Ir ao conteúdo
  • Cadastre-se
Vitor Nascimento

Notebook com suspeita de virus e firefox e chrome consumindo muitos recursos

Recommended Posts

Olá...o GMER não rodou nem no modo de segurança...

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385
Run by Vitor at 22:51:02 on 2014-12-03
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.3980.2190 [GMT -3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Vitor\Desktop\PROCEDIMENTOS Clube do Hardware\ANÁLISE E REMOÇÃO DE PRAGAS\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [Facebook Update] "C:\Users\Vitor\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 177.152.88.254 177.152.88.254
TCP: Interfaces\{6F44E401-7181-42C3-BF8D-0F599B1B903E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B25F3787-4557-4D4D-9D2C-2BFDF92DA591} : DHCPNameServer = 177.152.88.254 177.152.88.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\rqluiau2.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2014-10-26 19224]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2014-10-26 331264]
R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2014-10-26 356632]
R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2014-10-26 789272]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2014-10-26 1860672]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-10-26 292456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-10-26 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 125584]
S3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
.
=============== Created Last 30 ================
.
2014-12-04 00:39:25 -------- d-----w- C:\Users\Vitor\dwhelper
2014-12-04 00:33:03 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-04 00:33:03 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-03 09:49:05 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2BAE1F60-0001-48E2-91F0-2D66E455C7C5}\gapaengine.dll
2014-12-03 09:47:49 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86CD42C4-28AF-4114-B0A0-517757073642}\mpengine.dll
2014-12-02 00:05:27 -------- d-----w- C:\Windows\AutoKMS
2014-12-02 00:05:01 151552 ----a-w- C:\Windows\KMSEmulator.exe
2014-12-01 12:44:37 11632448 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-30 02:29:39 -------- d-----w- C:\Users\Vitor\AppData\Local\Facebook
2014-11-26 20:21:25 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2014-11-26 20:21:25 410624 ----a-w- C:\Windows\SysWow64\systemcpl.dll
2014-11-26 20:21:25 2048 ----a-w- C:\Windows\SysWow64\winver.exe
2014-11-26 20:21:25 1536 ----a-w- C:\Windows\SysWow64\sppcomapi.dll
2014-11-26 20:21:25 113543 ----a-w- C:\Windows\SysWow64\slmgr.vbs
2014-11-21 10:21:10 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D26762D2-37CB-4963-A854-27CC8374FB34}\gapaengine.dll
2014-11-13 02:13:06 -------- d-----w- C:\Users\Vitor\AppData\Local\Apps
2014-11-13 02:13:05 -------- d-----w- C:\Users\Vitor\AppData\Local\Deployment
2014-11-11 22:26:00 74864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-11-11 22:26:00 48240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-11-11 22:26:00 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-11-11 22:26:00 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
.
==================== Find3M  ====================
.
2014-11-01 23:12:57 2829 ----a-w- C:\Windows\War3Unin.pif
2014-11-01 23:12:57 139264 ----a-w- C:\Windows\War3Unin.exe
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:51:46,48 ===============
 
===
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 26/10/2014 10:50:35
System Uptime: 03/12/2014 07:17:43 (15 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | X45C
Processor: Intel® Core i3-2328M CPU @ 2.20GHz | SOCKET 0 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 169 GiB total, 18,879 GiB free.
D: is FIXED (NTFS) - 297 GiB total, 25,416 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Controlador de comunicação PCI simples
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_15671043&REV_04\3&11583659&0&B0
Manufacturer: 
Name: Controlador de comunicação PCI simples
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_15671043&REV_04\3&11583659&0&B0
Service: 
.
==== System Restore Points ===================
.
RP21: 21/11/2014 07:18:59 - Windows Update
RP22: 25/11/2014 06:50:08 - Windows Update
RP23: 28/11/2014 13:24:30 - Windows Update
RP24: 03/12/2014 06:46:37 - Windows Update
RP25: 03/12/2014 20:56:58 - Removed Facebook Video Calling 3.1.0.521
.
==== Installed Programs ======================
.
Adobe Flash Player 15 Plugin
Adobe Reader 9.5.5
µTorrent
CCleaner
Garena+
Google Chrome
Google Update Helper
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® USB 3.0 eXtensible Host Controller Driver
K-Lite Mega Codec Pack 8.0.0
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 33.1 (x86 en-US)
Nero 8 Micro 8.3.2.1
Ralink RT2860 Wireless LAN Card
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype Click to Call
Skype™ 6.21
VLC media player 2.0.7
Warcraft III
Warcraft III: All Products
WinRAR 4.11 (32-bit)
.
==== End Of File ===========================
 
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá @Vitor Nascimento

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

1)

 

Baixe o AdwCleaner e salve no desktop.
https://toolslib.net/downloads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

2)

 

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes....am-download.php

Dê um duplo-clique no mbam-setup.exe, para a instalação.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware (se houver) e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
  • Ainda na tela de Configurações, clique em Detecção e proteção, marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados):, selecione Tratar detecções como malware.
  • Clique em Verificar em seguida Verificar ameaça por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver ítens encontrados, clique no botão Mover todos para a Quarentena..
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa. Utilize o formato .txt para exportar o log.
  • Anexe o log na sua próxima resposta..

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Baixe o Farbar Recovery Scan Tool e salve na sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!!!


Oi..estou com problema para anexar o outro..vai a primeira parte..

 

parte 1

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
Ran by Vitor (administrator) on VITOR-PC on 06-12-2014 19:08:37
Running from C:\Users\Vitor\Desktop
Loaded Profile: Vitor (Available profiles: Vitor)
Platform: Windows 7 Ultimate (X64) OS Language: Português (Brasil)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1463696317-3247961898-2279208713-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9974576 2014-10-27] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1463696317-3247961898-2279208713-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1463696317-3247961898-2279208713-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1EC9E78A650FD001
HKU\S-1-5-21-1463696317-3247961898-2279208713-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 177.152.88.254 177.152.88.254
 
FireFox:
========
FF ProfilePath: C:\Users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\rqluiau2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\rqluiau2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-03]

Parte 2

 

ult
CHR Extension: (Google Apresentações) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25]
CHR Extension: (Google Docs) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (YouTube) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Pesquisa do Google) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (Planilhas do Google) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Gmail) - C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-11-01] () [File not signed]
U3 ae6ea1il; C:\Windows\System32\Drivers\ae6ea1il.sys [0 ] (Microsoft Corporation)
R3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 19:08 - 2014-12-06 19:09 - 00009876 _____ () C:\Users\Vitor\Desktop\FRST.txt
2014-12-06 19:07 - 2014-12-06 19:08 - 00000000 ____D () C:\FRST
2014-12-06 18:48 - 2014-12-06 18:49 - 02119168 _____ (Farbar) C:\Users\Vitor\Desktop\FRST64.exe
2014-12-06 18:44 - 2014-12-06 18:44 - 00348083 _____ () C:\Users\Vitor\Desktop\TWD-S04-720-DUAL.rar
2014-12-05 12:45 - 2014-12-05 12:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 12:45 - 2014-12-05 12:45 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-05 12:45 - 2014-12-05 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 12:45 - 2014-12-05 12:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 12:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 12:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 12:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 12:29 - 2014-12-05 12:33 - 00000000 ____D () C:\AdwCleaner
2014-12-05 12:29 - 2014-12-05 12:29 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-03 21:39 - 2014-12-03 21:40 - 00000000 ____D () C:\Users\Vitor\dwhelper
2014-12-03 21:33 - 2014-12-06 18:39 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 21:33 - 2014-12-03 21:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-03 21:33 - 2014-12-03 21:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-03 21:33 - 2014-12-03 21:33 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 21:23 - 2014-12-05 13:49 - 00000000 ____D () C:\Users\Vitor\Desktop\PROCEDIMENTOS Clube do Hardware
2014-12-01 21:05 - 2014-12-06 06:58 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-12-01 21:05 - 2014-12-06 06:58 - 00002984 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-01 21:05 - 2014-12-06 06:58 - 00000294 _____ () C:\Windows\Tasks\AutoKMS.job
2014-12-01 21:05 - 2014-12-01 21:07 - 00000000 ____D () C:\Windows\AutoKMS
2014-11-30 21:32 - 2014-11-30 21:32 - 00000000 ____D () C:\Users\Vitor\Desktop\CARTÃO hyper
2014-11-29 23:29 - 2014-12-04 08:34 - 00000000 ____D () C:\Users\Vitor\AppData\Local\Facebook
2014-11-28 13:23 - 2014-11-28 13:23 - 00001067 _____ () C:\Users\Public\Desktop\Garena+.lnk
2014-11-28 13:23 - 2014-11-28 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-11-27 12:56 - 2014-12-06 06:57 - 00001268 _____ () C:\Windows\PFRO.log
2014-11-27 12:56 - 2014-12-06 06:57 - 00000952 _____ () C:\Windows\setupact.log
2014-11-27 12:56 - 2014-11-27 12:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-26 17:21 - 2014-11-26 17:21 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-26 17:21 - 2014-11-26 17:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2014-11-26 17:21 - 2014-11-26 17:21 - 00113543 _____ () C:\Windows\SysWOW64\slmgr.vbs
2014-11-26 17:21 - 2014-11-26 17:21 - 00002048 _____ () C:\Windows\SysWOW64\winver.exe
2014-11-26 17:21 - 2014-11-26 17:21 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2014-11-25 21:50 - 2014-11-25 21:50 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 21:50 - 2014-11-25 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-25 21:47 - 2014-12-06 18:52 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 21:47 - 2014-12-06 06:58 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 21:47 - 2014-11-25 21:47 - 00004062 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-25 21:47 - 2014-11-25 21:47 - 00003810 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 14:04 - 2014-11-16 14:04 - 00000000 _____ () C:\Users\Vitor\Desktop\Temp 3 Ep 13.txt
2014-11-15 19:49 - 2014-11-15 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-15 19:48 - 2014-11-15 19:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-15 19:48 - 2014-11-15 19:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-12 23:13 - 2014-11-25 21:47 - 00000000 ____D () C:\Users\Vitor\AppData\Local\Deployment
2014-11-12 23:13 - 2014-11-12 23:13 - 00000000 ____D () C:\Users\Vitor\AppData\Local\Apps\2.0
2014-11-12 06:38 - 2014-11-12 06:38 - 00000043 _____ () C:\Users\Vitor\Desktop\aerobica.txt
2014-11-11 19:25 - 2014-11-11 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 16:53 - 2014-11-11 16:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-11 16:50 - 2014-11-11 16:50 - 24656704 _____ (Mozilla) C:\Users\Vitor\Downloads\FirefoxSetup [1].exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-06 19:08 - 2014-10-26 11:49 - 00000000 ____D () C:\FOTOS
2014-12-06 18:38 - 2014-10-26 10:44 - 01543333 _____ () C:\Windows\WindowsUpdate.log
2014-12-06 18:37 - 2014-10-26 20:02 - 00045270 _____ () C:\Users\Vitor\AppData\Roaming\room_v3.dat
2014-12-06 18:36 - 2014-11-01 20:05 - 00000000 ____D () C:\Program Files (x86)\Warcraft III - The Frozen Throne
2014-12-06 16:45 - 2014-10-27 18:35 - 00000000 ____D () C:\Users\Vitor\AppData\Roaming\Skype
2014-12-06 09:53 - 2014-10-27 18:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-06 09:53 - 2014-10-27 18:35 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-12-06 09:53 - 2014-10-27 18:35 - 00000000 ____D () C:\ProgramData\Skype
2014-12-06 07:12 - 2014-10-26 17:59 - 00000000 ____D () C:\Users\Vitor\AppData\Roaming\GarenaPlus
2014-12-06 07:12 - 2014-10-26 17:42 - 00000000 ____D () C:\Users\Todos os Usuários\GarenaMessenger
2014-12-06 07:12 - 2014-10-26 17:42 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-12-06 07:05 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 07:05 - 2009-07-14 01:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 06:58 - 2014-10-26 17:42 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-12-06 06:58 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 07:37 - 2014-10-28 16:05 - 00000000 ____D () C:\Users\Vitor\AppData\Roaming\vlc
2014-12-03 21:39 - 2014-10-26 10:50 - 00000000 ____D () C:\Users\Vitor
2014-12-03 21:36 - 2014-10-26 17:14 - 00000000 ____D () C:\Users\Vitor\AppData\Local\Adobe
2014-12-03 20:57 - 2014-11-01 15:13 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-03 06:40 - 2009-07-14 14:55 - 00663804 _____ () C:\Windows\system32\prfh0416.dat
2014-12-03 06:40 - 2009-07-14 14:55 - 00128094 _____ () C:\Windows\system32\prfc0416.dat
2014-12-03 06:40 - 2009-07-14 02:13 - 01517030 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 22:40 - 2014-10-26 12:30 - 00000000 ____D () C:\PESSOAL
2014-11-25 21:50 - 2014-10-26 17:13 - 00000000 ____D () C:\Users\Vitor\AppData\Local\Google
2014-11-25 21:50 - 2014-10-26 17:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-18 07:05 - 2014-11-03 06:18 - 00000000 ____D () C:\Users\Vitor\AppData\Roaming\Media Player Classic
2014-11-17 13:16 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\IME
2014-11-17 08:03 - 2014-11-01 18:22 - 00000000 ____D () C:\Users\Vitor\AppData\Roaming\DAEMON Tools Lite
2014-11-17 08:03 - 2014-11-01 15:07 - 00000000 ____D () C:\Users\Vitor\AppData\Roaming\uTorrent
2014-11-17 07:31 - 2014-10-26 17:13 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-17 07:31 - 2014-10-26 17:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-11 16:44 - 2014-10-26 10:51 - 00001423 _____ () C:\Users\Vitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
 
Some content of TEMP:
====================
C:\Users\Vitor\AppData\Local\Temp\Quarantine.exe
C:\Users\Vitor\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 06:57
 
==================== End Of Log ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o anexo deste post e salve-o no desktop.

Execute o FRST64.exe e clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Anexe o log na sua próxima resposta.

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

"Execute o FRST64.exe e clique no botão Fix"?

 

Eu apaguei o txt chamado FRSR64, e agora? tem que rodar novamente o Farbar? E depois renomeio o FRS64 para .exe?
Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

"Execute o FRST64.exe e clique no botão Fix"?

 

Eu apaguei o txt chamado FRSR64, e agora? tem que rodar novamente o Farbar? E depois renomeio o FRS64 para .exe?

Obrigado

 

 

Baixe novamente o FRST64.exe e salve na sua área de trabalho.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Baixe o anexo desse post e salve na área de trabalho.

http://forum.clubedohardware.com.br/topic/1095294-notebook-com-suspeita-de-virus-e-firefox-e-chrome-consumindo-muitos-recursos/#entry6007476

 

Execute o FRST64.exe, e quando a ferramenta abrir, clique no botão Fix.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

1)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Anexe o log na sua próxima resposta.

2)

 

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
 
Baixe 51a612a8b27e2-zoek.png Zoek.exe (por Smeenk) e salve na sua área de trabalho.
 
Execute o arquivo Zoek.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em execadmin.png.

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar.

process;systemspecs;startupall;filesrcm;firefoxlook;chromelook;skipfix-iedefaults;drivers-services-list;fakechrprofiles;

Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Clique [Run Script]

Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

Uma cópia também será salva no seu disco local com o nome zoek-results.txt

Anexe o zoek-results.txt na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá estou mandando em anexo os logs. Também um print da tela no momento da execução do Zoek, creio eu que o mozilla está anormal, meu notebook é razoavelmente bom, e com 3 abas do mozilla abertas, já vejo que ele fica mais lento. Valeu

JRT.txt

zoek-results.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
 
Execute o arquivo Zoek.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em execadmin.png.

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar.

emptyclsid;resetieproxy;ffdefaults;msconfigcheck;autoclean;resethosts;shortcutfix;systemspecs;chrdefaults;

Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Clique [Run Script]

Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

Uma cópia também será salva no seu disco local com o nome zoek-results.txt

Anexe o zoek-results.txt na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporiariamente seu AntiVirus


  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.

  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque a caixa 'Enable detection of potentially unwanted applications"
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque também as caixas :
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Anexe o log Salvo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Para finalizar:
 
# Etapa nº 1 #


Baixe o Delfix by Xplode e salve na sua área de trabalho.

Dê dois cliques no delfix.exe para executá-lo. Marque as caixas conforme imagem.

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

2mez6ld.png

Clique no botão Executar.

Ao final será gerado um log, mas não é necessário postar.

 

# Etapa nº 2 #

 

Atualize o Java.
 
Atenção: Desinstale TODAS as versões antigas do Java.

  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

 
# Etapa nº 3 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner

 

IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!

  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...

Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!
<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços. thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado pelos procedimentos, tenho certeza que meu notebook está bem melhor, só que o Firefox continua usando muito recurso, creio que o problema seja ele, vou deixá-lo de mão. Muito agradecido!!
ABraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema resolvido!

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×