Ir ao conteúdo
  • Cadastre-se
Sandra Veiga

malware BuyNsave

Recommended Posts

Boa tarde

 

Meu filho instalou o malware BuyNsave e eu não consigo eliminá-lo. Segui os passos que constam neste link

http://malwaretips.com/blogs/remove-buynsave-virus/

mas ele ainda aparece no chrome.

Eu desinstalo nas extensões, mas ele volta.

 

Agradeço a vossa ajuda.

 

O Gmer.txt está em anexo.

 

Sandra

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 15/08/2013 15:35:56
System Uptime: 24/11/2014 10:21:51 (1 hours ago)
.
Motherboard: Intel Corporation |  | DH61HO
Processor: Intel® Pentium® CPU G630 @ 2.70GHz | CPU 1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 976 GiB total, 718,778 GiB free.
D: is CDROM ()
G: is CDROM (CDFS)
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 01/11/2014 21:18:42 - Ponto de Verificação Agendado
RP96: 10/11/2014 12:28:42 - Ponto de Verificação Agendado
RP97: 13/11/2014 20:04:36 - Instalação de Pacote de Driver de Dispositivo: Atheros Communications Inc. Adaptadores de rede
RP98: 22/11/2014 11:46:25 - Ponto de Verificação Agendado
RP99: 24/11/2014 10:20:14 - Ponto de verificação por HitmanPro
.
==== Installed Programs ======================
.
108M USB 5.0
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09) - Português
Aegisub 3.2.0
µTorrent
Atualizações da NVIDIA 11.10.13
B1 Free Archiver
BBAdminTool
CCleaner
Classic Shell
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 64 Bit
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang DE
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - Lang IT
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - BR
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
DAEMON Tools Lite
Facebook Video Calling 3.1.0.521
GBBD Banco do Brasil
GBBD Caixa Economica Federal
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Deskjet 1510 series Basic Device Software
Intel® Management Engine Components
Intel® Trusted Connect Service Client
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
Java 7 Update 71
Java Auto Updater
JDownloader 2
JP
LogMeIn Hamachi
Malwarebytes Anti-Malware versão 2.0.3.1025
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Minecraft1.6.2
Minecraft1.7.2
Mozilla Firefox 32.0.3 (x86 pt-BR)
Mozilla Firefox 33.1 (x86 pt-BR)
Mozilla Maintenance Service
NVIDIA Driver de controle do 3D Vision 335.21
NVIDIA Driver de gráficos 335.23
NVIDIA Driver do 3D Vision 335.23
NVIDIA GeForce Experience 1.8.2.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA ShadowPlay 11.10.13
NVIDIA Software do sistema PhysX 9.13.1220
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
Painel de controle da NVIDIA 335.23
Platform
PS3 Media Server
Receitanet
SafeSign 64-bits
SHIELD Streaming
Skype™ 6.21
SYSM Monitor
TeamViewer 9
VIA Gerenciador de dispositivo de plataforma
Viber
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual Basic for Applications ® Core - French
Visual Basic for Applications ® Core - German
Visual Basic for Applications ® Core - Italian
Visual Basic for Applications ® Core - Portuguese (Brazil)
Visual Basic for Applications ® Core - Spanish
Visual Studio 2010 x64 Redistributables
Visualizador
VLC media player 2.0.8
Wilcom EmbroideryStudio
WinRAR 5.00 (64-bit)
XBMC
.
==== End Of File ===========================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384  BrowserJavaVersion: 10.71.2
Run by Sandra PC at 11:32:01 on 2014-11-24
Microsoft Windows 8 Pro  6.2.9200.0.1252.55.1046.18.8163.5950 [GMT -2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Minecraft_Backup\hamachi-2.exe
C:\Minecraft_Backup\LMIGuardianSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\aetcrss1.exe
C:\Users\Sandra PC\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Sandra PC\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Minecraft_Backup\hamachi-2-ui.exe
C:\Minecraft_Backup\LMIGuardianSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [uTorrent] "C:\Users\Sandra PC\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Facebook Update] "C:\Users\Sandra PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Viber] "C:\Users\Sandra PC\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [wdbraz_certm] C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Minecraft_Backup\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\SANDRA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK -
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{145B3BE3-01EC-4940-93C9-5D0CDBBBBFD5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1A2C9087-1BA4-41F0-93C0-9B6EB1D66BF7} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{3DDEA71E-3524-42B4-AFDA-6EF94BB76F0B} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{84F92783-B0EB-468E-8859-C706B026BA54} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{99B27A53-EFEC-4071-ABE3-170FDFE4510F} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{A319FD79-B68E-480E-BD2C-80725F893A17} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{CCFB85AD-B026-4A2D-AB80-EFFC3ADAEC56} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{CCFB85AD-B026-4A2D-AB80-EFFC3ADAEC56}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DBFDDA93-9844-4C5C-B68A-397AED813524} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{DEF26975-B15A-4014-9692-9FA6F87544DA} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{F004D36B-2739-46CB-8ECC-33835B4D9B16} : DHCPNameServer = 200.204.0.10 200.204.0.138
TCP: Interfaces\{F87A7DE9-A268-42F5-9111-F6742D054F71} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FC916C2B-0EA0-4DC7-9AB1-23BCCB80E23B} : DHCPNameServer = 200.204.0.10 200.204.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = www.google.com
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [CertificateRegistration] aetcrss1.exe
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sandra PC\AppData\Roaming\Mozilla\Firefox\Profiles\xwkprhfb.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Sandra PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Sandra PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Sandra PC\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Sandra PC\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
FF - plugin: C:\Users\Sandra PC\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-11-20 283064]
R2 aksdf;aksdf;C:\Windows\System32\Drivers\aksdf.sys [2014-5-6 71040]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-11-2 558904]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Minecraft_Backup\hamachi-2.exe -s --> C:\Minecraft_Backup\hamachi-2.exe -s [?]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2014-4-2 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-2 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-13 16941856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-4-2 411936]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-18 5052224]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-11-13 27768]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\Drivers\hitmanpro37.sys [2014-11-24 43664]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2014-4-2 39200]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 Warsaw_PP;Warsaw Protector;C:\PROGRA~2\GbPlugin\wsftprp64.sys [2014-11-2 24792]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\Drivers\athrxusb.sys [2014-11-13 1037312]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\Drivers\athurx.sys [2010-1-6 1847296]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\Drivers\netr7364.sys [2012-6-2 729152]
S3 SWDUMon;SWDUMon;C:\Windows\System32\Drivers\SWDUMon.sys [2013-11-13 16152]
S3 SydexFDD;Sydex Diskette Driver;C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS [2014-10-20 13359]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2013-11-13 2206864]
S3 vmbusr;Provedor de Barramento de Máquina Virtual;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S4 WDBrazMonitor34;Watchdata CCID Moniter v3.4;C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [2013-9-1 75680]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-11-24 13:28:26    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3CDFED97-B701-4E9A-B193-AD7883F42DA3}\mpengine.dll
2014-11-24 12:07:19    43664    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-11-24 12:06:01    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-24 01:21:42    --------    d-----w-    C:\AdwCleaner
2014-11-23 23:16:23    --------    d-----w-    C:\Users\Sandra PC\fontconfig
2014-11-23 23:12:40    --------    d-----w-    C:\Program Files (x86)\PS3 Media Server
2014-11-23 22:48:14    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-23 22:47:48    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-23 22:47:48    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-23 22:47:48    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-23 22:47:48    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 15:36:55    11578928    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-22 12:12:21    --------    d-----w-    C:\ProgramData\fonojgoolhlbpacopnihkoehbjomlled
2014-11-15 16:41:05    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-11-13 22:04:31    1037312    ----a-w-    C:\Windows\System32\drivers\athrxusb.sys
2014-11-03 20:12:12    46136    ---ha-w-    C:\Windows\System32\drivers\Hamdrv.sys
2014-10-31 16:58:27    --------    d-----w-    C:\Users\Sandra PC\AppData\Roaming\Serpro
2014-10-27 15:34:40    17801    ----a-w-    C:\Windows\SysWow64\drivers\AegisP.sys
2014-10-27 15:34:27    --------    d-----w-    C:\Windows\SysWow64\YingInstall
2014-10-27 15:34:26    --------    d-----w-    C:\Program Files\108M USB
.
==================== Find3M  ====================
.
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-24 12:12:11    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-18 21:46:26    4216840    ----a-w-    C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
.
============= FINISH: 11:32:36,82 ===============

 

 

gmer.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara Sandra Veiga

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Faça o download do Zoek e salve em seu Desktop
  • Abra o seu Bloco de Notas e copie (control + c), cole (control + v) todo o texto abaixo:
standardsearch;torpigcheck;silentrunners;installedprogs;msconfigcheck;shortcutfix;emptyfolderscheck;delete;srinfo;emptyalltemp;
  • Salve este arquivo como: zoekscript.txt e feche-o.
Desative TODOS os programas de prevenção (antivírus, antispyware).
Tal com exemplificado na animação abaixo, arraste o arquivo zoekscript.txt para dentro do Zoek.exe.
51dd31d8563a6-output_TD9fmK.gif
Na janela que aparecer clique em Sim.
Quando o scan terminar irá gerar um log.
Poste todo o conteúdo desse log.
Caso o log fique muito grande coloque no anexo.

 

Observação:
Aprove qualquer alerta do
Controle da Conta de Usuário (UAC)
para permitir a execução desta ferramenta.

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde. Eu já consegui remover o buynsave do chrome. Eu fiz o seguinte, criei um novo usuário nas configurações do chrome e depois deletei o antigo usuário. Não sei é se ficou algum rastro!

 

Sigo na mesma o seu procedimento ou faço outro?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom dia
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8 Pro x64
Ran by Sandra PC on 30/11/2014 at 12:11:48,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\Sandra PC\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Users\Sandra PC\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Sandra PC\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Sandra PC\AppData\Roaming\mozilla\firefox\profiles\xwkprhfb.default\minidumps [26 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/11/2014 at 12:15:33,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v4.102 - Relatório criado 30/11/2014 às 12:28:18
# Atualizado 23/11/2014 por Xplode
# Database : 2014-11-27.1 [Live]
# Sistema Operacional : Windows 8 Pro  (64 bits)
# Usuário : Sandra PC - SANDRA
# Executando de : C:\Users\Sandra PC\Downloads\adwcleaner_4.102.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Deletada : C:\Users\Sandra PC\Desktop\Uninstall.exe
 
***** [ Tarefas ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v10.0.9200.16384
 
 
-\\ Mozilla Firefox v32.0.3 (x86 pt-BR)
 
 
-\\ Google Chrome v39.0.2171.65
 
 
*************************
 
AdwCleaner[R0].txt - [10957 octets] - [23/11/2014 23:21:51]
AdwCleaner[R1].txt - [912 octets] - [25/11/2014 16:03:07]
AdwCleaner[R2].txt - [1031 octets] - [30/11/2014 12:26:35]
AdwCleaner[s0].txt - [10268 octets] - [23/11/2014 23:49:15]
AdwCleaner[s1].txt - [949 octets] - [30/11/2014 12:28:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1008 octets] ##########
 
 
 
zoek em anexo
 
Obrigada
 
Sandra
 

 

zoek-results.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara Sandra Veiga

 

Novamente com o Zoek
  • Abra o seu Bloco de Notas e copie (control + c), cole (control + v) todo o texto abaixo:
C:\Windows\Sysnative\Tasks\Trojan Remover;fC:\Program Files\Loaris\Trojan Remover;fcreatesrpoint;
  • Salve este arquivo como: zoekscript.txt e feche-o.
Desative TODOS os programas de prevenção (antivírus, antispyware).
Tal com exemplificado na animação abaixo, arraste o arquivo zoekscript.txt para dentro do Zoek.exe.
51dd31d8563a6-output_TD9fmK.gif
Na janela que aparecer clique em Yes.
Quando o scan terminar irá gerar um log.
Poste todo o conteúdo desse log.
Caso o log fique muito grande coloque no anexo.

 

Observação:
Aprove qualquer alerta do
Controle da Conta de Usuário (UAC)
para permitir a execução desta ferramenta.

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×