Ir ao conteúdo
  • Cadastre-se
Sheldonn

Infecção generelizada

Recommended Posts

Bom dia a todos. Sem querer acabei baixando um arquivo de execução imediata e essa ferramenta já me causou um problema gigantesco instalando automaticamente uma centena de programas, dentre eles o irritante Tv Wizard. Já efetuei vários procedimentos para solucionar a questão desde o simples remover do painel de controle até baixar e crackear o spyhunter e não obtive êxito na completa remoção dessa praga.

O computador está lento, páginas sem sentido são abertas, execuções de comandos estão prejudicas e acima disso tem muita propaganda. Gostaria por gentileza que alguém me desse um auxílio. Abaixo enviarei as informações necessárias:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.51.2
Run by Sheldonn at 10:49:32 on 2014-11-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.4044.2031 [GMT -3:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Sheldonn\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Update\vuagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll
uRun: [uTorrent] "C:\Users\Sheldonn\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
uRun: [sPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1397\jsdrv.exe
mRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
mRun: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Users\Sheldonn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
Trusted Zone: itau.com.br
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 187.123.63.55 187.123.63.54 187.123.63.56 201.6.4.116
TCP: Interfaces\{903BC9B3-15C7-493F-A0F9-0CE70981418F} : DHCPNameServer = 187.123.63.55 187.123.63.54 187.123.63.56 201.6.4.116
TCP: Interfaces\{903BC9B3-15C7-493F-A0F9-0CE70981418F}\7596D264960274F6370756C6F56416A756E64616F50313 : DHCPNameServer = 192.168.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1506000.020\symds64.sys [2014-9-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1506000.020\symefa64.sys [2014-9-23 1148120]
R1 360FltOEM;360FltOEM mini-filter driver;C:\Windows\System32\drivers\360FltOEM.sys [2012-9-20 289952]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [2014-8-6 1530160]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1506000.020\ccsetx64.sys [2014-9-23 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2013-8-20 168096]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140820.001\IDSviA64.sys [2014-8-20 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\ironx64.sys [2014-9-23 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\symnets.sys [2014-9-23 593112]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-2-24 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-2-24 73376]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-10-27 546104]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-11 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-11 1817088]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe [2014-9-23 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [2013-8-20 144520]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-3-25 46080]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;Intel® System Behavior Tracker Collector Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-11-1 266168]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 770432]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-11 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-11 2656280]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2014-5-27 961624]
R2 Warsaw Technology;Warsaw Technology;C:\Program Files (x86)\Diebold\Warsaw\core.exe [2014-11-9 518968]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-5-11 19968]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-2-24 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-2-24 259232]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-2-24 109216]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-2-24 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-2-24 166048]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-2-24 59040]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-2-24 283296]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-2-24 286880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-11 142128]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-28 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-16 76912]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-11 333928]
R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2014-4-9 13792]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2014-7-2 59240]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2014-5-27 1642544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MPmVccke;MPmVccke;"C:\ProgramData\TMkGcEWh\MPmVccke.exe" --> C:\ProgramData\TMkGcEWh\MPmVccke.exe [?]
S2 rcores;rcores;C:\Windows\rcore.exe --> C:\Windows\rcore.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-11-20 104096]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 esgiguard;esgiguard;C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-18 652016]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-09 18:41:27 -------- d--h--w- C:\Program Files (x86)\GAS Tecnologia
2014-11-09 18:41:27 -------- d-----w- C:\Program Files (x86)\Diebold
2014-11-09 18:39:12 -------- d-----w- C:\TVWizard
2014-11-09 06:23:58 -------- d-----w- C:\ProgramData\Browser
2014-11-09 06:13:09 110080 ----a-r- C:\Users\Sheldonn\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-11-09 06:13:09 110080 ----a-r- C:\Users\Sheldonn\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-11-09 06:13:09 110080 ----a-r- C:\Users\Sheldonn\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-11-09 06:13:08 -------- d-----w- C:\sh4ldr
2014-11-09 06:13:08 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-11-09 06:10:44 -------- d-----w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-11-09 06:10:37 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-11-08 05:27:44 -------- d-----w- C:\Users\Sheldonn\AppData\Local\TVWizard
2014-11-08 05:23:25 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-11-08 05:22:32 -------- d-----w- C:\AdwCleaner
2014-11-08 03:05:54 -------- d-----w- C:\Program Files\Common Files\ShopperPro
2014-11-08 03:02:03 -------- d-----w- C:\Users\Sheldonn\AppData\Roaming\AdvancedSystemProtector
2014-11-08 02:59:05 -------- d-----w- C:\Users\Sheldonn\AppData\Local\CrashRpt
2014-11-08 02:46:14 613012 ----a-w- C:\Users\Sheldonn\AppData\Local\nso96D7.tmp
2014-11-08 02:45:31 -------- d-----w- C:\Program Files (x86)\89ec8f19-01ab-49a9-86e4-5f785c9e8bad
2014-11-08 02:43:28 -------- d-----w- C:\ProgramData\TMkGcEWh
2014-10-28 15:28:08 -------- d-----w- C:\ProgramData\Package Cache
2014-10-16 04:51:05 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 04:51:02 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 04:51:02 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 04:51:02 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 04:51:02 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 04:51:02 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 04:51:02 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 04:49:59 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-16 04:48:46 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 04:48:46 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-20 06:52:36 48656 ----a-w- C:\Windows\System32\drivers\asd2fsm.sys
2014-08-20 06:52:36 47632 ----a-w- C:\Windows\System32\drivers\asdids.sys
2014-08-19 22:00:05 13792 ----a-w- C:\Windows\System32\drivers\semav6thermal64ro.sys
.
============= FINISH: 10:50:05,72 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/11/2011 10:02:35
System Uptime: 10/11/2014 10:37:36 (0 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core i5-2410M CPU @ 2.30GHz | N/A | 2301/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 232,162 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SPDRIVER_1.37.0.1397
Device ID: ROOT\LEGACY_SPDRIVER_1.37.0.1397\0000
Manufacturer: 
Name: SPDRIVER_1.37.0.1397
PNP Device ID: ROOT\LEGACY_SPDRIVER_1.37.0.1397\0000
Service: SPDRIVER_1.37.0.1397
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador de Miniporta WiFi Virtual da Microsoft
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&11D23503&0&01
Manufacturer: Microsoft
Name: Adaptador de Miniporta WiFi Virtual da Microsoft
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&11D23503&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP278: 23/10/2014 12:49:02 - Ponto de Verificação Agendado
RP279: 28/10/2014 12:27:33 - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP280: 04/11/2014 12:38:41 - Ponto de Verificação Agendado
RP281: 07/11/2014 23:42:26 - Uniblue SpeedUpMyPC installation
RP283: 09/11/2014 03:11:08 - Installed SpyHunter
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Atheros WiFi Driver Installation
µTorrent
Bluetooth Win7 Suite (64)
CCleaner
CDisplay 1.8
Conexant HD Audio
Controle ActiveX do Windows Live Mesh para Conexões Remotas
D3DX10
Facebook Video Calling 3.1.0.521
Ferramenta de Restauração de Dados VAIO
Free YouTube to MP3 Converter version 3.10.14.1206
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 51
Java Auto Updater
Java 6 Update 22
Java 6 Update 22 (64-bit)
Junk Mail filter update
K-Lite Mega Codec Pack 8.9.5
Manual VAIO
Media Gallery
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Português do Brasil)
Microsoft .NET Framework 4.5.1 (PTB)
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2010
Microsoft Office com Clique para Executar 2010
Microsoft Office Starter 2010 - Português (Brasil)
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mobile Witch Remote Control
MP3 Cutter 1.1.1
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Muvic Smartbar
Muvic Smartbar Engine
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Nokia Suite
Norton AntiVirus
Norton Identity Safe
Oasis2Service 1.0
OOBE
Pacote de Driver do Windows - Nokia Modem  (03/15/2010 4.4)
Pacote de Driver do Windows - Nokia Modem  (03/15/2010 7.01.0.6)
Pacote de Driver do Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
PC Connectivity Solution
Plano de Negócio
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Qualcomm Atheros Direct Connect
Realtek PCIE Card Reader
Recuva
Remote Keyboard
Remote Play with PlayStation 3
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SES Driver
Skype™ 6.11
Sony Corporation
SpyHunter
SSLx64
SSLx86
Suporte de Transferência VAIO
Synaptics Pointing Device Driver
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Reprodução remota com PlayStation®3
VAIO - Teclado Remoto
VAIO Care
VAIO Care Recovery
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Update
VCCx86
Vegas Pro 13.0 (64-bit)
VESx64
VESx86
Visualizador do Microsoft PowerPoint
VIx64
VIx86
VSNx64
VSNx86
VU5x64
VU5x86
VWSTx86
Warsaw 1.3.1
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
.
==== End Of File ===========================
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-10 11:05:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: gmer.exe; Driver: C:\Users\Sheldonn\AppData\Local\Temp\uxdcrpod.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[888] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                           0000000077c7c4dd 6 bytes JMP 71af000a
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[888] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                         0000000077c81287 6 bytes JMP 71a5000a
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[888] C:\Windows\syswow64\kernel32.dll!FreeLibrary                                                                       0000000077003488 6 bytes JMP 71a8000a
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[888] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread                                                          000000007701d552 5 bytes JMP 0000000175168ca5
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                            0000000077542c9e 4 bytes CALL 71ac0000
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[888] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                            00000000766d1465 2 bytes [6D, 76]
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[888] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                           00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[1536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                           0000000077542c9e 4 bytes CALL 71af0000
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[1536] C:\Windows\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy                                                      000000007674429b 6 bytes JMP 71a8000a
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[1536] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface                                                                000000007682f150 6 bytes JMP 71ab000a
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[1536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                           00000000766d1465 2 bytes [6D, 76]
.text  C:\PROGRA~2\GbPlugin\GbpSv.exe[1536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                          00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Diebold\Warsaw\core.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Diebold\Warsaw\core.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Users\Sheldonn\AppData\Roaming\uTorrent\uTorrent.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  00000000766d1465 2 bytes [6D, 76]
.text  C:\Users\Sheldonn\AppData\Roaming\uTorrent\uTorrent.exe[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Diebold\Warsaw\core.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\Diebold\Warsaw\core.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000766d1465 2 bytes [6D, 76]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000766d14bb 2 bytes [6D, 76]
.text  ...                                                                                                                                                    * 2
 
---- EOF - GMER 2.1 ----
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Sheldonn,

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

Baixe o 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR)

Extraia o arquivos para sua área de trabalho

  • Acesse a pasta mbar e execute o arquivo mbar.exe
  • Clique no botão Next, depois em Update,
  • Clique novamente em Next, e em seguida em Scan.
  • Ao final, Não clique no Cleanup, basta apenas sair do programa.
  • Poste os logs mbar-log.txt e system-log.txt , localizado na pasta mbar

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos obrigado pela atenção. Já baixei o programa e fiz o scan assim como você me solicitou. Ao final do procedimento apareceu a mensagem "no malware founded" e o único arquivo de texto presente na pasta é esse que porei aqui em baixo:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17358
 
Java version: 1.6.0_22
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4240293888, free: 2268446720
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17358
 
Java version: 1.6.0_22
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4240293888, free: 2232532992
 
Downloaded database version: v2014.11.11.05
Downloaded database version: v2014.11.10.01
=======================================
------------ Kernel report ------------
     11/11/2014 13:42:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NAVx64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NAVx64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NAVx64\1506000.020\ccSetx64.sys
\SystemRoot\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys
\SystemRoot\system32\drivers\NAVx64\1506000.020\Ironx64.SYS
\SystemRoot\system32\DRIVERS\360FltOEM.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140820.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys
\??\C:\Windows\system32\drivers\semav6thermal64ro.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\wininet.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\comctl32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006603060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004894050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006603060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006603b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006603060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004894050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 476F9F5C
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 21504000
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21506048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 21710848  Numsec = 955060272
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17358
 
Java version: 1.6.0_22
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4240293888, free: 1987231744
 
=======================================
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006603060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004894050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 476F9F5C
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 21504000
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21506048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 21710848  Numsec = 955060272
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-21506048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-21506048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
 
Baixe 51a612a8b27e2-zoek.png Zoek.exe (por Smeenk) e salve na sua área de trabalho.
 
Execute o arquivo Zoek.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em execadmin.png.

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar.

emptyclsid;resetieproxy;ffdefaults;msconfigcheck;autoclean;resethosts;shortcutfix;systemspecs;chrdefaults;resetwmi;

Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Clique [Run Script]

Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

Uma cópia também será salva no seu disco local com o nome zoek-results.txt

Anexe o zoek-results.txt na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bem Carlos primeiramente gostaria de agradecer a sua presteza no contato e me desculpar pela demora em responder a sua solicitação. Abaixo segue o documento solicitado:

 

 
Zoek.exe v5.0.0.0 Updated 13-November-2014
Tool run by Sheldonn on 13/11/2014 at  8:32:55,95.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sheldonn\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
13/11/2014 08:34:32 Zoek.exe System Restore Point Created Succesfully.
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handle within DNS itself. 
127.0.0.1       localhost 
::1             localhost 
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-832865506-4223121327-1405444904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{FCBF663E-8530-46F8-A880-AC5ABE9D2B23} deleted successfully
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rcores deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rcores deleted successfully
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\prefs.js:
user_pref("browser.startup.homepage","http://clikseguro.com/");
user_pref("browser.search.selectedEngine", "Improved Search");
user_pref("browser.search.order.1", "Improved Search");
 
Added to C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
 
==== Registry Fix Code ======================
 
Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"BrowserMngr Start Page"=-
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted
C:\PROGRA~2\89ec8f19-01ab-49a9-86e4-5f785c9e8bad deleted
C:\user.js deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\DealPly deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Sheldonn\AppData\Local\nso96D7.tmp deleted
C:\Users\Sheldonn\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Witch Remote Control deleted
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Sheldonn\AppData\LocalLow\Protect deleted
C:\windows\SysNative\tasks\060184C3-9766-46a0-B258-F4518A0B2633 deleted
C:\windows\SysNative\Tasks\SPBIW_UpdateTask_Time_323736373132313731372d2d37505a2a6c55326c342341 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\searchplugins\improvedsearch.xml deleted
C:\Users\Sheldonn\Downloads\Programas\DownloadSetup (36).exe deleted
"C:\Users\Sheldonn\AppData\Roaming\EGOM" deleted
"C:\Windows\tasks\EGOM.job" deleted
"C:\Windows\SysNative\tasks\EGOM" deleted
"C:\Users\Sheldonn\AppData\Roaming\EQLS" deleted
"C:\Windows\tasks\EQLS.job" deleted
"C:\Windows\SysNative\tasks\EQLS" deleted
"C:\Users\Sheldonn\AppData\Roaming\GOALQMM" deleted
"C:\Windows\tasks\GOALQMM.job" deleted
"C:\Windows\SysNative\tasks\GOALQMM" deleted
"C:\Users\Sheldonn\AppData\Roaming\MTRJQDC" deleted
"C:\Windows\tasks\MTRJQDC.job" deleted
"C:\Windows\SysNative\tasks\MTRJQDC" deleted
"C:\Users\Sheldonn\AppData\Roaming\NMZITLVK" deleted
"C:\Windows\tasks\NMZITLVK.job" deleted
"C:\Windows\SysNative\tasks\NMZITLVK" deleted
"C:\Users\Sheldonn\AppData\Roaming\PJRNP" deleted
"C:\Windows\tasks\PJRNP.job" deleted
"C:\Windows\SysNative\tasks\PJRNP" deleted
"C:\Users\Sheldonn\AppData\Roaming\YTZ" deleted
"C:\Windows\tasks\YTZ.job" deleted
"C:\Windows\SysNative\tasks\YTZ" deleted
"C:\Users\Sheldonn\AppData\Roaming\ZNHWGKLL" deleted
"C:\Windows\tasks\ZNHWGKLL.job" deleted
"C:\Windows\SysNative\tasks\ZNHWGKLL" deleted
"C:\Users\Sheldonn\AppData\Roaming\iolo" deleted
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4044 MB
CPU Info: Intel® Core i5-2410M CPU @ 2.30GHz
CPU Speed: 2298,5 MHz
Sound Card: Internal Speaker/Headphone (Con | 
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Genérico PnP | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR9285 Wireless Network Adapter | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Dispositivo Bluetooth (Rede Pessoal) #2
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633C
Ports: COM3 LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  455,4GB | Q:  0,0MB
Hard Disks - Free: C:  231,9GB | Q:  0,0MB
Manufacturer *: INSYDE
BIOS Info: AT/AT COMPATIBLE | 05/02/11 | Sony - 20110502
Time Zone: Hora oficial do Brasil
Motherboard *: Sony Corporation VAIO
Country: Brasil 
Language: PTB 
 
==== System Specs (Software) ======================
 
Anti-Virus: Norton AntiVirus On-access scanning disabled (Outdated)
Anti-Spyware: Norton AntiVirus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 38.0.2125.111
Internet Explorer Version: 11.0.9600.17420 
Google Chrome version: 38.0.2125.111
Adobe Reader version: 10.0.0.396
Sun Java version: 1.7.0_51 (32-bit) 
Sun Java version: 1.6.0_22 (64-bit) 
Flash Player version: 10.2.152.26
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF" [18/11/2013 22:32]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default
- Undetermined - %ProfilePath%\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com
- Undetermined - %ProfilePath%\extensions\warnerroberts@hotmail.com
- Undetermined - %ProfilePath%\extensions\wrigtdamon@yahoo.com
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Sheldonn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
16485F315911FD051DCA03BD50FB470A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll - Shockwave Flash
 
 
==== Chromium Look ======================
 
AdBlock - Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Adblock for Pirate Bay - Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd
Facebook AdBlock - Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa
Toggle Adblock Plus - Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdlpiobbbbdcaklklfalojacgifffohf
 
==== Chromium Fix ======================
 
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twittertemplate.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_downsonglyrics.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmania.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_banners.adultfriendfinder.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricfinder.org_0.localstorage deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricfinder.org_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_download.click2saveapp.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.click2saveapp.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads.wajam.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.wajam.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby-br.dealply.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_geo.messenger.services.live.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_geo.messenger.services.live.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service2.pricegong.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_portugues.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_overlay.letssearch.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page Restore"="http://www.google.com"
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page Restore"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Reset Google Chrome ======================
 
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== shortcuts on Users Desktops ======================
 
C:\Users\Sheldonn\Desktop\CDisplay.lnk - C:\Program Files (x86)\CDisplay\CDisplay.exe 
C:\Users\Sheldonn\Desktop\Master System.lnk - C:\Users\Sheldonn\Downloads\Emuladores\Master System\Fusion.exe 
C:\Users\Sheldonn\Desktop\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\Sheldonn\Desktop\Nintendo.lnk - C:\Users\Sheldonn\Downloads\Emuladores\Nintendo\nestopia.exe 
C:\Users\Sheldonn\Desktop\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe 
C:\Users\Sheldonn\Desktop\µTorrent.lnk -  
 
==== shortcuts on All Users Desktop ======================
 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\Microsoft Office 2010.lnk - C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE 
C:\Users\Public\Desktop\Norton AntiVirus.lnk - C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\uistub.exe 
C:\Users\Public\Desktop\Plano de Negócio.lnk -  
 
==== shortcuts in Users Start Menu ======================
 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk - C:\Windows\explorer.exe "C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4.com"
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk - C:\Windows\SysWOW64\msiexec.exe /X {AF549236-6258-4AC6-A043-5B5B89C6EB61}
 
==== shortcuts in All Users Start Menu ======================
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plano de Negócio.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk - C:\Program Files\Sony\VAIO Care\VAIOCare.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus\LiveUpdate.lnk - C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\uistub.exe /lu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus\NBRT.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus\Norton AntiVirus.lnk - C:\Program Files (x86)\Norton AntiVirus\Engine64\21.6.0.32\uistub.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus\Support.lnk - C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\symerr.exe /support
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus\Uninstall Norton AntiVirus.lnk - C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\21.6.0.32\inststub.exe /X /shortcut
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care\VAIO Care.lnk - C:\Program Files\Sony\VAIO Care\VAIOCare.exe 
 
==== shortcuts in Quick Launch ======================
 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobile Witch Remote Control.lnk - C:\Program Files (x86)\Mobile Witch Remote Control\Mobile Witch Remote Control.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MP3 Cutter.lnk - C:\MP3Cutter\MP3Cutter.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Nokia Suite.lnk - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photoshop CS3.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vegas Pro 13.0 (64-bit).lnk - C:\Program Files (x86)\Sony\Vegas Pro 13.0\vegas130.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\Sheldonn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyEnable"=dword:00000000
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C83CA603-6DDD-945F-0FD3-D40DD9614DC6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C8428739-5207-4817-9F19-69FA77018633} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ee489048-c019-4735-be16-8386ece8d41a} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\9378248C70257184F99196AF77106833 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheldonn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheldonn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1QN429B will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== Reset WMI ======================
 
Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows.
Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar  estes servi‡os.
 
   Central de Seguran‡a
   Auxiliar de IP
   Intel® Rapid Storage Technology
 
O servi‡o de Central de Seguran‡a est  sendo finalizado .
O servi‡o de Central de Seguran‡a foi finalizado com ˆxito.
 
O servi‡o de Auxiliar de IP est  sendo finalizado ..
O servi‡o de Auxiliar de IP foi finalizado com ˆxito.
 
O servi‡o de Intel® Rapid Storage Technology est  sendo finalizado .
O servi‡o de Intel® Rapid Storage Technology foi finalizado com ˆxito.
 
O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est  sendo finalizado ..
O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito.
 
C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=86 folders=28 11566342 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sheldonn\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Sheldonn\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Sheldonn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1QN429B" not found
 
==== EOF on 13/11/2014 at  8:54:05,10 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o HitmanPro e salve na sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

  • Execute o HitmanPro.exe ** Usuários do Windows Vista e Windows 7:
    Clique com o direito sobre o arquivo
    HitmanPro, depois clique em execadmin.png.
  • Clique em PRÓXIMO
  • Aceite o contrato de licença, marcando a caixa "Aceito todos os termos do acordo de licença".
  • Marque a opção onde diz: "Não, eu só quero executar uma pesquisa única para verificar esse computador."
  • Clique novamente em PRÓXIMO e aguarde o scaneamento.
    Nota: Nesse momento o botão PRÓXIMO estará desabilitado.
  • Quando ele terminar o scan o botão PRÓXIMO ficará ativo novamente. Clique em PRÓXIMO novamente.
  • Caso precise, ative a licença grátis
  • Clique em PRÓXIMO novamente, aguarde ate ele realizar a limpeza, e clique novamente em PRÓXIMO.
  • Em azul bem abaixo diz: "Guardar relatório". Clique e salve o na sua área de trabalho.
  • Poste esse log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos segue a informação solicitada:

 

HitmanPro 3.7.9.232www.hitmanpro.com    Computer name . . . . : SHELDONN-VAIO   Windows . . . . . . . : 6.1.1.7601.X64/4   User name . . . . . . : Sheldonn-VAIO\Sheldonn   UAC . . . . . . . . . : Enabled   License . . . . . . . : Trial (31 days left)    Scan date . . . . . . : 2014-11-13 21:28:46   Scan mode . . . . . . : Normal   Scan duration . . . . : 7m 13s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : Yes    Threats . . . . . . . : 1   Traces  . . . . . . . : 58    Objects scanned . . . : 2.876.413   Files scanned . . . . : 58.432   Remnants scanned  . . : 1.597.641 files / 1.220.340 keys Malware _____________________________________________________________________    C:\Users\Sheldonn\Documents\VideoConverterSetup.exe -> Quarantined      Size . . . . . . . : 1.127.184 bytes      Age  . . . . . . . : 784.4 days (2012-09-20 12:42:31)      Entropy  . . . . . : 7.0      SHA-256  . . . . . : F986F43D00D227551DBB84B4E68E02DC05C3C556CA0F8304A17591C9CD413A41    > Bitdefender  . . . : Adware.Generic.468376      Fuzzy  . . . . . . : 106.0  Potential Unwanted Programs _________________________________________________    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader) -> Deleted   HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL\ (Goobzo) -> Deleted   HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}\ (Goobzo) -> Deleted   HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}\ (Goobzo) -> Deleted   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL\ (Goobzo) -> PendingDelete   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}\ (Goobzo) -> PendingDelete   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\ (RegClean Pro) -> Deleted   HKLM\SOFTWARE\YTDownloader\ (YTDownloader) -> Deleted   HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) -> Deleted   HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) -> Deleted   HKLM\SYSTEM\ControlSet002\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) -> Deleted   HKLM\SYSTEM\ControlSet002\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) -> Deleted   HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) -> PendingDelete   HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) -> PendingDelete   HKU\.DEFAULT\Software\AppDataLow\Software\Sense\ (SaveSense) -> Deleted   HKU\S-1-5-18\Software\AppDataLow\Software\Sense\ (SaveSense) -> PendingDelete   HKU\S-1-5-21-832865506-4223121327-1405444904-1000\Software\Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader) -> Deleted   HKU\S-1-5-21-832865506-4223121327-1405444904-1000\Software\Classes\PepperZip\ (PepperZip) -> Deleted   HKU\S-1-5-21-832865506-4223121327-1405444904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com\ (ShopperPro) -> Deleted   HKU\S-1-5-21-832865506-4223121327-1405444904-1000\Software\Microsoft\Windows\CurrentVersion\Run\SPDriver (ShopperPro) -> Deleted   HKU\S-1-5-21-832865506-4223121327-1405444904-1000_Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader) -> PendingDelete   HKU\S-1-5-21-832865506-4223121327-1405444904-1000_Classes\PepperZip\ (PepperZip) -> PendingDelete Cookies _____________________________________________________________________    C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:123sexo.com.br   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.uptobox.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:disksexo.org   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:filhadaputa.xxx   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:nacionalporno.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornative.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoamador.xxx   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornocarioca.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexoamadorbr.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexypower.xxx   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornocarioca.com   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.xvideossex.xxx   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:xvideossex.xxx   C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\30PDHELC.txt   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\7JQDSA4Y.txt   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\8LFKUQGD.txt   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\J7QFCM7O.txt   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\P295O685.txt   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\R2MEK5Z8.txt   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\VA0NC1GQ.txt   C:\Users\Sheldonn\AppData\Roaming\Microsoft\Windows\Cookies\XDRKPRI1.txt  

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Farbar Recovery Scan Tool e salve na sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o anexo deste post e salve-o no desktop.

Execute o FRST64.exe e clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Anexe o log na sua próxima resposta.

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos segue o log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 02
Ran by Sheldonn at 2014-11-16 14:34:38 Run:1
Running from C:\Users\Sheldonn\Desktop
Loaded Profile: Sheldonn (Available profiles: Sheldonn)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-832865506-4223121327-1405444904-1000\...\MountPoints2: {43e15a04-289f-11e3-9a26-78843c912070} - E:\AutoRun.exe
HKU\S-1-5-21-832865506-4223121327-1405444904-1000\...\MountPoints2: {473864f7-d81f-11e2-b30c-90004eb6dc70} - E:\Startme.exe
ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-832865506-4223121327-1405444904-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 MPmVccke; "C:\ProgramData\TMkGcEWh\MPmVccke.exe" [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
C:\TVWizard
C:\Users\Sheldonn\AppData\Local\TVWizard
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
 
 
*****************
 
"HKU\S-1-5-21-832865506-4223121327-1405444904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43e15a04-289f-11e3-9a26-78843c912070}" => Key deleted successfully.
"HKCR\CLSID\{43e15a04-289f-11e3-9a26-78843c912070}" => Key not found.
"HKU\S-1-5-21-832865506-4223121327-1405444904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{473864f7-d81f-11e2-b30c-90004eb6dc70}" => Key deleted successfully.
"HKCR\CLSID\{473864f7-d81f-11e2-b30c-90004eb6dc70}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => Key deleted successfully.
"HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-832865506-4223121327-1405444904-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
MPmVccke => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
C:\TVWizard => Moved successfully.
C:\Users\Sheldonn\AppData\Local\TVWizard => Moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{D7BF2364-07ED-438B-B176-6B087435E9CA} canceled.
{A7DA8A10-654D-4625-B3B3-BF9DB96DA5FD} canceled.
{4D604CB4-240B-4550-8D2D-56C9392D9272} canceled.
{203D7DA7-6BE6-47D5-B435-E648384D6D3D} canceled.
{7447D87C-C630-4D3E-BC49-736D15B5B28F} canceled.
{E3E83DB8-CC80-4F66-B49D-4AB21E442DA4} canceled.
{9FB518A1-EC64-404E-AA4E-B353A6CFDD97} canceled.
{4CB43184-64C2-4D52-B909-A58FC6EB2274} canceled.
{A5B3AD22-EE78-4D03-B797-E19C403947B9} canceled.
{A1F8E7AC-88C2-4388-B31D-2FE2A0E0D28D} canceled.
{AE9CA6E4-9293-42F1-9720-E91CFE30E3BF} canceled.
{85016250-4AB4-454E-B078-68D07ECCEE23} canceled.
{6525A5EB-540D-43BE-9BE1-9F9B24D2D900} canceled.
{EFC593EB-A9BD-4A86-BA08-3542E0F7288F} canceled.
{463799D8-D9BD-4069-83B0-B895EC88A49A} canceled.
{5F14661A-5220-4FF5-ADDC-8A68A2D3A79C} canceled.
{D92F7BAE-26C8-4F24-94E9-0CAB08688CE6} canceled.
{68EBD660-E0A7-4A32-AB1E-0B26D79C82AF} canceled.
{BA192489-C155-4307-B6B8-56667A77BCBE} canceled.
{4CCB1BF3-A1DE-4892-B24C-770319E392AE} canceled.
{84045BCE-1945-4DAF-8967-CD32518BDEED} canceled.
{8D28A2E0-604E-4A2E-B7A7-3AC7D115ECDF} canceled.
{0E732A77-7EFD-43AC-AF1E-BC658DB1F8AA} canceled.
23 out of 23 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Configura��o de IP do Windows
 
Libera��o do Cache do DNS Resolver bem-sucedida.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 975.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

1)

 

Baixe o AdwCleaner e salve no desktop.
https://toolslib.net/downloads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

2)

 

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes....am-download.php

Dê um duplo-clique no mbam-setup.exe, para a instalação.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware (se houver) e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
  • Ainda na tela de Configurações, clique em Detecção e proteção, marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados):, selecione Tratar detecções como malware.
  • Clique em Verificar em seguida Verificar ameaça por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver ítens encontrados, clique no botão Mover todos para a Quarentena..
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa. Utilize o formato .txt para exportar o log.
  • Anexe o log na sua próxima resposta..

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue,

# AdwCleaner v4.101 - Relatório criado 17/11/2014 às 06:16:03
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-16.1 [Live]
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Sheldonn - SHELDONN-VAIO
# Executando de : C:\Users\Sheldonn\Desktop\adwcleaner_4.101.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
 
***** [ Tarefas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [24083 octets] - [08/11/2014 02:22:34]
AdwCleaner[R1].txt - [2224 octets] - [17/11/2014 06:05:19]
AdwCleaner[R2].txt - [1186 octets] - [17/11/2014 06:14:06]
AdwCleaner[s0].txt - [20434 octets] - [08/11/2014 02:23:51]
AdwCleaner[s1].txt - [1897 octets] - [17/11/2014 06:07:33]
AdwCleaner[s2].txt - [1103 octets] - [17/11/2014 06:16:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1163 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data da Verificação: 17/11/2014
Hora da Verificação: 06:27:40
Arquivo de Log: Log Mbam.txt
Administrador: Sim
 
Versão: 2.00.3.1025
Base de Dados de Malware: v2014.11.17.02
Base de Dados de Rootkit: v2014.11.12.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado
 
SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Sheldonn
 
Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 334057
Tempo Decorrido: 21 min, 17 seg
 
Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
 
Processos: 0
(Nenhum item malicioso detectado)
 
Módulos: 0
(Nenhum item malicioso detectado)
 
Chaves de Registro: 5
PUP.Optional.SurfSafely.A, HKU\S-1-5-21-832865506-4223121327-1405444904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6C85A1C9-0F93-4B46-BE67-D409D64C7E67}, Quarentena, [9e4bd367621a53e388579c1b55add729], 
PUP.Optional.SurfSafely.A, HKLM\SOFTWARE\WOW6432NODE\Surf Safely, Quarentena, [30b9f4466e0e1b1b73ccf751798a3bc5], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BrowsersApp_Pro+_version2.1, Quarentena, [36b37ac099e396a0cef4fb3a6f94d828], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaPlus Pro 1.3V07.11, Quarentena, [9554a09aadcf52e417ff45f18380a65a], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ObjectBrowser_version2.1, Quarentena, [af3a1b1fd4a816208042d461699a728e], 
 
Valores de Registro: 0
(Nenhum item malicioso detectado)
 
Dados de Registro: 0
(Nenhum item malicioso detectado)
 
Pastas: 14
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\defaults, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\defaults\preferences, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\userCode, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\locale, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\locale\en-US, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
 
Arquivos: 17
PUP.Optional.TVWizard.A, C:\ProgramData\TMkGcEWh\dat\cGFUPFMA.exe, Quarentena, [b8310b2fd5a7be7817a4a4fdd72ae719], 
PUP.Optional.TVWizard.A, C:\ProgramData\TMkGcEWh\dat\EPqxZAEh.dll, Quarentena, [bc2dfc3ea3d960d6ab4fec4fe81d20e0], 
PUP.Optional.TVWizard.A, C:\ProgramData\TMkGcEWh\dat\JKnKfC.exe, Quarentena, [c62314269ede1a1cf8c39b0658a9eb15], 
PUP.Optional.FriedCookie, C:\Users\Sheldonn\Desktop\x264-video-codec-r2491-32-bits.exe, Quarentena, [29c025152a52ce682783c479c83d2cd4], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\61920.msi, Quarentena, [6782c476d3a905310979a9f4f60b44bc], 
PUP.Optional.Pinwid.A, C:\Windows\Installer\61926.msi, Quarentena, [effa3208b0cc0d29b66c64d6a3627987], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI33FE.tmp-\Smartbar.Installer.CustomActions.dll, Quarentena, [0fda1d1d82fa1422bf910628bf41a759], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI8B71.tmp-\Smartbar.Installer.CustomActions.dll, Quarentena, [a8415edc4834c373420ef43a25dbdc24], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSID682.tmp-\Smartbar.Installer.CustomActions.dll, Quarentena, [da0f78c2176551e5341c71bd24dc3fc1], 
PUP.Optional.Proxy.A, C:\Users\Sheldonn\AppData\Local\proxy.log, Quarentena, [a34652e86e0e45f1caa39aab9c67d12f], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbia.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici32.dll, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici64.dll, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii32.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii64.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiu.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiw.sys, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
 
Setores Físicos: 0
(Nenhum item malicioso detectado)
 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data da Verificação: 17/11/2014
Hora da Verificação: 06:27:40
Arquivo de Log: Log Mbam 2.txt
Administrador: Sim
 
Versão: 2.00.3.1025
Base de Dados de Malware: v2014.11.17.02
Base de Dados de Rootkit: v2014.11.12.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado
 
SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Sheldonn
 
Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 334057
Tempo Decorrido: 21 min, 17 seg
 
Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
 
Processos: 0
(Nenhum item malicioso detectado)
 
Módulos: 0
(Nenhum item malicioso detectado)
 
Chaves de Registro: 5
PUP.Optional.SurfSafely.A, HKU\S-1-5-21-832865506-4223121327-1405444904-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6C85A1C9-0F93-4B46-BE67-D409D64C7E67}, Quarentena, [9e4bd367621a53e388579c1b55add729], 
PUP.Optional.SurfSafely.A, HKLM\SOFTWARE\WOW6432NODE\Surf Safely, Quarentena, [30b9f4466e0e1b1b73ccf751798a3bc5], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BrowsersApp_Pro+_version2.1, Quarentena, [36b37ac099e396a0cef4fb3a6f94d828], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaPlus Pro 1.3V07.11, Quarentena, [9554a09aadcf52e417ff45f18380a65a], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ObjectBrowser_version2.1, Quarentena, [af3a1b1fd4a816208042d461699a728e], 
 
Valores de Registro: 0
(Nenhum item malicioso detectado)
 
Dados de Registro: 0
(Nenhum item malicioso detectado)
 
Pastas: 14
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\api, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\chrome\content\core, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\defaults, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\defaults\preferences, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\userCode, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\locale, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\locale\en-US, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.CrossRider.A, C:\Users\Sheldonn\AppData\Roaming\Mozilla\Firefox\Profiles\nfr6emfw.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\skin, Quarentena, [47a298a2403c6acc94b138ec42c1857b], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
 
Arquivos: 17
PUP.Optional.TVWizard.A, C:\ProgramData\TMkGcEWh\dat\cGFUPFMA.exe, Quarentena, [b8310b2fd5a7be7817a4a4fdd72ae719], 
PUP.Optional.TVWizard.A, C:\ProgramData\TMkGcEWh\dat\EPqxZAEh.dll, Quarentena, [bc2dfc3ea3d960d6ab4fec4fe81d20e0], 
PUP.Optional.TVWizard.A, C:\ProgramData\TMkGcEWh\dat\JKnKfC.exe, Quarentena, [c62314269ede1a1cf8c39b0658a9eb15], 
PUP.Optional.FriedCookie, C:\Users\Sheldonn\Desktop\x264-video-codec-r2491-32-bits.exe, Quarentena, [29c025152a52ce682783c479c83d2cd4], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\61920.msi, Quarentena, [6782c476d3a905310979a9f4f60b44bc], 
PUP.Optional.Pinwid.A, C:\Windows\Installer\61926.msi, Quarentena, [effa3208b0cc0d29b66c64d6a3627987], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI33FE.tmp-\Smartbar.Installer.CustomActions.dll, Quarentena, [0fda1d1d82fa1422bf910628bf41a759], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI8B71.tmp-\Smartbar.Installer.CustomActions.dll, Quarentena, [a8415edc4834c373420ef43a25dbdc24], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSID682.tmp-\Smartbar.Installer.CustomActions.dll, Quarentena, [da0f78c2176551e5341c71bd24dc3fc1], 
PUP.Optional.Proxy.A, C:\Users\Sheldonn\AppData\Local\proxy.log, Quarentena, [a34652e86e0e45f1caa39aab9c67d12f], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbia.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici32.dll, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici64.dll, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii32.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii64.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiu.exe, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiw.sys, Quarentena, [46a350ea324a77bf9aab111744bf9e62], 
 
Setores Físicos: 0
(Nenhum item malicioso detectado)
 
 
(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

1)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Anexe o log na sua próxima resposta.

2)

 

Desative temporiariamente seu AntiVirus

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Anexe o conteúdo do log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Sheldonn on 18/11/2014 at 15:58:30,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\Sheldonn\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/11/2014 at 16:06:15,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir MSIL/Adware.PullUpdate.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Sheldonn\AppData\Local\mbot_br_257\Download\majmp_gentlelatam.exe.vir Win32/AdWare.EoRezo.AW application cleaned by deleting - quarantined
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 Win32/AdWare.1ClickDownload.AW application cleaned by deleting - quarantined
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 Win32/AdWare.1ClickDownload.AW application cleaned by deleting - quarantined
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000002 Win32/AdWare.1ClickDownload.AW application cleaned by deleting - quarantined
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000003 Win32/AdWare.1ClickDownload.AW application cleaned by deleting - quarantined
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000004 Win32/AdWare.1ClickDownload.AW application cleaned by deleting - quarantined
C:\Users\Sheldonn\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000005 Win32/AdWare.1ClickDownload.AW application cleaned by deleting - quarantined
C:\Users\Sheldonn\Documents\TopGearThe\Templates selecionados\01- Aurana.xml JS/Kryptik.ALB trojan cleaned by deleting - quarantined
C:\Users\Sheldonn\Documents\TopGearThe\Templates selecionados\02- ModernBlog.xml JS/Kryptik.ALB trojan cleaned by deleting - quarantined
C:\Users\Sheldonn\Documents\TopGearThe\Templates selecionados\03- Alyeska.xml JS/Kryptik.ALB trojan cleaned by deleting - quarantined
C:\Users\Sheldonn\Documents\TopGearThe\Templates selecionados\04- MusiMag.xml JS/Kryptik.ALB trojan cleaned by deleting - quarantined
C:\Users\Sheldonn\Downloads\Programas\ccsetup314.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK,

 

Para finalizar:
 
# Etapa nº 1 #


Baixe o Delfix by Xplode e salve na sua área de trabalho.

Dê dois cliques no delfix.exe para executá-lo. Marque as caixas conforme imagem.

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

2mez6ld.png

Clique no botão Executar.

Ao final será gerado um log, mas não é necessário postar.

 

# Etapa nº 2 #

 

Atualize o Java.
 
Atenção: Desinstale TODAS as versões antigas do Java.

  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

 
# Etapa nº 3 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner

 

IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!

  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...

Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!
<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços. thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos depois dessa verdadeira saga tudo parece ter voltado ao normal. O computador está rodando bem leve e os malditos adwares sumiram. Gostaria de agradecer a sua presteza e atenção em me ajudar a resolver o problema. Muito obrigado e até a próxima meu caro.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×