Ir ao conteúdo
  • Cadastre-se
alex_kazuo

Navegaki infestando navegadores

Recommended Posts

Pessoal, um tal de navegaki infestou meus navegadores.

 

Vi que já possuem outros tópicos no site ensinado a tirá-lo. Caso possa usá-los, favor me mandar o link. Porém em todos os tópicos vejo a mensagem para usar aquelas instruções somente no computador de quem postou o tópico.

 

Segue o log:

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá @alex_kazuo

 

Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Alguma dificuldade em anexar o log?

 

1)

 

Faça o download do Farbar Service Scanner e salve em seu Desktop
 

  • Marque as caixas:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Clique em Scan
  • Será criado um log (FSS.txt) no Desktop
  • Anexe o do log em sua próxima resposta.

2)

 

Baixe o RogueKiller e salve em sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique no botão Scan e aguarde o exame finalizar.

Clique no botão Relatório. Abrirá um bloco de notas com informações.

Anexe-o na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os itens antes de fazer isso.

 

 

3)

 

Baixe MbrScan.exe by Eric_71 > salve no desktop.

 

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

 

Selecione, copie e cole o seu conteúdo na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

Segue o log do farbar:

 

Farbar Service Scanner Version: 17-01-2015
Ran by Kazuo (administrator) on 17-06-2015 at 20:14:49
Running from "C:\Users\Kazuo\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do roguekiller:

RogueKiller V10.8.4.0 (x64) [Jun 15 2015] por Adlice Software
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Kazuo [Administrador]
Started from : C:\Users\Kazuo\Desktop\RogueKillerX64.exe
Modo : Escanear -- Data : 06/17/2015  20:39:08
 
¤¤¤ Processos : 16 ¤¤¤
[suspicious.Path|VT.Trojan/Win32.BTSGeneric] ntsvc.exe(452) -- C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe[7] VT(10) -> Interrompido [TermProc]
[suspicious.Path|VT.PUP.Optional.Tuto4PC.A] upgmsd_br_002030002.exe(3300) -- C:\Users\Kazuo\AppData\Local\gmsd_br_002030002\upgmsd_br_002030002.exe[7] VT(35) -> Interrompido [TermProc]
[VT.Unknown] updater.exe(248) -- C:\Program Files (x86)\Common Files\10d68142-4184-4238-be73-f262bcead1ff\updater.exe[7] -> Interrompido [TermProc]
[VT.PUP.Optional.Tuto4PC.A] gmsd_br_002030002.exe(4476) -- C:\Program Files (x86)\gmsd_br_002030002\gmsd_br_002030002.exe[7] VT(32) -> Interrompido [TermProc]
[suspicious.Path|VT.Unknown] plugincontainer.exe(5828) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe[7] -> Interrompido [TermProc]
[suspicious.Path|VT.Unknown] Plugin.exe(5240) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\2\plugin.exe[7] -> Interrompido [TermThr]
[suspicious.Path|VT.Unknown] Plugin.exe(4840) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\3\plugin.exe[7] -> Interrompido [TermThr]
[suspicious.Path|VT.Unknown] Plugin.exe(4484) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\5\plugin.exe[7] -> Interrompido [TermThr]
[suspicious.Path|VT.Unknown] Plugin.exe(824) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\8\plugin.exe[7] -> Interrompido [TermThr]
[VT.PUP.Optional.Clara.A] ClaraUpdater.exe(1480) -- C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe[7] VT(6) -> Interrompido [TermProc]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(6028) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermProc]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(5988) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(4340) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(6772) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(5836) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(2684) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
 
¤¤¤ Registro : 20 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Encontrado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Encontrado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Encontrado
[VT.PUP.Optional.Tuto4PC.A] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | gmsd_br_002030002 : "C:\Program Files (x86)\gmsd_br_002030002\gmsd_br_002030002.exe" [7] -> Encontrado
[PUP|VT.PUP.Optional.Clara.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ClaraUpdater (C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe) -> Encontrado
[PUP|Suspicious.Path|VT.Trojan/Win32.BTSGeneric] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sed (C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe) -> Encontrado
[suspicious.Path|VT.PUP.Optional.CommonDots.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service Mgr CommonDots ("C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe") -> Encontrado
[PUP|VT.PUP.Optional.Clara.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClaraUpdater (C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe) -> Encontrado
[PUP|Suspicious.Path|VT.Trojan/Win32.BTSGeneric] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sed (C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe) -> Encontrado
[suspicious.Path|VT.PUP.Optional.CommonDots.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service Mgr CommonDots ("C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe") -> Encontrado
[PUP|Suspicious.Path|VT.Trojan/Win32.BTSGeneric] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sed (C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe) -> Encontrado
[suspicious.Path|VT.PUP.Optional.CommonDots.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service Mgr CommonDots ("C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe") -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38EC3BD6-63B6-417F-BDE7-B8DF4C91010C} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A02115C-93DD-4395-99E1-2CE5737E5389} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38EC3BD6-63B6-417F-BDE7-B8DF4C91010C} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A02115C-93DD-4395-99E1-2CE5737E5389} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{38EC3BD6-63B6-417F-BDE7-B8DF4C91010C} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
 
¤¤¤ Tarefas : 3 ¤¤¤
[suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] Chromium.job -- C:\Users\Kazuo\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Encontrado
[suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] \\Chromium -- C:\Users\Kazuo\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Encontrado
[PUP|VT.PUP.Optional.Clara.A] \\Run_Bobby_Browser -- "C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe" (--no-startup-window) -> Encontrado
 
¤¤¤ Arquivos : 0 ¤¤¤
 
¤¤¤ Arquivos de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
 
¤¤¤ Navegadores : 0 ¤¤¤
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MJA2500BH G2 +++++
--- User ---
[MBR] 67fc8dfc28eaaee3ec388938896fc9ed
[bSP] b8e10e5b31ca224e6a3bebc9df47974a : Unknown MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2048 | Size: 1536 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3147776 | Size: 237568 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 489687040 | Size: 227593 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 955797504 | Size: 10241 MB
User = LL1 ... OK
User = LL2 ... OK

Segue o log do Roguekiller:

 

RogueKiller V10.8.4.0 (x64) [Jun 15 2015] por Adlice Software
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : Kazuo [Administrador]
Started from : C:\Users\Kazuo\Desktop\RogueKillerX64.exe
Modo : Escanear -- Data : 06/17/2015  20:39:08
 
¤¤¤ Processos : 16 ¤¤¤
[suspicious.Path|VT.Trojan/Win32.BTSGeneric] ntsvc.exe(452) -- C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe[7] VT(10) -> Interrompido [TermProc]
[suspicious.Path|VT.PUP.Optional.Tuto4PC.A] upgmsd_br_002030002.exe(3300) -- C:\Users\Kazuo\AppData\Local\gmsd_br_002030002\upgmsd_br_002030002.exe[7] VT(35) -> Interrompido [TermProc]
[VT.Unknown] updater.exe(248) -- C:\Program Files (x86)\Common Files\10d68142-4184-4238-be73-f262bcead1ff\updater.exe[7] -> Interrompido [TermProc]
[VT.PUP.Optional.Tuto4PC.A] gmsd_br_002030002.exe(4476) -- C:\Program Files (x86)\gmsd_br_002030002\gmsd_br_002030002.exe[7] VT(32) -> Interrompido [TermProc]
[suspicious.Path|VT.Unknown] plugincontainer.exe(5828) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe[7] -> Interrompido [TermProc]
[suspicious.Path|VT.Unknown] Plugin.exe(5240) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\2\plugin.exe[7] -> Interrompido [TermThr]
[suspicious.Path|VT.Unknown] Plugin.exe(4840) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\3\plugin.exe[7] -> Interrompido [TermThr]
[suspicious.Path|VT.Unknown] Plugin.exe(4484) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\5\plugin.exe[7] -> Interrompido [TermThr]
[suspicious.Path|VT.Unknown] Plugin.exe(824) -- C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugins\8\plugin.exe[7] -> Interrompido [TermThr]
[VT.PUP.Optional.Clara.A] ClaraUpdater.exe(1480) -- C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe[7] VT(6) -> Interrompido [TermProc]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(6028) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermProc]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(5988) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(4340) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(6772) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(5836) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
[PUP|VT.PUP.Optional.Clara.A] bobrowser.exe(2684) -- C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe[7] VT(7) -> Interrompido [TermThr]
 
¤¤¤ Registro : 20 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Encontrado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Encontrado
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} (C:\ProgramData\Partner\Partner64.dll) -> Encontrado
[VT.PUP.Optional.Tuto4PC.A] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | gmsd_br_002030002 : "C:\Program Files (x86)\gmsd_br_002030002\gmsd_br_002030002.exe" [7] -> Encontrado
[PUP|VT.PUP.Optional.Clara.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ClaraUpdater (C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe) -> Encontrado
[PUP|Suspicious.Path|VT.Trojan/Win32.BTSGeneric] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sed (C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe) -> Encontrado
[suspicious.Path|VT.PUP.Optional.CommonDots.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Service Mgr CommonDots ("C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe") -> Encontrado
[PUP|VT.PUP.Optional.Clara.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClaraUpdater (C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe) -> Encontrado
[PUP|Suspicious.Path|VT.Trojan/Win32.BTSGeneric] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sed (C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe) -> Encontrado
[suspicious.Path|VT.PUP.Optional.CommonDots.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service Mgr CommonDots ("C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe") -> Encontrado
[PUP|Suspicious.Path|VT.Trojan/Win32.BTSGeneric] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sed (C:\Users\Kazuo\AppData\Roaming\ntsvc\ntsvc.exe) -> Encontrado
[suspicious.Path|VT.PUP.Optional.CommonDots.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service Mgr CommonDots ("C:\ProgramData\10d68142-4184-4238-be73-f262bcead1ff\plugincontainer.exe") -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38EC3BD6-63B6-417F-BDE7-B8DF4C91010C} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A02115C-93DD-4395-99E1-2CE5737E5389} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38EC3BD6-63B6-417F-BDE7-B8DF4C91010C} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A02115C-93DD-4395-99E1-2CE5737E5389} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{38EC3BD6-63B6-417F-BDE7-B8DF4C91010C} | DhcpNameServer : 189.6.0.74 189.6.0.79 201.6.4.116 [(Unknown Country?) (XX)][(Unknown Country?) (XX)][-]  -> Encontrado
 
¤¤¤ Tarefas : 3 ¤¤¤
[suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] Chromium.job -- C:\Users\Kazuo\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Encontrado
[suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] \\Chromium -- C:\Users\Kazuo\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Encontrado
[PUP|VT.PUP.Optional.Clara.A] \\Run_Bobby_Browser -- "C:\Users\Kazuo\AppData\Local\BoBrowser\Application\bobrowser.exe" (--no-startup-window) -> Encontrado
 
¤¤¤ Arquivos : 0 ¤¤¤
 
¤¤¤ Arquivos de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
 
¤¤¤ Navegadores : 0 ¤¤¤
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MJA2500BH G2 +++++
--- User ---
[MBR] 67fc8dfc28eaaee3ec388938896fc9ed
[bSP] b8e10e5b31ca224e6a3bebc9df47974a : Unknown MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2048 | Size: 1536 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3147776 | Size: 237568 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 489687040 | Size: 227593 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 955797504 | Size: 10241 MB
User = LL1 ... OK
User = LL2 ... OK

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do Mbr Scan:

 

MBRScan v1.1.1 OS             : Windows 7 Service Pack 1 (64 bit)PROCESSOR      : Intel64 Family 6 Model 37 Stepping 2, GenuineIntelBOOT           : Normal BootDATE           : 2015/06/17 (ISO 8601) at 23:05:46________________________________________________________________________________ Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> Unknown MBR Code ==> PARTITION TABLE FAKED !! MBR_MD5   : 67FC8DFC28EAAEE3EC388938896FC9EDMBR_SHA1  : 3A6C84461C0F68964885AD0326068EDECCC28E8D Device\Harddisk0\Partition1 1.50 Go   0x12 Diagnostic Device\Harddisk0\Partition2 232.0 Go   0x07 NTFS / HPFS __ BOOTABLE __Device\Harddisk0\Partition3 222.3 Go   0x07 NTFS / HPFSDevice\Harddisk0\Partition4 10.00 Go   0x12 Diagnostic ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER  : C:\Windows\system32\hal.dll => Invisible on the diskADDRESS : 0x03210000SIZE    : 292.0 Ko DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the diskADDRESS : 0x00BB2000SIZE    : 40.0 Ko DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the diskADDRESS : 0x00CBC000SIZE    : 316.0 Ko DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the diskADDRESS : 0x00D1F000SIZE    : 376.0 Ko DRIVER  : C:\Windows\system32\CI.dll => Invisible on the diskADDRESS : 0x00EE6000SIZE    : 768.0 Ko DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the diskADDRESS : 0x00E00000SIZE    : 656.0 Ko DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the diskADDRESS : 0x00EA4000SIZE    : 60.0 Ko DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the diskADDRESS : 0x00FA6000SIZE    : 348.0 Ko DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the diskADDRESS : 0x00EB3000SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the diskADDRESS : 0x00EBC000SIZE    : 40.0 Ko DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the diskADDRESS : 0x00D7D000SIZE    : 204.0 Ko DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the diskADDRESS : 0x00EC6000SIZE    : 52.0 Ko DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the diskADDRESS : 0x00DB0000SIZE    : 84.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the diskADDRESS : 0x00ED3000SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the diskADDRESS : 0x00DC5000SIZE    : 48.0 Ko DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the diskADDRESS : 0x00DD1000SIZE    : 84.0 Ko DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the diskADDRESS : 0x00C00000SIZE    : 368.0 Ko DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the diskADDRESS : 0x00C5C000SIZE    : 104.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the diskADDRESS : 0x0105E000SIZE    : 2.03 Mo DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the diskADDRESS : 0x01266000SIZE    : 44.0 Ko DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the diskADDRESS : 0x01271000SIZE    : 304.0 Ko DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the diskADDRESS : 0x012BD000SIZE    : 80.0 Ko DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the diskADDRESS : 0x0140B000SIZE    : 1.64 Mo DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the diskADDRESS : 0x012D1000SIZE    : 376.0 Ko DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the diskADDRESS : 0x015AE000SIZE    : 108.0 Ko DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the diskADDRESS : 0x0132F000SIZE    : 456.0 Ko DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the diskADDRESS : 0x015C9000SIZE    : 68.0 Ko DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the diskADDRESS : 0x015DA000SIZE    : 40.0 Ko DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the diskADDRESS : 0x016E2000SIZE    : 972.0 Ko DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the diskADDRESS : 0x01600000SIZE    : 384.0 Ko DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the diskADDRESS : 0x01660000SIZE    : 172.0 Ko DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the diskADDRESS : 0x01846000SIZE    : 2.02 Mo DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the diskADDRESS : 0x01A4A000SIZE    : 296.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\wd.sys => Invisible on the diskADDRESS : 0x01A94000SIZE    : 32.0 Ko DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the diskADDRESS : 0x01A9C000SIZE    : 304.0 Ko DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the diskADDRESS : 0x01AE8000SIZE    : 32.0 Ko DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the diskADDRESS : 0x01AF0000SIZE    : 232.0 Ko DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the diskADDRESS : 0x01B2A000SIZE    : 72.0 Ko DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the diskADDRESS : 0x01B3C000SIZE    : 36.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the diskADDRESS : 0x01B45000SIZE    : 232.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the diskADDRESS : 0x01B7F000SIZE    : 88.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the diskADDRESS : 0x01B95000SIZE    : 192.0 Ko DRIVER  : C:\Windows\System32\Drivers\aswVmm.sys => Invisible on the diskADDRESS : 0x01800000SIZE    : 276.0 Ko DRIVER  : C:\Windows\System32\Drivers\aswRvrt.sys => Invisible on the diskADDRESS : 0x01BC5000SIZE    : 76.0 Ko DRIVER  : C:\Windows\system32\drivers\cdrom.sys => Invisible on the diskADDRESS : 0x04301000SIZE    : 168.0 Ko DRIVER  : C:\Windows\system32\drivers\aswSnx.sys => Invisible on the diskADDRESS : 0x046EC000SIZE    : 1.02 Mo DRIVER  : C:\Windows\system32\drivers\aswSP.sys => Invisible on the diskADDRESS : 0x04600000SIZE    : 460.0 Ko DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the diskADDRESS : 0x04673000SIZE    : 36.0 Ko DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the diskADDRESS : 0x0467C000SIZE    : 28.0 Ko DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the diskADDRESS : 0x04683000SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the diskADDRESS : 0x04691000SIZE    : 148.0 Ko DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the diskADDRESS : 0x046B6000SIZE    : 64.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the diskADDRESS : 0x046C6000SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the diskADDRESS : 0x046CF000SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the diskADDRESS : 0x046D8000SIZE    : 36.0 Ko DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the diskADDRESS : 0x046E1000SIZE    : 44.0 Ko DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the diskADDRESS : 0x0432B000SIZE    : 68.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the diskADDRESS : 0x0433C000SIZE    : 136.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the diskADDRESS : 0x047F0000SIZE    : 52.0 Ko DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the diskADDRESS : 0x0435E000SIZE    : 548.0 Ko DRIVER  : C:\Windows\system32\drivers\aswRdr2.sys => Invisible on the diskADDRESS : 0x04000000SIZE    : 104.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the diskADDRESS : 0x0401A000SIZE    : 276.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the diskADDRESS : 0x0405F000SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the diskADDRESS : 0x04068000SIZE    : 152.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the diskADDRESS : 0x0408E000SIZE    : 88.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the diskADDRESS : 0x040A4000SIZE    : 60.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the diskADDRESS : 0x040B3000SIZE    : 108.0 Ko DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the diskADDRESS : 0x040CE000SIZE    : 80.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the diskADDRESS : 0x0168B000SIZE    : 324.0 Ko DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the diskADDRESS : 0x043E7000SIZE    : 48.0 Ko DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the diskADDRESS : 0x043F3000SIZE    : 44.0 Ko DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the diskADDRESS : 0x01BE6000SIZE    : 60.0 Ko DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the diskADDRESS : 0x017D5000SIZE    : 120.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the diskADDRESS : 0x015E4000SIZE    : 68.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the diskADDRESS : 0x013A1000SIZE    : 152.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the diskADDRESS : 0x01BF5000SIZE    : 20.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the diskADDRESS : 0x058A9000SIZE    : 11.16 Mo DRIVER  : C:\Windows\system32\DRIVERS\nvBridge.kmd => Invisible on the diskADDRESS : 0x063D2000SIZE    : 8.0 Ko DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the diskADDRESS : 0x04A81000SIZE    : 976.0 Ko DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the diskADDRESS : 0x04B75000SIZE    : 280.0 Ko DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the diskADDRESS : 0x04BBB000SIZE    : 144.0 Ko DRIVER  : C:\Windows\system32\drivers\usbehci.sys => Invisible on the diskADDRESS : 0x04BDF000SIZE    : 68.0 Ko DRIVER  : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the diskADDRESS : 0x04A00000SIZE    : 344.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\rtl8192se.sys => Invisible on the diskADDRESS : 0x04CB1000SIZE    : 1.03 Mo DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the diskADDRESS : 0x04DB9000SIZE    : 52.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\L1C62x64.sys => Invisible on the diskADDRESS : 0x04DC6000SIZE    : 84.0 Ko DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the diskADDRESS : 0x04DDB000SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the diskADDRESS : 0x04C00000SIZE    : 120.0 Ko DRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the diskADDRESS : 0x04C1E000SIZE    : 60.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the diskADDRESS : 0x04C2D000SIZE    : 292.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the diskADDRESS : 0x04C76000SIZE    : 8.0 Ko DRIVER  : C:\Windows\system32\drivers\mouclass.sys => Invisible on the diskADDRESS : 0x04C78000SIZE    : 60.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the diskADDRESS : 0x04C87000SIZE    : 88.0 Ko DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the diskADDRESS : 0x04C9D000SIZE    : 64.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the diskADDRESS : 0x04DE4000SIZE    : 88.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the diskADDRESS : 0x04A56000SIZE    : 144.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the diskADDRESS : 0x04BF0000SIZE    : 48.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the diskADDRESS : 0x05800000SIZE    : 188.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the diskADDRESS : 0x0582F000SIZE    : 108.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the diskADDRESS : 0x0584A000SIZE    : 132.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the diskADDRESS : 0x0586B000SIZE    : 104.0 Ko DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the diskADDRESS : 0x04DFA000SIZE    : 8.0 Ko DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the diskADDRESS : 0x01000000SIZE    : 268.0 Ko DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the diskADDRESS : 0x05885000SIZE    : 72.0 Ko DRIVER  : C:\Windows\system32\drivers\usbhub.sys => Invisible on the diskADDRESS : 0x04E9F000SIZE    : 360.0 Ko DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the diskADDRESS : 0x04EF9000SIZE    : 84.0 Ko DRIVER  : C:\Windows\system32\drivers\nvhda64v.sys => Invisible on the diskADDRESS : 0x04F0E000SIZE    : 96.0 Ko DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the diskADDRESS : 0x04F26000SIZE    : 244.0 Ko DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the diskADDRESS : 0x04F63000SIZE    : 136.0 Ko DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the diskADDRESS : 0x04F85000SIZE    : 24.0 Ko DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the diskADDRESS : 0x0680C000SIZE    : 1.94 Mo DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the diskADDRESS : 0x00000000SIZE    : 3.06 Mo DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the diskADDRESS : 0x06800000SIZE    : 48.0 Ko DRIVER  : C:\Windows\System32\Drivers\BTHUSB.sys => Invisible on the diskADDRESS : 0x04F8B000SIZE    : 96.0 Ko DRIVER  : C:\Windows\System32\Drivers\bthport.sys => Invisible on the diskADDRESS : 0x04E00000SIZE    : 560.0 Ko DRIVER  : C:\Windows\system32\drivers\usbccgp.sys => Invisible on the diskADDRESS : 0x04FA3000SIZE    : 116.0 Ko DRIVER  : C:\Windows\system32\drivers\hidusb.sys => Invisible on the diskADDRESS : 0x04FC0000SIZE    : 56.0 Ko DRIVER  : C:\Windows\system32\drivers\HIDCLASS.SYS => Invisible on the diskADDRESS : 0x04FCE000SIZE    : 100.0 Ko DRIVER  : C:\Windows\system32\drivers\HIDPARSE.SYS => Invisible on the diskADDRESS : 0x04FE7000SIZE    : 36.0 Ko DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the diskADDRESS : 0x040E2000SIZE    : 184.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the diskADDRESS : 0x04FF0000SIZE    : 52.0 Ko DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the diskADDRESS : 0x05897000SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the diskADDRESS : 0x0282F000SIZE    : 2.03 Mo DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the diskADDRESS : 0x02A37000SIZE    : 76.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\rfcomm.sys => Invisible on the diskADDRESS : 0x02A4A000SIZE    : 176.0 Ko DRIVER  : C:\Windows\system32\drivers\BthEnum.sys => Invisible on the diskADDRESS : 0x02A76000SIZE    : 64.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\bthpan.sys => Invisible on the diskADDRESS : 0x02A86000SIZE    : 128.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\btwavdt.sys => Invisible on the diskADDRESS : 0x02AA6000SIZE    : 492.0 Ko DRIVER  : C:\Windows\system32\drivers\btwaudio.sys => Invisible on the diskADDRESS : 0x02B21000SIZE    : 536.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\btwl2cap.sys => Invisible on the diskADDRESS : 0x02BA7000SIZE    : 48.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\btwrchid.sys => Invisible on the diskADDRESS : 0x02BB3000SIZE    : 16.0 Ko DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the diskADDRESS : 0x005F0000SIZE    : 40.0 Ko DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the diskADDRESS : 0x006C0000SIZE    : 156.0 Ko DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the diskADDRESS : 0x02BB7000SIZE    : 140.0 Ko DRIVER  : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the diskADDRESS : 0x02BDA000SIZE    : 144.0 Ko DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the diskADDRESS : 0x02800000SIZE    : 132.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the diskADDRESS : 0x04110000SIZE    : 84.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the diskADDRESS : 0x04125000SIZE    : 332.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the diskADDRESS : 0x04178000SIZE    : 76.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the diskADDRESS : 0x0418B000SIZE    : 96.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\TurboB.sys => Invisible on the diskADDRESS : 0x02821000SIZE    : 28.0 Ko DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the diskADDRESS : 0x041A3000SIZE    : 804.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the diskADDRESS : 0x0426C000SIZE    : 120.0 Ko DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the diskADDRESS : 0x0428A000SIZE    : 96.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the diskADDRESS : 0x042A2000SIZE    : 180.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the diskADDRESS : 0x0709B000SIZE    : 308.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the diskADDRESS : 0x070E8000SIZE    : 144.0 Ko DRIVER  : C:\Windows\system32\drivers\aswHwid.sys => Invisible on the diskADDRESS : 0x0710C000SIZE    : 40.0 Ko DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the diskADDRESS : 0x07116000SIZE    : 664.0 Ko DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the diskADDRESS : 0x071BC000SIZE    : 44.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the diskADDRESS : 0x071C7000SIZE    : 196.0 Ko DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the diskADDRESS : 0x07000000SIZE    : 72.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the diskADDRESS : 0x07C75000SIZE    : 428.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the diskADDRESS : 0x07CE0000SIZE    : 612.0 Ko DRIVER  : C:\Windows\System32\drivers\TrueSight.sys => Invisible on the diskADDRESS : 0x07C00000SIZE    : 52.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the diskADDRESS : 0x07C11000SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\smss.exe => Invisible on the diskADDRESS : 0x47880000SIZE    : 128.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions :  NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR   \Device\Harddisk0\DR0   0x00000000   33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00   3À.м.|û.À.Ø.ô¿.0x00000010   06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00   .¹..üó¤ê`.......0x00000020   50 4F 57 45 52 52 45 43 4F 56 45 52 3F 00 00 00   POWERRECOVER?...0x00000030   50 52 45 53 53 20 46 31 31 20 54 4F 20 52 55 4E   PRESS F11 TO RUN0x00000040   20 4C 47 20 52 45 43 4F 56 45 52 59 2E 2E 0D 0A    LG RECOVERY....0x00000050   00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF   ....W...........0x00000060   86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75   .L½¾0.¬´.3ÛÍ..Àu0x00000070   F5 E3 0B FE 06 13 06 53 53 E8 98 00 EB 36 0E 68   õã.þ...SSè..ë6.h0x00000080   74 07 66 58 66 87 47 24 66 A3 AE 07 8B 16 6C 04   t.fXf.G$f£®...l.0x00000090   FA 66 A1 1C 06 BF 54 06 B1 03 F2 66 AF FB 74 0A   úf¡..¿T.±.òf¯ût.0x000000A0   A1 6C 04 2B C2 3D 36 00 76 E6 66 A1 AE 07 66 89   ¡l.+Â=6.væf¡®.f.0x000000B0   47 24 75 47 BB C2 7D 80 3F 12 74 4F 80 C3 10 73   G$uG»Â}.?.tO.Ã.s0x000000C0   F6 80 EB 10 80 3F 0F 75 28 66 8B 77 04 66 8B D6   ö.ë..?.u(f.w.f.Ö0x000000D0   B3 C2 60 66 52 E8 3C 00 61 72 16 66 01 57 04 80   ³Â`fRè<.ar.f.W..0x000000E0   3F 12 74 27 66 8B 57 14 66 03 D6 80 7F 10 05 74   ?.t'f.W.f.Ö....t0x000000F0   E1 80 FB C2 77 CB BB 28 06 EB 10 BB C2 7D 80 7F   á.ûÂwË»(.ë.»Â}..0x00000100   FC 00 78 07 80 C3 10 73 F5 EB FE 66 FF 77 04 E8   ü.x..Ã.sõëþf.w.è0x00000110   02 00 FF E4 C8 10 00 00 B4 08 B2 80 CD 13 8A C1   ...äÈ...´.².Í..Á0x00000120   24 3F FE C6 8A D8 F6 E6 C0 E9 06 86 CD 41 91 F7   $?þÆ.ØöæÀé..ÍA.÷0x00000130   E1 39 56 06 8B 56 06 8B 46 04 73 1C F7 F1 91 92   á9V..V..F.s.÷ñ..0x00000140   F6 F3 86 CD C0 E1 06 02 CC 41 8A F0 B8 01 02 BB   öó.ÍÀá..ÌA.ð¸..»0x00000150   00 7C 86 26 13 06 EB 14 83 C4 10 0E 0E 52 50 0E   .|.&..ë..Ä...RP.0x00000160   68 00 7C 6A 01 6A 10 8B F4 B8 00 42 B2 80 CD 13   h.|j.j..ô¸.B².Í.0x00000170   C9 C2 04 00 1E 50 53 0E 1F BB 1B 06 A0 17 04 24   ÉÂ...PS..».....$0x00000180   0F 88 47 04 E4 60 3C E0 74 1A 3C 1D 74 10 3C 2A   ..G.ä`<àt.<.t.<*0x00000190   74 0C 3C 36 74 08 3C 38 74 04 84 C0 79 06 66 83   t.<6t.<8t..Ày.f.0x000001A0   27 00 EB 06 FE 07 02 1F 88 07 5B 58 1F EA 00 00   '.ë.þ.....[X.ê..0x000001B0   00 00 00 00 00 00 00 00 4F 37 B8 43 00 00 00 20   ........O7¸C... 0x000001C0   21 00 12 EF 2C C3 00 08 00 00 00 00 30 00 80 EF   !..ï,Ã......0..ï0x000001D0   2D C3 07 FE FF FF 00 08 30 00 00 00 00 1D 00 FE   -Ã.þ....0......þ0x000001E0   FF FF 07 FE FF FF 00 08 30 1D 00 48 C8 1B 00 FE   ...þ....0..HÈ..þ0x000001F0   FF FF 12 FE FF FF 00 50 F8 38 00 08 40 01 55 AA   ...þ...Pø8..@.Uª

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR)

Extraia o arquivos para sua área de trabalho

  • Acesse a pasta mbar e execute o arquivo mbar.exe
  • Clique no botão Next, depois em Update,
  • Clique novamente em Next, e em seguida em Scan.
  • Ao final, Não clique no Cleanup, basta apenas sair do programa.
  • Anexe os logs mbar-log.txt e system-log.txt , localizado na pasta mbar

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

1)
 
Baixe o AdwCleaner e salve no desktop.
https://toolslib.net...loads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.
 
2)

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Anexe o log na sua próxima resposta.

 

3)

 

Baixe a Malwarebytes' Anti-Malware (MBAM).
 
Dê um duplo-clique no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa.
  • Dê um duplo-clique no log (Scan log). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Anexe o log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o anexo desse post e salve no mesmo local do ZA-Scan.

 

Execute novamente o ZA-Scan.exe, aguarde e ao final anexe o log gerado

zascript.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Baixe o Farbar Recovery Scan Tool e salve em sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Marque a caixa 90 Days Files e clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o anexo deste post e salve-o no desktop.

Execute o FRST64.exe e clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Anexe o log na sua próxima resposta

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporiariamente seu AntiVirus

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque: "Enable detection of potentially unwanted applications"
  • Clique em Hide Advanced settings e marque o seguinte:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Anexe o conteúdo do log

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK,

 

Para finalizar:
 
# Etapa nº 1 #

Baixe o Delfix by Xplode e salve na sua área de trabalho.

Dê dois cliques no delfix.exe para executá-lo. Marque as caixas conforme imagem.

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

2mez6ld.png

Clique no botão Executar.

Ao final será gerado um log, mas não é necessário postar.
 
# Etapa nº 2 #
 
Atualize o Java.
 
Atenção: Desinstale TODAS as versões antigas do Java.

  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

# Etapa nº 3 #

 

<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner

 

  • Abra o programa e clique o botão Analisar em seguida em Executar Limpeza.

Obs: Não recomendo a limpeza do registro, isso pode deixa o sistema inoperante.

 

 

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços. thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado mais uma vez. Vocês foram a melhor descoberta que fiz na internet. Realmente útil, ante tantas baboseiras que encontramos hoje em dia. Parabéns para você e para toda a equipe. Abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema resolvido!

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×