Ir ao conteúdo
  • Cadastre-se
tfmerca

PC lento e travando

Recommended Posts

Ola Analista,

 

Já postei um tópico há alguns meses descrevendo os problemas e os logs, porém foi solicitado pelo analista qie refizesse os logs. Devido a este problema no PC quase não estou utilizando-o e o tópico anterior foi para o arquivo morto.

 

Meu notebook está com uma lentidão fora do comum, congelando a tela de 3 a 5s constantemente. Realizo frequentemente uma limpeza com o CCleaner e configuro os programas a serem iniciados com o Windows no msconfig, deixando somente o essencial. Meu disco está mais da metade da capacidade livre.

Esta lentidão aparentemente começou após minha enteada utilizar o PC por alguns dias.

 

Segue os logs abaixo:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.21.2
Run by Tiago M at 12:11:04 on 2014-07-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.3835.2159 [GMT -3:00]
.
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
F:\Programas\CoreTemp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.4.0.40
uSearch Bar = hxxp://www.oquefazernainternet.com/
uSearch Page = hxxp://www.oquefazernainternet.com/
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.4.0.40
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
mSearchAssistant = hxxp://www.oquefazernainternet.com/
mCustomizeSearch = hxxp://www.oquefazernainternet.com/
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
uRun: [uTorrent] "C:\Users\Tiago M\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\1405D2249626C696F647563616 : NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\1405D2249626C696F647563616 : DHCPNameServer = 10.104.1.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\24F62776751627E656277457563747 : DHCPNameServer = 10.56.1.20 10.64.1.20
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\54D62627164756C6D27596D26496 : NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\54D62627164756C6D27596D26496 : DHCPNameServer = 201.82.0.64 201.82.0.69
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\5636F607961637 : NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\5636F607961637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\75D4 : NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\75D4 : DHCPNameServer = 189.14.80.245 189.14.80.246
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\E4564775166756F525567696E616 : NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\E4564775166756F525567696E616 : DHCPNameServer = 200.246.22.254 200.245.14.89
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tiago M\AppData\Roaming\Mozilla\Firefox\Profiles\w8a1acc6.default\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=NIS&chn=retail&geo=BR&ver=20&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tiago M\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1405000.01C\symds64.sys [2014-5-2 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1405000.01C\symefa64.sys [2014-5-2 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [2014-7-8 1530160]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1405000.01C\ccsetx64.sys [2014-5-2 169048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-30 283200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140711.001\IDSviA64.sys [2014-7-11 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1405000.01C\ironx64.sys [2014-5-2 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1405000.01C\symnets.sys [2014-5-2 433752]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-7 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-30 203264]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-6-14 527928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-3-22 2151200]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe [2014-5-2 144368]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-9-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-14 142128]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-7 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-6-7 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-7 39464]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-10 1431888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-14 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-10 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-6-7 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-9 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-06-30 23:36:07    --------    d-----w-    C:\Users\Tiago M\AppData\Local\TCPO_CD_ES
2014-06-30 23:36:07    --------    d-----w-    C:\Program Files (x86)\TCPO_CD_ES
.
==================== Find3M  ====================
.
.
============= FINISH: 12:12:43,82 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/06/2012 21:30:43
System Uptime: 13/07/2014 11:43:51 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1445
Processor: AMD Phenom II N850 Triple-Core Processor | Socket S1G4 | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 245 GiB total, 175,284 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 220 GiB total, 138,347 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP108: 13/03/2014 22:50:20 - Automatic System Cleaner v2.5
RP109: 13/03/2014 22:56:33 - Automatic System Cleaner v2.5
RP110: 05/04/2014 14:27:29 - Windows Update
RP111: 14/04/2014 21:40:15 - Windows Update
RP112: 04/05/2014 13:02:53 - Removed Bonjour
RP113: 04/05/2014 13:04:03 - Removed Facebook Video Calling 1.2.0.287
RP114: 30/06/2014 20:33:01 - Instalado TCPO ESTUDANTIL
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.07) - Português
Adobe Shockwave Player 12.0
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
AutoCAD 2012 - English
AutoCAD 2012 Language Pack - English
Autodesk Content Service
Autodesk Inventor Fusion 2012
Autodesk Inventor Fusion 2012 Language Pack
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
Central de Mouse e Teclado da Microsoft
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
D1600
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DJ_SF_06_D1600_SW_Min
Energy Star Digital Logo
ESU for Microsoft Windows 7
Gerenciador Eficaz 7
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP CloudDrive
HP Customer Experience Enhancements
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
HP Documentation
HP Power Manager
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HPPhotoGadget
hpWLPGInstaller
Instalação do DivX
iTunes
Java 7 Update 21
Java 7 Update 45 (64-bit)
Java Auto Updater
Java 6 Update 21 (64-bit)
Junk Mail filter update
K-Lite Codec Pack 8.9.2 (Full)
LabelPrint
LightScribe System Software
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Norton Internet Security
Norton Online Backup
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
PDFCreator
PhotoNow!
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RtVOsd
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 6.1
Suporte para Aplicativos Apple
swMSM
Synaptics Pointing Device Driver
TCPO ESTUDANTIL
Toolbox
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Versão de 64 bits do Microsoft Outlook Hotmail Connector
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.11 (64-bit)
.
==== End Of File ===========================
 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-13 13:21:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 TOSHIBA_ rev.MH00 465,76GB
Running: gmer.exe; Driver: C:\Users\TIAGOM~1\AppData\Local\Temp\ugdcrpod.sys


---- User code sections - GMER 2.1 ----

.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[772] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                             0000000077671287 6 bytes JMP 71a8000a
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[772] C:\Windows\syswow64\kernel32.dll!FreeLibrary                                           0000000075433488 6 bytes JMP 71af000a
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[772] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread                              000000007544d552 5 bytes JMP 0000000174b7c9ef
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                0000000076a52c91 4 bytes CALL 71ac0000
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[772] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                0000000077131465 2 bytes [13, 77]
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[772] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                               00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                        * 2
.text   C:\Windows\SysWOW64\RunDll32.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000077131465 2 bytes [13, 77]
.text   C:\Windows\SysWOW64\RunDll32.exe[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                        * 2
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077131465 2 bytes [13, 77]
.text   C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                        * 2

---- Threads - GMER 2.1 ----

Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2904:3600]                                                000007fef6cd3e0c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2904:3604]                                                000007fef62d838c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2904:3612]                                                000007fef6cd3e0c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2904:3616]                                                000007fef5e5c680
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2904:3624]                                                000007fef6cd3e0c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [212:3288]                                                  000007fef6cd3e0c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [212:3300]                                                  000007fef6cd3e0c
Thread  c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [212:3304]                                                  000007fef5e5c680
Thread  F:\Programas\CoreTemp\Core Temp.exe [3076:3276]                                                                            000007fefb8a2a7c
Thread  F:\Programas\CoreTemp\Core Temp.exe [3076:3500]                                                                            00000001801002c8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5fa512c                                                
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5fa512c@10d54209f095                                   0x4C 0x19 0x1B 0x04 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5fa512c (not active ControlSet)                            
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5fa512c@10d54209f095                                       0x4C 0x19 0x1B 0x04 ...

---- EOF - GMER 2.1 ----
 

 

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego,

 

Desde a postagem dos logs esta é a primeira vez que estou utilizando este PC, devido a lentidão. Como não fo utilizado não houve nenhum tipo de alteração.

Caso julgue necessário, no fim de semana consigo postar os logs novamente.

 

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro tfmerca

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download do Zoek e salve em seu Desktop
  • Abra o seu Bloco de Notas e copie (control + c), cole (control + v) todo o texto abaixo:
standardsearch;torpigcheck;silentrunners;installedprogs;msconfigcheck;shortcutfix;emptyfolderscheck;delete;srinfo;emptyalltemp;
  • Salve este arquivo como: zoekscript.txt e feche-o.
Desative TODOS os programas de prevenção (antivírus, antispyware).
Tal com exemplificado na animação abaixo, arraste o arquivo zoekscript.txt para dentro do Zoek.exe.
51dd31d8563a6-output_TD9fmK.gif
Na janela que aparecer clique em Yes.
Quando o scan terminar irá gerar um log.
Poste todo o conteúdo desse log.
Caso o log fique muito grande coloque no anexo.

 

Observação:
Aprove qualquer alerta do
Controle da Conta de Usuário (UAC)
para permitir a execução desta ferramenta.

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego,

O scan foi executado e ao final o computador foi reiniciado.

Segue log em anexo, pois ficou muito grande para ser postado como texto.

 

Abraço.

zoek-results.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro tfmerca

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diego,

 

Realizei as três etapas. Até o térmíno da segunda não percebi muita diferença no PC, porém após o scan do ComboFix a lentidão diminuiu consideravelmente e até o momento não houve mais o 'congelamento' da tela.

 

Não entendo do assunto, mas dei uma analisada nos logs e reparei que os dois primeiros programas encontraram alguns 'erros' (não sei se podem ser chamados disto) de registro e fizeram a remoção de programas/extensões do FireFox, que realmente estava muito lento. O comboFix removel todos programas da HP que inicializavam com o windows, já gostaria de ter feito isto a algum tempo mas nunca consegui.

 

Segue abaixo os logs dos dois três programas. É necessário mais alguma etapa/limpeza?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tiago M on 29/07/2014 at 21:06:46,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tiago M\AppData\Roaming\pdfforge"



~~~ FireFox

Successfully deleted: [File] C:\Users\Tiago M\AppData\Roaming\mozilla\firefox\profiles\w8a1acc6.default\searchplugins\safesearch.xml
Successfully deleted the following from C:\Users\Tiago M\AppData\Roaming\mozilla\firefox\profiles\w8a1acc6.default\prefs.js

user_pref("keyword.URL", "hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=NIS&chn=retail&geo=BR&ver=20&q=");
Emptied folder: C:\Users\Tiago M\AppData\Roaming\mozilla\firefox\profiles\w8a1acc6.default\minidumps [144 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/07/2014 at 21:23:14,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.301 - Relatório criado 29/07/2014 às 22:53:32
# Atualizado 28/07/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Tiago M - TIAGOM-HP
# Executando de : C:\Users\Tiago M\Desktop\adwcleaner_3.301.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Tiago M\AppData\Roaming\Mozilla\Firefox\Profiles\w8a1acc6.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1388 octets] - [29/07/2014 22:47:46]
AdwCleaner[s0].txt - [1280 octets] - [29/07/2014 22:53:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1340 octets] ##########
 

 

ComboFix 14-07-29.01 - Tiago M 29/07/2014  23:20:44.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.3835.2493 [GMT -3:00]
Executando de: c:\users\Tiago M\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Win
f:\documents\~WRL1698.tmp
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-06-28 to 2014-07-30  ))))))))))))))))))))))))))))
.
.
2014-07-30 01:47 . 2014-07-30 01:53    --------    d-----w-    C:\AdwCleaner
2014-07-30 00:06 . 2014-07-30 00:06    --------    d-----w-    c:\windows\ERUNT
2014-07-26 14:16 . 2014-07-26 14:03    24064    ----a-w-    c:\windows\zoek-delete.exe
2014-07-26 14:16 . 2014-07-30 02:38    --------    d-----w-    c:\users\Tiago M\AppData\Local\Temp
2014-07-26 14:03 . 2014-07-26 14:03    --------    d-----w-    C:\zoek_backup
2014-07-25 02:30 . 2014-07-25 02:30    --------    d-----w-    c:\windows\Migration
2014-07-25 02:18 . 2014-07-25 02:18    --------    d-----w-    c:\program files\Microsoft Mouse and Keyboard Center
2014-07-25 01:54 . 2014-06-20 20:14    810160    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2014-07-25 01:53 . 2014-03-04 09:20    3969984    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2014-07-25 01:46 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-25 01:46 . 2014-04-12 02:22    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-07-25 01:46 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-25 01:46 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-25 01:46 . 2014-04-12 02:22    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-07-25 01:46 . 2014-04-12 02:19    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-07-25 01:46 . 2014-04-12 02:19    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-07-25 01:46 . 2014-04-12 02:19    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-07-25 01:46 . 2014-04-12 02:19    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-06-30 23:36 . 2014-06-30 23:36    --------    d-----w-    c:\program files (x86)\TCPO_CD_ES
2014-06-30 23:36 . 2014-06-30 23:36    --------    d-----w-    c:\users\Tiago M\AppData\Local\TCPO_CD_ES
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 20:40 . 2012-06-08 01:30    96441528    ----a-w-    c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Tiago M\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-13 1329744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2014-05-06 18:04    1697848    ----a-w-    c:\program files (x86)\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140728.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140728.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1405000.01C\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S3 ALSysIO;ALSysIO;c:\users\TIAGOM~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\TIAGOM~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 16:43    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 18:45]
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 18:45]
.
2014-07-25 c:\windows\Tasks\HPCeeScheduleForTiago M.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 01:15]
.
2014-07-25 c:\windows\Tasks\HPCeeScheduleForTIAGOM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.4.0.40
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.4.0.40
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
mSearchAssistant = hxxp://www.oquefazernainternet.com/
mCustomizeSearch = hxxp://www.oquefazernainternet.com/
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\1405D2249626C696F647563616: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\54D62627164756C6D27596D26496: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\5636F607961637: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\75D4: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\E4564775166756F525567696E616: NameServer = 8.8.8.8,4.4.4.4
FF - ProfilePath - c:\users\Tiago M\AppData\Roaming\Mozilla\Firefox\Profiles\w8a1acc6.default\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-07-29  23:43:11 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-07-30 02:43
.
Pré-execução: 188.740.214.784 bytes disponíveis
Pós execução: 188.004.618.240 bytes disponíveis
.
- - End Of File - - 0A22BEBD60BEB0F9758A3FD2F0CB23E6
A36C5E4F47E84449FF07ED3517B43A31
 

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro tfmerca

 

# Etapa nº 1 #

 

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

 

# Etapa nº 2 #

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
DDS::uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%smSearchAssistant = hxxp://www.oquefazernainternet.com/mCustomizeSearch = hxxp://www.oquefazernainternet.com/ ADS::
  • Salve este arquivo como: CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Etapas realizadas. Segue logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data de Verificação: 31/07/2014
Hora da Verificação: 22:37:57
Logfile: log Malwarebytes.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.07.31.09
Rootkit Database: v2014.07.17.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Tiago M

Tipo da Verificação: Verificação Rápida
Resultado: Completado
Arquivos Verificados: 250581
Tempo Decorrido: 5 min, 10 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Desabilitado
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 1
Stolen.Data, C:\ProgramData\KeyLog.txt, No Action By User, [b56043636f0ce452b3cd2ffa09fa2fd1],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ComboFix 14-07-29.01 - Tiago M 31/07/2014  22:53:50.2.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.3835.2307 [GMT -3:00]
Executando de: c:\users\Tiago M\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Tiago M\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\keylog.txt
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-07-01 to 2014-08-01  ))))))))))))))))))))))))))))
.
.
2014-08-01 02:08 . 2014-08-01 02:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-01 01:35 . 2014-08-01 01:36    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-01 01:34 . 2014-08-01 01:34    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-01 01:34 . 2014-08-01 01:34    --------    d-----w-    c:\programdata\Malwarebytes
2014-08-01 01:34 . 2014-05-12 10:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-01 01:34 . 2014-05-12 10:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-01 01:34 . 2014-05-12 10:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-30 01:47 . 2014-07-30 01:53    --------    d-----w-    C:\AdwCleaner
2014-07-30 00:06 . 2014-07-30 00:06    --------    d-----w-    c:\windows\ERUNT
2014-07-26 14:16 . 2014-07-26 14:03    24064    ----a-w-    c:\windows\zoek-delete.exe
2014-07-26 14:16 . 2014-08-01 02:08    --------    d-----w-    c:\users\Tiago M\AppData\Local\Temp
2014-07-26 14:03 . 2014-07-26 14:03    --------    d-----w-    C:\zoek_backup
2014-07-25 02:30 . 2014-07-25 02:30    --------    d-----w-    c:\windows\Migration
2014-07-25 02:18 . 2014-07-25 02:18    --------    d-----w-    c:\program files\Microsoft Mouse and Keyboard Center
2014-07-25 01:54 . 2014-06-20 20:14    810160    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2014-07-25 01:53 . 2014-03-04 09:20    3969984    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2014-07-25 01:46 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-25 01:46 . 2014-04-12 02:22    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-07-25 01:46 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-25 01:46 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-25 01:46 . 2014-04-12 02:22    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-07-25 01:46 . 2014-04-12 02:19    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-07-25 01:46 . 2014-04-12 02:19    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-07-25 01:46 . 2014-04-12 02:19    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-07-25 01:46 . 2014-04-12 02:19    31232    ----a-w-    c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 20:40 . 2012-06-08 01:30    96441528    ----a-w-    c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2014-05-06 18:04    1697848    ----a-w-    c:\program files (x86)\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140728.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140728.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1405000.01C\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S3 ALSysIO;ALSysIO;c:\users\TIAGOM~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\TIAGOM~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 16:43    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 18:45]
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 18:45]
.
2014-07-25 c:\windows\Tasks\HPCeeScheduleForTiago M.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 01:15]
.
2014-07-25 c:\windows\Tasks\HPCeeScheduleForTIAGOM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.4.0.40
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=20.4.0.40
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
mSearchAssistant = hxxp://www.oquefazernainternet.com/
mCustomizeSearch = hxxp://www.oquefazernainternet.com/
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\1405D2249626C696F647563616: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\54D62627164756C6D27596D26496: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\5636F607961637: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\75D4: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{4262C499-E002-4FFA-A21E-D92B977965C2}\E4564775166756F525567696E616: NameServer = 8.8.8.8,4.4.4.4
FF - ProfilePath - c:\users\Tiago M\AppData\Roaming\Mozilla\Firefox\Profiles\w8a1acc6.default\
FF - prefs.js: browser.search.selectedEngine - Norton Safe Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-07-31  23:17:18
ComboFix-quarantined-files.txt  2014-08-01 02:17
ComboFix2.txt  2014-07-30 02:43
.
Pré-execução: 187.980.910.592 bytes disponíveis
Pós execução: 187.200.753.664 bytes disponíveis
.
- - End Of File - - 22F79294816EB40A85E982B98DB14DB5
A36C5E4F47E84449FF07ED3517B43A31
 

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Conhece este arquivo: C:\ProgramData\KeyLog.txt?

 

Caso não, abra-o e poste seu conteúdo.

 

Veja se consegue mover este site manualmente nas configurações do navegador:

 

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

mSearchAssistant = hxxp://www.oquefazernainternet.com/
mCustomizeSearch = hxxp://www.oquefazernainternet.com/

 

 

Aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego,

 

Não conheço este arquivo, procurei no local descrito mas não encontrei. Na busca encontrei apenas KeyLog.dat (print em anexo).

 

Quanto ao site, encontrei no Histórico apenas do Firefox o endereço www.oquefazernainternet.com.br. Apaguei manualmente e limpei todo histórico e cookies do IE e Firefox.

Este site ainda pode causar problemas?

 

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vá até a pasta:

 

C:\Qoobox\Quarantine\C\WINDOWS\ProgramData\KeyLog.txt.vir

 

Clique com o botão direito do mouse > abrir com > Bloco de Notas.

 

Copie o conteúdo e poste aqui. Note: caso tenha informações particulares, me envie anexado por Mensagem Privada. ;)

 

Aguardo.


Edit: Quanto aos sites, creio que não.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego,

 

Encontrei dois atalhos do arquivo em C:\Qoobox\Quarantine\C\ProgramData ; ele estava exluído, então recuperei da lixeira.

O conteúdo continha apenas o seguinte texto:

 

<!--28.06.2012, 17:46.   User: "Tiago M".  Window title:"Program Manager"-->
7

 

Procurei sobre o KeyLog e aparentemente é um programa que regstra tudo que é digitado no computador, correto? O único registro encontrado foi este de 2012, do numeral 7. É possível que ele tenha realizado outros registros e que tenham sido deletados?

 

Abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro tfmerca

 

Talvez... precisa trocar todas suas senhas, caso fez algum acesso a banco via Internet, entre em contato com eles e informe do ocorrido e troque sua senha.

 

Desative temporiariamente seu AntiVirus
Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
Clique neste botão: j9Byf.png?1
Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
Duplo clique no ícone em seu desktop.

[*]Marque "YES, I accept the Terms of Use."
[*]Clique em Start.
[*]Aceite qualquer aviso de segurança de seu browser.
[*]Em scan settings, marque "Scan Archives" e "Remove found threats"
[*]Clique em Advanced settings e marque o seguinte:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

[*]Clique Change e marque também a caixa Computador.
[*]Clique em Start.
[*]Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
[*]Quando o scan terminar, clique em List of found threats
[*]Clique em Export to text file e salve o log na sua área de trabalho.
[*]Clique em Back.
[*]Clique em Finish.
[*]Poste o conteúdo do log.

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×