2014-05-14 16:33 28160 ----a-w- c:\windows\system32\secur32.dll

2014-04-12 02:19 . 2014-05-14 16:33 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-04-12 02:19 . 2014-05-14 16:33 31232 ----a-w- c:\windows\system32\lsass.exe

2014-04-12 02:12 . 2014-05-14 16:33 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-04-12 02:10 . 2014-05-14 16:33 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-04-11 23:31 . 2014-04-11 23:31 720594 ----a-w- c:\users\Galupo\AppData\Roaming\unins000.exe

2014-04-01 01:46 . 2014-04-01 01:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2014-04-01 01:46 . 2014-04-01 01:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2014-03-31 12:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-02 3093624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 133400]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2014-04-02 3774312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-04-02 3774312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2014-02-21 19:13 1582632 ------w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0Partizan

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]

R3 PrintNotify;Extensões e Notificações da Impressora;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iusb3hub;Driver para hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-12 01:53 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 18:30]

.

2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 18:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-03-08 16:24 287280 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-22 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-22 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-22 439064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = 66.35.68.145:8089

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.254.254 192.168.1.1

FF - ProfilePath - c:\users\Galupo\AppData\Roaming\Mozilla\Firefox\Profiles\anfo37sb.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-SearchFiles.exe - c:\users\Galupo\AppData\Roaming\SearchFiles.exe

Wow6432Node-HKCU-Run-SettingsConnection.exe - c:\users\Galupo\AppData\Roaming\SettingsConnection.exe

Wow6432Node-HKCU-Run-ComConnect.exe - c:\users\Galupo\AppData\Roaming\ComConnect.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Galupo\AppData\Roaming\unins001.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2014-06-23  16:04:29

ComboFix-quarantined-files.txt  2014-06-23 19:04

.

Pré-execução: 807.446.794.240 bytes disponíveis

Pós execução: 807.069.532.160 bytes disponíveis

.

- - End Of File - - E1A72E2BCBCCAAB9A38F34F36385D3F2

 


 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro galupo

 

Preciso que atente nas instruções passadas. O ComboFix era para ser executado do Desktop, no entanto você executou: Executando de: c:\users\Galupo\Downloads\ComboFix.exe

 

Delete o ComboFix.exe daí e baixe um novo para o Desktop. Não execute, apenas me informe...

 
Conhece este proxy: ProxyServer = 66.35.68.145:8089
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×