Ir ao conteúdo
  • Cadastre-se
durante

Não consigo navegar devido "mysearch123"

Recommended Posts

Por favor me ajudem  (windows 7)

Li tudo que achei (e tentei) para remover o "mysearch123" e  nada.

Deletar arquivos

Mudar opções

Remover mores de busca

Alterar "propriedade" nos ícones do navegador.

Reiniciar o firefox sem complementos (original)

Reinstalar firefox após limpeza total (ao reiniciar o notebook volta o dito cujo).

Não sei mais o que fazer.

Agradeço a ajuda

Compartilhar este post


Link para o post
Compartilhar em outros sites

@

 

Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com essas instruções: http://forum.clubedohardware.com.br/topic/1105783-como-criar-seu-t%C3%B3pico/

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

1)
 
Faça o download do Farbar Service Scanner e salve em seu Desktop

  • Marque as caixas:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Clique em Scan
  • Será criado um log (FSS.txt) no Desktop
  • Anexe o do log em sua próxima resposta.

2)

Baixe MbrScan.exe by Eric_71 > salve no desktop.
 
Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.
 
Selecione, copie e cole o seu conteúdo na próxima resposta.

 

3)

 

Baixe o 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR)

Extraia o arquivos para sua área de trabalho

  • Acesse a pasta mbar e execute o arquivo mbar.exe
  • Clique no botão Next, depois em Update,
  • Clique novamente em Next, e em seguida em Scan.
  • Ao final, Não clique no Cleanup, basta apenas sair do programa.
  • Anexe os logs mbar-log.txt e system-log.txt , localizado na pasta mbar

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe-me a bagunça

 

Farbar Service Scanner Version: 17-01-2015
Ran by Rodolfo (administrator) on 06-07-2015 at 21:55:32
Running from "C:\Users\Rodolfo\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

MBRScan v1.1.1OS             : Windows 7 Service Pack 1 (32 bit)PROCESSOR      : x86 Family 6 Model 58 Stepping 9, GenuineIntelBOOT           : Normal BootDATE           : 2015/07/06 (ISO 8601) at 21:59:39________________________________________________________________________________DISK           : Device\Harddisk0\DR0 __ST320LM001 HN-M320MBB (2AR20002)BUS_TYPE       : (0x0B)  S-ATAUSE_PIO        : NOMAX_TRANSFER   : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________Device\Harddisk0\DR0    298.1 Go  [Fixed] ==> 7 MBR CodeMBR_MD5   : CA40B8A89A56A2A0603535621DA525F9MBR_SHA1  : 5FC5729455609334658E7C3C8A71FAAE57179E64Device\Harddisk0\Partition1    100.0 Mo      0x07 NTFS / HPFS __ BOOTABLE __Device\Harddisk0\Partition2    296.5 Go      0x07 NTFS / HPFSDevice\Harddisk0\Partition3    1.46 Go      0x82 Linux Swap________________________________________________________________________________############################### Additional scan ################################DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the diskADDRESS : 0x9159B000SIZE    : 44.0 KoDRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the diskADDRESS : 0x915A6000SIZE    : 40.0 KoDRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the diskADDRESS : 0x915B0000SIZE    : 68.0 KoBCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)SystemStartOptions :  NOEXECUTE=OPTIN_______________________________________________________________________________________MBR   \Device\Harddisk0\DR0  0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst0x000001B0   65 6D 00 00 00 63 7B 9A 13 57 05 00 00 00 80 20   em...c{..W.....0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 10 11 25 00 FE   ...þ...(.....%.þ0x000001E0   FF FF 05 FE FF FF FE 3F 14 25 02 A8 2E 00 00 00   ...þ..þ?.%.¨....0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

www.malwarebytes.org

Database version:

  main:    v2014.11.18.05

  rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 11.0.9600.17843

Rodolfo :: notebook [administrator]

06/07/2015 22:05:37

mbar-log-2015-07-06 (22-05-37).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 302081

Time elapsed: 13 minute(s), 39 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\Windows\System32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys (PUP.Optional.Sanbreel.A) -> No action taken. [825dccbaf4bcf4a90da1a639210e4345]

C:\Windows\System32\rlls.dll (Trojan.Agent) -> No action taken. [4fee9ca12b51290d219d1aab49ba837d]

 

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.496000 GHz
Memory total: 1560428544, free: 459935744

Could not load protection driver
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.496000 GHz
Memory total: 1560428544, free: 490450944

=======================================
Initializing...
------------ Kernel report ------------
     07/06/2015 22:05:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\gbpkm.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\anodlwf.sys
\SystemRoot\system32\DRIVERS\gbpndisrdn.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\PROGRA~1\GbPlugin\gbftin32.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\Program Files\Diebold\Warsaw\WinDivert32.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\userenv.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85787a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85787690, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85787a58, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff852ca030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 55713

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 621875200

    Partition 2 type is Extended with CSH (0x5)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 622084094  Numsec = 3057666

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
File C:\Windows\System32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys will be destroyed
Infected: C:\Windows\System32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys --> [PUP.Optional.Sanbreel.A]
Infected: C:\Windows\System32\rlls.dll --> [Trojan.Agent]
Scan finished
User declined to cleanup malware.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys-r.mbam...
Removal finished

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.07.06
  rootkit: v2015.07.07.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17843
Rodolfo :: notebook [administrator]

07/07/2015 19:14:42
mbar-log-2015-07-07 (19-14-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 330835
Time elapsed: 14 minute(s), 59 second(s)

Memory Processes Detected: 1
C:\Users\Rodolfo\AppData\Everything\ServiceEverything.exe (Trojan.Agent.ED) -> 2320 -> Delete on reboot. [be34efef5931a195e8212c47877bd22e]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ServiceEverything (Trojan.Agent.ED) -> Delete on reboot. [be34efef5931a195e8212c47877bd22e]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Rodolfo\AppData\Everything\ServiceEverything.exe (Trojan.Agent.ED) -> Delete on reboot. [be34efef5931a195e8212c47877bd22e]
C:\Windows\System32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [825dccbaf4bcf4a90da1a639210e4345]
C:\Windows\System32\rlls.dll (Trojan.Agent) -> Delete on reboot. [44aef4eab6d4c76fb3ae01a0ee16629e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

@

 

Alguma dificuldade em anexar os logs?
 

1)
 
Baixe o AdwCleaner e salve no desktop.
https://toolslib.net...loads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.
 
2)

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Anexe o log na sua próxima resposta.

 

3)

 

Poste um novo log do ZA-Scan

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro,

O CarlosTurco está tendo problemas em seu computador e até que tudo se resolva estarei assumindo seu caso.

Como já faz um tempinho que não responde, preciso saber se ainda precisa de ajuda.

Abraços :D

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×