Ir para conteúdo

Foto

Problema ao acessar Hotmail/Yahoo/Facebook


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
16 respostas neste tópico

#1
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
Não estou conseguindo acessar o hotmail, o site do yahoo.com nem o facebook.com. Nos outros 2 notebooks que eu tenho em casa eles abrem normalmente. Estou suspeitando que seja algum virus.

Log do HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 02:35:58, on 25/01/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Running processes:
C:\Windows\DAODx.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Steam\steam.exe
E:\Programas\VMware\vmware-tray.exe
C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\Davi\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 23.56.197.109 guardiao.itau.com.br # GbPlugin
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conex„o do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Ita˙ Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - Winlogon Notify: GbPluginUni - C:\Windows\
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Axiom Audio Device Monitor (AxiomAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Unknown owner - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: ServiÁo do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit (mi-raysat_3dsmax2012_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit (mi-raysat_3dsmax2013_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logon secund·rio (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Programas\VMware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - E:\Programas\VMware\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Passei o Malwarebytes Anti-Malware tambÈm. Eis o log:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Vers„o da Base de Dados: v2013.01.24.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Davi :: DAVI-PC [administrador]
24/01/2013 15:13:25
mbam-log-2013-01-24 (15-13-25).txt
Tipo de VerificaÁ„o: VerificaÁ„o R·pida
OpÁıes de verificaÁıes ativadas: MemÛria | InicializaÁ„o | Registro | Sistema de arquivos | HeurÌstica/Extra | HeurÌstica/Shuriken | PUP | PUM
OpÁıes de verificaÁ„o desativadas: P2P
Objetos escaneados: 255621
Tempo decorrido: 10 minuto(s), 16 segundo(s)
Processos de MemÛria Detectados: 0
(N„o foram detectados Ìtens maliciosos)
MÛdulos de MemÛria Detectados: 0
(N„o foram detectados Ìtens maliciosos)
Chaves de Registro Detectadas: 2
HKCR\CLSID\{b33ee05e-0e9f-5672-5ac7-4fedac3dbf5c} (Adware.Ezula) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(N„o foram detectados Ìtens maliciosos)
Itens de Dados no Registro Detectadas: 0
(N„o foram detectados Ìtens maliciosos)
Pastas Detectadas: 0
(N„o foram detectados Ìtens maliciosos)
Arquivos Detectados: 1
C:\$Recycle.Bin\S-1-5-21-489220034-4027149402-3621863440-1016\$RUG33CU.exe (PUP.Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
(fim)

Editado por davimafra, 25 janeiro 2013 - 02:37.


#2
GiovaneMartins

GiovaneMartins

    Geek

  • Membro
  • PipPipPipPip
  • 2.058 posts
Olá,

Meu nome é Giovane Martins, e vou acompanhar seu caso. Assim que minha resposta for conferida, lhe passarei as instruções necessárias.

Inicialmente, observe o seguinte:
  • Não inicie um novo tópico sobre esse problema. Responda sempre este tópico.
  • Não use ferramentas por conta própria, nem siga outras instruções senão as passadas nesse tópico.
  • Clique em Seguir este tópico (no canto superior direito do post principal), e na janela que surgir, deixe marcada a caixa ao lado de Imediatamente, em "Receber Notificações". Isso permitirá que você receba uma notificação por e-mail quando o tópico for respondido.

    Você também pode usar a opção Conteúdo que Sigo, localizada no seu perfil.
  • A análise pode levar algum tempo, então seja paciente.
  • As instruções são específicas para seu computador, e devem ser seguidas somente nele.
  • Evite utilizar as tags <QUOTE> ou <CODE> nos logs, pois isso dificulta na análise do mesmo.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Por favor, não abandone seu tópico. É importante para nós saber se a remoção ocorreu com sucesso ou não.
  • Mesmo que seu problema seja resolvido durante o tópico, aguarde até que eu diga que os logs estão limpos.
  • Caso não haja uma resposta em até 5 dias, envie-me uma MP.


:legal:
[Linha Defensiva no Twitter] [Linha Defensiva no Facebook]

Imagem Postada
Retribua a nossa ajuda não abandonando seu tópico. Obrigado.
Blog do Giovane | Twitter - @giovane_vaz

#3
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
Desculpe ter usado o [code=auto:0] pensei que seria mais fácil visualizar.
Já estou seguindo o tópico. Fico no aguardo.


Obrigado pela atenção

#4
GiovaneMartins

GiovaneMartins

    Geek

  • Membro
  • PipPipPipPip
  • 2.058 posts
Olá,

Por favor, siga os passos abaixo:

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7:
Clique com o botão direito do mouse sobre o OTL.exe e depois em Executar como Administrador.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%appdata%\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.*
CREATERESTOREPOINT
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
/md5start
services.*
/md5stop


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Compacte os arquivos com o WinZip ou WinRar, e Anexe-os <-link na sua próxima resposta.
[Linha Defensiva no Twitter] [Linha Defensiva no Facebook]

Imagem Postada
Retribua a nossa ajuda não abandonando seu tópico. Obrigado.
Blog do Giovane | Twitter - @giovane_vaz

#5
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
Segue o anexo dos arquivos OTL.Txt e Extras.Txt.
Não sei se é relevante mas antes de encontrar esse fórum eu usei o combofix orientado por um amigo meu, mas sem sucesso, não resolveu o problema. Não sei se fiz besteira. Se eu soubesse desse fórum antes.
Em todo caso estou mandando o log dele também.


Obs.: Não estou conseguindo nem mandar a resposta pelo pc, tive que mandar pelo note.

Arquivo(s) anexado(s)



#6
GiovaneMartins

GiovaneMartins

    Geek

  • Membro
  • PipPipPipPip
  • 2.058 posts
Olá,

Por favor, siga os passos abaixo:

1)

Selecione e copie o texto dentro do code, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pelo sinal de dois pontos antes do OTL.
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E103F589-EF1D-4DB9-887F-AA853CB6FC1E}&mid=8ebf09b35edb47d1896fd1191024e9fb-ac9fad74b9340700a2effed7086bcf3b4884df0f&lang=pt-br&ds=AVG&pr=fr&d=2012-03-08 00:09:27&v=10.0.0.7&sap=dsp&q={searchTerms}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 16 bytes -> C:\Users\Davi\Documents\Banda Remanescent.jpg:BDU
@Alternate Data Stream - 1465 bytes -> C:\ProgramData\Microsoft:aEmOJZ5lLByqFOElHz3bbYnJO7Q
@Alternate Data Stream - 1461 bytes -> C:\Users\Davi\AppData\Local\Temp:tlV7QDQ1ejMACKneyowH
@Alternate Data Stream - 1455 bytes -> C:\ProgramData\Microsoft:SlKdUO9GNvShpUm28Y6HloRYCkjz
@Alternate Data Stream - 1429 bytes -> C:\Users\Davi\Cookies:RSCvOW6Oh0ykYTecWrarMOm8rPb
@Alternate Data Stream - 1424 bytes -> C:\ProgramData\Microsoft:NZLj6Xi5603qsCNQj5
@Alternate Data Stream - 1413 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:SSX0RSRPcdFjK5pDVtRASiYMRC
@Alternate Data Stream - 1405 bytes -> C:\Users\Davi\Cookies:UIuMpgdGWQ9xWd5S220J3V4CqS
@Alternate Data Stream - 1338 bytes -> C:\Users\Davi\Configurações locais:eEnMML85unRIhhsqOwhHwq
@Alternate Data Stream - 1338 bytes -> C:\Users\Davi\AppData\Local\Dados de aplicativos:eEnMML85unRIhhsqOwhHwq
@Alternate Data Stream - 1316 bytes -> C:\ProgramData\Microsoft:dI3Ou7rxxVt2vyNbNIaSWx0OH1q
@Alternate Data Stream - 1311 bytes -> C:\ProgramData\Microsoft:4Mzc2rM88gnEtnGOoZF
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A1EDB939

:Services

:Reg

:Files

:Commands
[resethosts]
[createrestorepoint]
[purity]
[emptytemp]
[EMPTYFLASH]


** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada
.

Clique com o botão direito em qualquer parte branca, da sessão Imagem Postada e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão Imagem Postada
O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Feche todos os programas, e abra o OTL.exe.

** Usuários do Windows Vista e Windows 7:
Clique com o botão direito do mouse sobre o OTL.exe e depois em Executar como Administrador. .

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, apenas um log será gerado--> OTL.txt
Ele ficará salvo dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Compacte o arquivo com o WinZip ou WinRar, e Anexe-o <-link na sua próxima resposta.
[Linha Defensiva no Twitter] [Linha Defensiva no Facebook]

Imagem Postada
Retribua a nossa ajuda não abandonando seu tópico. Obrigado.
Blog do Giovane | Twitter - @giovane_vaz

#7
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\Users\Davi\Documents\Banda Remanescent.jpg:BDU deleted successfully.
ADS C:\ProgramData\Microsoft:aEmOJZ5lLByqFOElHz3bbYnJO7Q deleted successfully.
ADS C:\Users\Davi\AppData\Local\Temp:tlV7QDQ1ejMACKneyowH deleted successfully.
ADS C:\ProgramData\Microsoft:SlKdUO9GNvShpUm28Y6HloRYCkjz deleted successfully.
Unable to delete ADS C:\Users\Davi\Cookies:RSCvOW6Oh0ykYTecWrarMOm8rPb .
ADS C:\ProgramData\Microsoft:NZLj6Xi5603qsCNQj5 deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:SSX0RSRPcdFjK5pDVtRASiYMRC deleted successfully.
Unable to delete ADS C:\Users\Davi\Cookies:UIuMpgdGWQ9xWd5S220J3V4CqS .
Unable to delete ADS C:\Users\Davi\Configurações locais:eEnMML85unRIhhsqOwhHwq .
Unable to delete ADS C:\Users\Davi\AppData\Local\Dados de aplicativos:eEnMML85unRIhhsqOwhHwq .
ADS C:\ProgramData\Microsoft:dI3Ou7rxxVt2vyNbNIaSWx0OH1q deleted successfully.
ADS C:\ProgramData\Microsoft:4Mzc2rM88gnEtnGOoZF deleted successfully.
ADS C:\Windows\SysWow64\zlib.dll:SummaryInformation deleted successfully.
ADS C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation deleted successfully.
ADS C:\ProgramData\TEMP:A1EDB939 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
System Restore Service not available.

[EMPTYTEMP]

User: 1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Davi
->Temp folder emptied: 1135377 bytes
->Temporary Internet Files folder emptied: 7875687 bytes
->Java cache emptied: 3346047 bytes
->FireFox cache emptied: 66116020 bytes
->Google Chrome cache emptied: 276541083 bytes
->Flash cache emptied: 58775 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8490791 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50799 bytes
RecycleBin emptied: 3451562727 bytes

Total Files Cleaned = 3.639,00 mb


[EMPTYFLASH]

User: 1
->Flash cache emptied: 0 bytes

User: All Users

User: Davi
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: Todos os Usuários

User: Usuário Padrão
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01292013_215738

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\vmware-SISTEMA\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SISTEMA\vmware-usbarb-SISTEMA-3848.log moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
File\Folder C:\Windows\temp\~bd2375.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.rar   21,1K   1 Downloads


#8
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
Um detalhe que esqueci de mencionar é que o windows não está encerrando, fica na tela de "encerrando o windows" eternamente, sendo necessário forçar o desligamento no botão do PC.

#9
GiovaneMartins

GiovaneMartins

    Geek

  • Membro
  • PipPipPipPip
  • 2.058 posts
1)

Selecione e copie o texto dentro do code, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pelo sinal de dois pontos antes do OTL.
:OTL
@Alternate Data Stream - 1429 bytes -> C:\Users\Davi\Cookies:RSCvOW6Oh0ykYTecWrarMOm8rPb
@Alternate Data Stream - 1405 bytes -> C:\Users\Davi\Cookies:UIuMpgdGWQ9xWd5S220J3V4CqS
@Alternate Data Stream - 1338 bytes -> C:\Users\Davi\Configurações locais:eEnMML85unRIhhsqOwhHwq
@Alternate Data Stream - 1338 bytes -> C:\Users\Davi\AppData\Local\Dados de aplicativos:eEnMML85unRIhhsqOwhHwq
:Services

:Reg

:Files

:Commands
[createrestorepoint]
[purity]
[emptytemp]
[EMPTYFLASH]


** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada
.

Clique com o botão direito em qualquer parte branca, da sessão Imagem Postada e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão Imagem Postada
O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Baixe o Kaspersky AVP Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

OBS: Após o cadastro, escolha a versão 11 em Inglês e clique no botão Imagem Postada
Salve-o em sua área de trabalho.
  • Duplo clique no arquivo ”setup" e aguarde a instalação;
    ** Usuários do Windows Vista e Windows 7:
    Clique com o direito sobre o arquivo, depois clique em
    Imagem Postada
  • Na próxima tela marque I accept the licence agreement e clique em Start
  • Clique no botão Imagem Postada e marque:
    • Meu computador
    • Disco local (C:) (a letra do disco local pode variar)
  • Clique em Actions e desmarque os dois quadros:
    Imagem Postada
  • Clique na aba Automatic Scan e aguarde o término da verificação.
  • Clique no botão Imagem Postada, em Detected threats e no botão "Save".
  • Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

Editado por GiovaneMartins, 31 janeiro 2013 - 18:26.

[Linha Defensiva no Twitter] [Linha Defensiva no Facebook]

Imagem Postada
Retribua a nossa ajuda não abandonando seu tópico. Obrigado.
Blog do Giovane | Twitter - @giovane_vaz

#10
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
All processes killed
========== OTL ==========
Unable to delete ADS C:\Users\Davi\Cookies:RSCvOW6Oh0ykYTecWrarMOm8rPb .
Unable to delete ADS C:\Users\Davi\Cookies:UIuMpgdGWQ9xWd5S220J3V4CqS .
Unable to delete ADS C:\Users\Davi\Configurações locais:eEnMML85unRIhhsqOwhHwq .
Unable to delete ADS C:\Users\Davi\AppData\Local\Dados de aplicativos:eEnMML85unRIhhsqOwhHwq .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: 1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Davi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 832368 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 256761655 bytes
->Flash cache emptied: 343 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8499035 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 61749487 bytes

Total Files Cleaned = 313,00 mb


[EMPTYFLASH]

User: 1
->Flash cache emptied: 0 bytes

User: All Users

User: Davi
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: Todos os Usuários

User: Usuário Padrão
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01312013_212519

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\vmware-SISTEMA\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SISTEMA\vmware-usbarb-SISTEMA-3828.log moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
File\Folder C:\Windows\temp\~bd84ED.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Estou conseguindo acessar o face e o hotmail. Depois do último procedimento que você me passou. :legal:

Entretanto ainda não consegui escanear com o kaspersky.

Tentei fazer o escaneamento com o kaspersky mas o tempo estimado para o término foi de 12 horas :blink:
Tentei por 3 vezes até que ele terminasse mas na primeira tentativa deixei de madrugada e logo de manha havia dado um erro e tinha fechado o programa, na segunda vez ficou ate umas 8 horas escaneando e não tinha aparecido nada, tive que sair e quando voltei estava no modo de espera e não voltava mais, na terceira vez deu uma oscilação na energia e reiniciou. Vou tentar outra vez.

Editado por davimafra, 03 fevereiro 2013 - 14:40.


#11
GiovaneMartins

GiovaneMartins

    Geek

  • Membro
  • PipPipPipPip
  • 2.058 posts
Olá,

Desative temporiariamente seu AntiVirus

  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site Imagem Postada<-link
  • Faça o scan de acordo com a imagem abaixo:
    Imagem Postada
  • Ao final da verificação marque a caixa Delete Quarantined files e clique em FINISH
    Será gerado um relatório, que estará em:
    C:\Arquivos de programas\EsetOnlineScanner\log.txt

OBS: Se você não achar o log.txt no diretorio acima, procure em C:\Arquivos de programas\ESET\EsetOnlineScanner\log.txt

Poste esse log.
[Linha Defensiva no Twitter] [Linha Defensiva no Facebook]

Imagem Postada
Retribua a nossa ajuda não abandonando seu tópico. Obrigado.
Blog do Giovane | Twitter - @giovane_vaz

#12
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
Antes de fechar o ESET, e após a conclusão do escaneamento eu cliquei nos itens em quarentena e cliquei em export to file. Gerou o seguinte arquivo:


C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.1.8244.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.2.8415.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\32BitKey.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Capture_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\CGS_VSTA_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Common_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Connect_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\CustomData_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Draw_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\EN_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Filters_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\FontNav_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Ghostscript.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\IPM_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\PHOTO-PAINT_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Photozoom_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Redist_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Setup_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\ShellExt.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\VBA_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\VideoBrowser_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\WT_x64.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application deleted - quarantined
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\AppData\Local\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\AppData\Local\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Configurações locais\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application
C:\Users\Davi\Downloads\Nitro PDF Professional 8.0.8.3.rar a variant of Win32/Keygen.AN application deleted - quarantined
C:\Users\Davi\Downloads\Toontrack Monster Midi Packs 1 And 2 - Groove Monkee 8 Packs + crack + keygen.zip Win32/Sirefef.DB trojan deleted - quarantined
C:\Windows\Installer\151b07.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195d7e.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195d87.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195d90.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195d99.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195da2.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195dab.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195db4.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195dbd.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195dc6.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195dcf.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195dd8.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195de1.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195dea.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195df3.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195dfc.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195e05.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195e0f.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195e3b.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195e44.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\195e62.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\2460d29.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\6cfcca.msi Win32/Toolbar.Widgi application
C:\Windows\Installer\{10762393-1B90-4AC2-AF1A-4C0C04AE303F}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\NewShortcut6_C2D12190778B49D7B6847BAECAE7BE9D.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{1E3A578C-0A7D-4820-990F-B7545C0B2303}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut10_449D396305C74241ABE7BA91391CF9B4.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{3933C06C-8239-432B-87FC-F2BDC5B49A10}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{3933C06C-8239-432B-87FC-F2BDC5B49A10}\NewShortcut50_065CE0A4A250415C83A81BC46890004B.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\_7EA1FFEF_B7AE_43A5_8841_DBB045C2D037 Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\_A86D6FCA_B61A_4DF3_A911_587A28753A8E Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{7386B5FA-8715-481D-821F-7785110506DF}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{79899C6B-E315-4A3F-8904-02DEAB8D660D}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}\NewShortcut8_4688C3795AC54013960E37EDE53F4CA5.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}\NewShortcut5_F936273A4DCE43598F5F4CBABAD014DA.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{9C420B02-0E44-4C1A-95B0-9222BA3A6CA6}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{B6DF7031-2843-44FD-9CAB-DECAB4257456}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{BB65D262-3EBC-4F10-89D9-67A320E94EAA}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{BDBFAC49-8877-472F-876B-75ADB7DBC955}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{CCE7423E-1D84-4CD3-9E32-220EC9358D97}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{CCE7423E-1D84-4CD3-9E32-220EC9358D97}\NewShortcut1_2D4561AA1380433B9EC818E5007E4288.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\NewShortcut4_1B93EBAA624B47A7847E8976FF2E037B.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{E699230D-4B5E-411E-9F45-FF50789B18DD}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\Installer\{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\777f9ac1-60658293 a variant of Java/Exploit.CVE-2011-3544.BP trojan
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6c4043a7-3dd8a406 a variant of Java/JShrink.A application
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\335ddaf8-61987d5d a variant of Java/Exploit.CVE-2011-3544.BP trojan
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\554e3abd-3e0d7bd2 a variant of Java/Exploit.CVE-2011-3544.BP trojan
I:\DAVI-PC\Backup Set 2012-02-04 111821\Backup Files 2012-02-04 111821\Backup files 55.zip Win32/Packed.Autoit.A.Gen application
I:\DAVI-PC\Backup Set 2012-02-04 111821\Backup Files 2012-03-10 110001\Backup files 2.zip a variant of Win32/SoftonicDownloader.D application
I:\DAVI-PC\Backup Set 2012-02-04 111821\Backup Files 2012-03-17 110001\Backup files 4.zip Win32/OpenCandy application
I:\DAVI-PC\Backup Set 2012-03-19 110542\Backup Files 2012-03-19 110542\Backup files 25.zip Win32/OpenCandy application
I:\DAVI-PC\Backup Set 2012-03-19 110542\Backup Files 2012-03-31 110001\Backup files 2.zip multiple threats
I:\DAVI-PC\Backup Set 2012-03-19 110542\Backup Files 2012-04-14 124110\Backup files 5.zip a variant of Win32/InstallCore.D application
I:\DAVI-PC\Backup Set 2012-06-02 110001\Backup Files 2012-06-09 230319\Backup files 6.zip a variant of Win32/Keygen.AF application
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-06-30 110001\Backup files 41.zip probably a variant of Win32/Spy.Banker.YDH trojan
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-07-14 110001\Backup files 1.zip HTML/ScrInject.B.Gen virus
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-07-21 123747\Backup files 2.zip a variant of Win32/InstallCore.AC application
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-07-21 123747\Backup files 5.zip a variant of Win32/HackTool.Patcher.T application
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-08-04 130502\Backup files 1.zip HTML/ScrInject.B.Gen virus
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-08-04 130502\Backup files 8.zip a variant of Win32/Bundled.Toolbar.Ask.A application
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-08-25 110001\Backup files 51.zip probably a variant of Win32/Spy.Banker.YDH trojan
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-08-25 110001\Backup files 54.zip a variant of Win32/HackTool.Patcher.T application
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-09-29 110001\Backup files 3.zip Win32/OpenCandy application
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-10-13 111913\Backup files 12.zip Win32/Sirefef.DB trojan
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-10-13 111913\Backup files 3.zip Win32/Toolbar.Widgi application
I:\DAVI-PC\Backup Set 2012-11-03 110001\Backup Files 2012-11-03 110001\Backup files 66.zip Win32/Sirefef.DB trojan
I:\DAVI-PC\Backup Set 2012-11-03 110001\Backup Files 2012-11-24 110001\Backup files 5.zip a variant of Win32/Keygen.AN application
I:\DAVI-PC\Backup Set 2012-11-03 110001\Backup Files 2012-12-22 123639\Backup files 4.zip Win32/InstallMonetizer.AF application
I:\DAVI-PC\Backup Set 2013-01-05 124531\Backup Files 2013-01-05 124531\Backup files 67.zip a variant of Win32/Keygen.AN application
I:\DAVI-PC\Backup Set 2013-01-05 124531\Backup Files 2013-01-05 124531\Backup files 68.zip Win32/Sirefef.DB trojan
I:\DAVI-PC\Backup Set 2013-01-26 121646\Backup Files 2013-01-26 121646\Backup files 23.zip a variant of Win32/InstallCore.BC application
I:\DAVI-PC\Backup Set 2013-01-26 121646\Backup Files 2013-01-26 121646\Backup files 59.zip a variant of Win32/Keygen.AN application
I:\DAVI-PC\Backup Set 2013-01-26 121646\Backup Files 2013-01-26 121646\Backup files 60.zip Win32/Sirefef.DB trojan

Já no diretório do ESET (C:\Arquivos de programas\ESET\EsetOnlineScanner\log.txt)
Foi gerado este log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=cf45ed6c42496c4e808ef5a441b6105e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-08 04:05:27
# local_time=2013-02-08 02:05:27 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 18564984 111843377 0 0
# scanned=1218273
# found=136
# cleaned=54
# scan_time=51446
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 0000000000000000000000000000000000000000 I
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\AppData\Local\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\AppData\Local\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 0000000000000000000000000000000000000000 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Users\Davi\Configurações locais\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application 13532E0B0E808B8D92E78876B6922B5A02974237 I
C:\Windows\Installer\{9C420B02-0E44-4C1A-95B0-9222BA3A6CA6}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application AAFC86FF95ACD869581D6C91038304B0DEFEA93D I
C:\Windows\Installer\{B6DF7031-2843-44FD-9CAB-DECAB4257456}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application A830B56B11933B088573C4600FD427DB23CD20F5 I
C:\Windows\Installer\{BB65D262-3EBC-4F10-89D9-67A320E94EAA}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application 513604E89894D17C7F12899181E268E110B5E577 I
C:\Windows\Installer\{BDBFAC49-8877-472F-876B-75ADB7DBC955}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application 1CF4F3FEEA8B6B35605140D9F1388D21F11D2185 I
C:\Windows\Installer\{CCE7423E-1D84-4CD3-9E32-220EC9358D97}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application FCF648A1D9588001861570A296466F1AABB1E3E3 I
C:\Windows\Installer\{CCE7423E-1D84-4CD3-9E32-220EC9358D97}\NewShortcut1_2D4561AA1380433B9EC818E5007E4288.exe Win32/Toolbar.Widgi application AD85EB13EA7E698D4B28F903063968AE88E0C297 I
C:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application F05527885DED3D9A7EE4C63E5834F7BAC2B9B76A I
C:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\NewShortcut4_1B93EBAA624B47A7847E8976FF2E037B.exe Win32/Toolbar.Widgi application E6DBE37F69C36DAA82EF03CD75EB5ED066BC8F86 I
C:\Windows\Installer\{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application E1264C150D4A837A9FD03FD0E52D32E923A26DCE I
C:\Windows\Installer\{E699230D-4B5E-411E-9F45-FF50789B18DD}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application 967E774546A46C82065F1BC3B828EE66D0F21619 I
C:\Windows\Installer\{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application DFB6DA7956B5ED8439A8CF76B4058EE358234976 I
C:\Windows\Installer\151b07.msi Win32/Toolbar.Widgi application D50D9C064C5F93F5833FE59FE8DBBAF25B9E432A I
C:\Windows\Installer\195d7e.msi Win32/Toolbar.Widgi application 8F4B6498F5304DE4E7362CBE41994523103D9824 I
C:\Windows\Installer\195d87.msi Win32/Toolbar.Widgi application E52B631F4E85BB9E8BA8592E22F8A54C3E39EA5F I
C:\Windows\Installer\195d90.msi Win32/Toolbar.Widgi application B01D0FD2FA4AAD886362E361C0D40106B818829F I
C:\Windows\Installer\195d99.msi Win32/Toolbar.Widgi application 067DA1DFDB2874C5CBA24B34E4C3F91CB1F10F2E I
C:\Windows\Installer\195da2.msi Win32/Toolbar.Widgi application 6B3CA4D04BB8ABB2E5831EA1A619D27115376E67 I
C:\Windows\Installer\195dab.msi Win32/Toolbar.Widgi application E014ABE2190E48D9EB75C2DE78929B44EC7F2B92 I
C:\Windows\Installer\195db4.msi Win32/Toolbar.Widgi application ACD89CFBF41E007F5B5F5E79A39EF2B9F44849FD I
C:\Windows\Installer\195dbd.msi Win32/Toolbar.Widgi application C623014FB4DFEA7378E98B7D8111FA2FB345D3A8 I
C:\Windows\Installer\195dc6.msi Win32/Toolbar.Widgi application 6DC314E9BEE87056335AEB93DD2F30A8CAF34F33 I
C:\Windows\Installer\195dcf.msi Win32/Toolbar.Widgi application 692D8AEBAB816261D1903E9121B2C279855EFD19 I
C:\Windows\Installer\195dd8.msi Win32/Toolbar.Widgi application A373016919142A0E45ED01B439E4F259BC9F242B I
C:\Windows\Installer\195de1.msi Win32/Toolbar.Widgi application 32320016AD7C12037D7BB52082A01DBCEEDBEE56 I
C:\Windows\Installer\195dea.msi Win32/Toolbar.Widgi application C19FFC80D77614A0381BFBF52025E394FCF756FB I
C:\Windows\Installer\195df3.msi Win32/Toolbar.Widgi application 48B44290036C720F21E3F1FF2460504247037A7B I
C:\Windows\Installer\195dfc.msi Win32/Toolbar.Widgi application 308D7DEDC64A8F96EB167F6EB5A73123C3030E64 I
C:\Windows\Installer\195e05.msi Win32/Toolbar.Widgi application 044FE9B99BBDD143B7D3263ECAB32E80404A45E7 I
C:\Windows\Installer\195e0f.msi Win32/Toolbar.Widgi application 3E8A216165ADFEF93C5B9F274A799882F67C8201 I
C:\Windows\Installer\195e3b.msi Win32/Toolbar.Widgi application 1EA84B5198C988BDAB98D4C05579929B1E99E0C9 I
C:\Windows\Installer\195e44.msi Win32/Toolbar.Widgi application 502505ABA7D1EFDF4CD8079028DF9FAB405EFF64 I
C:\Windows\Installer\195e62.msi Win32/Toolbar.Widgi application 4A5554C0FE2D7EB22BE86E965FD991F5D51D80A7 I
C:\Windows\Installer\2460d29.msi Win32/Toolbar.Widgi application C8AE9648707FFA193D12F8EC0B3CF671FA6845B3 I
C:\Windows\Installer\6cfcca.msi Win32/Toolbar.Widgi application C4A82ABBC17304C04407E186FC22649CB9F76690 I
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application 2AA967AACCAB9A353FC818B2831B5532D7F47378 I
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\777f9ac1-60658293 a variant of Java/Exploit.CVE-2011-3544.BP trojan F2B555F04C85CAE909552B4D5B4C5EA5CD96FD14 I
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6c4043a7-3dd8a406 a variant of Java/JShrink.A application 0E87AACDC647410518B99B5BA444E3CE73D5FB76 I
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\335ddaf8-61987d5d a variant of Java/Exploit.CVE-2011-3544.BP trojan 9C1D47FAC6BD6F8AC691E75F08594FE8EB4D25D4 I
D:\Backup Usuários Davi\Usuários\Davi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\554e3abd-3e0d7bd2 a variant of Java/Exploit.CVE-2011-3544.BP trojan 0CC99B62CD56088496C3F72CD1E9EFF3B2E47A9C I
I:\DAVI-PC\Backup Set 2012-02-04 111821\Backup Files 2012-02-04 111821\Backup files 55.zip Win32/Packed.Autoit.A.Gen application 5E2C5C22F649A0B7496B3A849D119245C98B8D64 I
I:\DAVI-PC\Backup Set 2012-02-04 111821\Backup Files 2012-03-10 110001\Backup files 2.zip a variant of Win32/SoftonicDownloader.D application 20779458E5E62AF494B502D7F636C8F2C4C1E35B I
I:\DAVI-PC\Backup Set 2012-02-04 111821\Backup Files 2012-03-17 110001\Backup files 4.zip Win32/OpenCandy application 2AADBEAF0618D52F6563C8C2222AC47E59DE7AAF I
I:\DAVI-PC\Backup Set 2012-03-19 110542\Backup Files 2012-03-19 110542\Backup files 25.zip Win32/OpenCandy application 83B671A92131F7FD6402803B8A818716D54F2940 I
I:\DAVI-PC\Backup Set 2012-03-19 110542\Backup Files 2012-03-31 110001\Backup files 2.zip multiple threats 31EF51266B84CDC4ECD156EFC0ABCAC4FE63243D I
I:\DAVI-PC\Backup Set 2012-03-19 110542\Backup Files 2012-04-14 124110\Backup files 5.zip a variant of Win32/InstallCore.D application B5757B84F6CC35682008A87E1E555A8765FACB2E I
I:\DAVI-PC\Backup Set 2012-06-02 110001\Backup Files 2012-06-09 230319\Backup files 6.zip a variant of Win32/Keygen.AF application 0661854BCF7C2CB0A74ED9463CDA358594BE9788 I
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-06-30 110001\Backup files 41.zip probably a variant of Win32/Spy.Banker.YDH trojan 2C4233632398D9DF00B7C7E5E708AAA29BB24EE5 I
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-07-14 110001\Backup files 1.zip HTML/ScrInject.B.Gen virus 5CECF1A7BCC1F27176EAC91EF751A14541CCD40A I
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-07-21 123747\Backup files 2.zip a variant of Win32/InstallCore.AC application 084034735C5A577B1B1A4DCFCEFB51D3E7E41C0E I
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-07-21 123747\Backup files 5.zip a variant of Win32/HackTool.Patcher.T application 2768EA50F2B0DA973554185F9579B558FA799C9F I
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-08-04 130502\Backup files 1.zip HTML/ScrInject.B.Gen virus 220655188A86451F6A8E96BA464AD298FB85E56E I
I:\DAVI-PC\Backup Set 2012-06-30 110001\Backup Files 2012-08-04 130502\Backup files 8.zip a variant of Win32/Bundled.Toolbar.Ask.A application C8ACB9E0C88340E64713A67E0BC38C5C3B2BA35E I
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-08-25 110001\Backup files 51.zip probably a variant of Win32/Spy.Banker.YDH trojan 95C02CE30C3E12BACC75988ED054BFA44EE1A32F I
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-08-25 110001\Backup files 54.zip a variant of Win32/HackTool.Patcher.T application F99A66B30361C52DD0D4A62344E604574BED2224 I
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-09-29 110001\Backup files 3.zip Win32/OpenCandy application 75BB4260406462E77C58D86326DAFE6A9B124358 I
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-10-13 111913\Backup files 12.zip Win32/Sirefef.DB trojan 3B1B6C46650B81EFF3FDE2276254299500B48149 I
I:\DAVI-PC\Backup Set 2012-08-25 110001\Backup Files 2012-10-13 111913\Backup files 3.zip Win32/Toolbar.Widgi application 635652242C6F1431D4E475203D7CD6F3C601F353 I
I:\DAVI-PC\Backup Set 2012-11-03 110001\Backup Files 2012-11-03 110001\Backup files 66.zip Win32/Sirefef.DB trojan C9748B65EA406622CF65A8E29F59090971D24B9E I
I:\DAVI-PC\Backup Set 2012-11-03 110001\Backup Files 2012-11-24 110001\Backup files 5.zip a variant of Win32/Keygen.AN application 3E63B3013BC834DB331F4B041F311E39C8DB14FE I
I:\DAVI-PC\Backup Set 2012-11-03 110001\Backup Files 2012-12-22 123639\Backup files 4.zip Win32/InstallMonetizer.AF application 47312D17D9494585D166402C3AA5C06B3D41A32E I
I:\DAVI-PC\Backup Set 2013-01-05 124531\Backup Files 2013-01-05 124531\Backup files 67.zip a variant of Win32/Keygen.AN application 207FB0899B8646221DAE79689CA26792BCB221EC I
I:\DAVI-PC\Backup Set 2013-01-05 124531\Backup Files 2013-01-05 124531\Backup files 68.zip Win32/Sirefef.DB trojan FC36448926AB6E337D548F5D7F7DA2DAA31C16A2 I
I:\DAVI-PC\Backup Set 2013-01-26 121646\Backup Files 2013-01-26 121646\Backup files 23.zip a variant of Win32/InstallCore.BC application 7FDD5D4FCF8EC7B718070774D6460AC12D589C6A I
I:\DAVI-PC\Backup Set 2013-01-26 121646\Backup Files 2013-01-26 121646\Backup files 59.zip a variant of Win32/Keygen.AN application 84C978084E7642E76A20F836ED451CA1D7E8086B I
I:\DAVI-PC\Backup Set 2013-01-26 121646\Backup Files 2013-01-26 121646\Backup files 60.zip Win32/Sirefef.DB trojan 0647CE87845A9E682F58B7A40CF85DFD6CDFF1A7 I
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\32BitKey.msi Win32/Toolbar.Widgi application (deleted - quarantined) 502505ABA7D1EFDF4CD8079028DF9FAB405EFF64 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Capture_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) ACD89CFBF41E007F5B5F5E79A39EF2B9F44849FD C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\CGS_VSTA_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 3E8A216165ADFEF93C5B9F274A799882F67C8201 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Common_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) E52B631F4E85BB9E8BA8592E22F8A54C3E39EA5F C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Connect_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) C623014FB4DFEA7378E98B7D8111FA2FB345D3A8 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\CustomData_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 692D8AEBAB816261D1903E9121B2C279855EFD19 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Draw_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) B01D0FD2FA4AAD886362E361C0D40106B818829F C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\EN_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 32320016AD7C12037D7BB52082A01DBCEEDBEE56 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Filters_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) E014ABE2190E48D9EB75C2DE78929B44EC7F2B92 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\FontNav_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 308D7DEDC64A8F96EB167F6EB5A73123C3030E64 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Ghostscript.msi Win32/Toolbar.Widgi application (deleted - quarantined) 346ACFFF5158EFD012BE09B9EB8206091A5F6964 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\IPM_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) C19FFC80D77614A0381BFBF52025E394FCF756FB C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\PHOTO-PAINT_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 6B3CA4D04BB8ABB2E5831EA1A619D27115376E67 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Photozoom_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) A373016919142A0E45ED01B439E4F259BC9F242B C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Redist_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 067DA1DFDB2874C5CBA24B34E4C3F91CB1F10F2E C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\Setup_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 8F4B6498F5304DE4E7362CBE41994523103D9824 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\ShellExt.msi Win32/Toolbar.Widgi application (deleted - quarantined) 1EA84B5198C988BDAB98D4C05579929B1E99E0C9 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\VBA_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 044FE9B99BBDD143B7D3263ECAB32E80404A45E7 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\VideoBrowser_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 6DC314E9BEE87056335AEB93DD2F30A8CAF34F33 C
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Setup\CGS16\WT_x64.msi Win32/Toolbar.Widgi application (deleted - quarantined) 48B44290036C720F21E3F1FF2460504247037A7B C
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.1.8244.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) EF941822F85F3375D6CE2DE2221286D38A903360 C
C:\Program Files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.2.8415.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 36D63A430DB536BC4DCF2CD44AE9E7C7FF1641D6 C
C:\Users\Davi\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temp\{790F31FF-0CF9-403E-BAE7-7BB890E0C996}\MFP and Storage Server.msi Win32/Toolbar.Widgi application (deleted - quarantined) 13532E0B0E808B8D92E78876B6922B5A02974237 C
C:\Users\Davi\Downloads\Nitro PDF Professional 8.0.8.3.rar a variant of Win32/Keygen.AN application (deleted - quarantined) 7D7466360A8707E4B6E0444EB16482483AE6F86F C
C:\Users\Davi\Downloads\Toontrack Monster Midi Packs 1 And 2 - Groove Monkee 8 Packs + crack + keygen.zip Win32/Sirefef.DB trojan (deleted - quarantined) 878C19A1AFA2A13039A5E065037B096A64117768 C
C:\Windows\Installer\{10762393-1B90-4AC2-AF1A-4C0C04AE303F}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) E8398B4B5DDE05C77B0FB4A645E3B10D0AA26D5D C
C:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) B6DD0A1467AAB245FBF31E66B8AD668BCB3221D2 C
C:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\NewShortcut6_C2D12190778B49D7B6847BAECAE7BE9D.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 7846624DDD4F0681431AB0ED3B7F486272A865E3 C
C:\Windows\Installer\{1E3A578C-0A7D-4820-990F-B7545C0B2303}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 415F9E6CF36BEEEFBD25716097F0C86197218984 C
C:\Windows\Installer\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) AAFC86FF95ACD869581D6C91038304B0DEFEA93D C
C:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 5076FD94251437725D6C42B6BF0039EC62AFCE51 C
C:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut10_449D396305C74241ABE7BA91391CF9B4.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 259A06AF6CD0A55E605995EE83A283974B80B746 C
C:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 4276C0112DD0604130BB93DD52E55C4644C9840A C
C:\Windows\Installer\{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 286C533051179338C8AA4AD0CFD6353B6CE04651 C
C:\Windows\Installer\{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) DDB27F95EA9A3CD8300AA68CAB6B55D2EED2EBED C
C:\Windows\Installer\{3933C06C-8239-432B-87FC-F2BDC5B49A10}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) BBD0C174F63B1E586F79100CC1E7C94589F2438E C
C:\Windows\Installer\{3933C06C-8239-432B-87FC-F2BDC5B49A10}\NewShortcut50_065CE0A4A250415C83A81BC46890004B.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 234AFCF67DF7C33AE6F69ABE45843F350C0DF32B C
C:\Windows\Installer\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 7E31CD1178F08E384A2587548CF7B1F2F68D825A C
C:\Windows\Installer\{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 166C4117E80E7459470EE11E6AAD19459706599E C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 0D6AC74FD0EE9E6E995EE389FE73CC939B691698 C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 0D6AC74FD0EE9E6E995EE389FE73CC939B691698 C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 0D6AC74FD0EE9E6E995EE389FE73CC939B691698 C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 0D6AC74FD0EE9E6E995EE389FE73CC939B691698 C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 0D6AC74FD0EE9E6E995EE389FE73CC939B691698 C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 7E31CD1178F08E384A2587548CF7B1F2F68D825A C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 7E31CD1178F08E384A2587548CF7B1F2F68D825A C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\_7EA1FFEF_B7AE_43A5_8841_DBB045C2D037 Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 954F4AD3F1262AC20ACA2FF47D8C7BFD41DEF50B C
C:\Windows\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\_A86D6FCA_B61A_4DF3_A911_587A28753A8E Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 301D37DE77FDAE20356F55747E9978A2C6DB8276 C
C:\Windows\Installer\{7386B5FA-8715-481D-821F-7785110506DF}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) CF68DDF29F1B32BDE6810448D081658965956554 C
C:\Windows\Installer\{79899C6B-E315-4A3F-8904-02DEAB8D660D}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 0F85FE3E45516C29F1EDADAB5F0188C790CB3AF2 C
C:\Windows\Installer\{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 758B7F5B3BBB2C237E90B4C351DDD80F3E67EE82 C
C:\Windows\Installer\{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}\NewShortcut8_4688C3795AC54013960E37EDE53F4CA5.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 04DDB739B1F6DD25FF2D3C82299D701EC4D5A251 C
C:\Windows\Installer\{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 1F2A6BFA9BDF3994935CB20760986DE2C12FC6DF C
C:\Windows\Installer\{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}\NewShortcut5_F936273A4DCE43598F5F4CBABAD014DA.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 51FAC71B8AAD08600DF832681828F356551A6DEF C

#13
GiovaneMartins

GiovaneMartins

    Geek

  • Membro
  • PipPipPipPip
  • 2.058 posts
Olá,

Os backups da unidade "I:" contém algumas infecções, que podem retornar caso você os use. Recomendo que formate essa unidade, e depois de terminados os procedimentos, crie novos backups. :legal:

Baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta.

* No Windows Vista e Windows 7:

Clique com o direito sobre a ferramenta e selecione Imagem Postada

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.
[Linha Defensiva no Twitter] [Linha Defensiva no Facebook]

Imagem Postada
Retribua a nossa ajuda não abandonando seu tópico. Obrigado.
Blog do Giovane | Twitter - @giovane_vaz

#14
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
MBRScan v1.1.1

OS : Windows 7 Service Pack 1 (64 bit)
PROCESSOR : AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD
BOOT : Normal Boot
DATE : 2013/02/09 (ISO 8601) at 13:09:47
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __ST2000DL003-9VT166 (CC32)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK : Device\Harddisk1\DR1 __SAMSUNG HD250HJ (FH100-06)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK : Device\Harddisk2\DR2 __ST31000528AS (CC38)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 1.82 To [Fixed] ==> XP MBR Code

MBR_MD5 : B809EAC1BF5018961BB948862046D673
MBR_SHA1 : 6C88CA87C12279359604FC9E52BEA6D70FF40904

Device\Harddisk0\Partition1 1.82 To 0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR1 232.9 Go [Fixed] ==> 7 MBR Code

MBR_MD5 : 2E7EE963CC7750DAC289C4D6D3ABD103
MBR_SHA1 : 202A8E7247EFBD0EC6408D68739D4547A6EB75C1

Device\Harddisk1\Partition1 232.9 Go 0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk2\DR2 931.5 Go [Fixed] ==> 7 MBR Code

MBR_MD5 : 40092B8834D2B563BF6075AA2F317345
MBR_SHA1 : 3BFBB49628761DF091E4EFAB4CAF4AAD3F3E2D4A

Device\Harddisk2\Partition1 200.1 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk2\Partition2 631.4 Go 0x07 NTFS / HPFS
Device\Harddisk2\Partition3 100.0 Go 0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x06011000
SIZE : 292.0 Ko

DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BAB000
SIZE : 40.0 Ko

DRIVER : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk
ADDRESS : 0x00C49000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C6A000
SIZE : 376.0 Ko

DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CC8000
SIZE : 768.0 Ko

DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EA7000
SIZE : 776.0 Ko

DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F69000
SIZE : 64.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F79000
SIZE : 348.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FD0000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FD9000
SIZE : 40.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\pci.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 204.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E33000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\54642506.sys => Invisible on the disk
ADDRESS : 0x01057000
SIZE : 7.37 Mo

DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x017B6000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\volmgr.sys => Invisible on the disk
ADDRESS : 0x017CB000
SIZE : 84.0 Ko

DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00E40000
SIZE : 368.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\pciide.sys => Invisible on the disk
ADDRESS : 0x017E0000
SIZE : 28.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x017E7000
SIZE : 64.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\vmci.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 128.0 Ko

DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x01020000
SIZE : 104.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\atapi.sys => Invisible on the disk
ADDRESS : 0x0103A000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ataport.SYS => Invisible on the disk
ADDRESS : 0x00D88000
SIZE : 168.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\nvstor.sys => Invisible on the disk
ADDRESS : 0x00DB2000
SIZE : 172.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\storport.sys => Invisible on the disk
ADDRESS : 0x0183F000
SIZE : 396.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\nvstor64.sys => Invisible on the disk
ADDRESS : 0x018A2000
SIZE : 252.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\amdxata.sys => Invisible on the disk
ADDRESS : 0x018E1000
SIZE : 44.0 Ko

DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x018EC000
SIZE : 304.0 Ko

DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01938000
SIZE : 80.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\avc3.sys => Invisible on the disk
ADDRESS : 0x0194C000
SIZE : 708.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\gzflt.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 200.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\trufos.sys => Invisible on the disk
ADDRESS : 0x01A8E000
SIZE : 384.0 Ko

DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01C29000
SIZE : 1.64 Mo

DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01AEE000
SIZE : 376.0 Ko

DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01DCC000
SIZE : 108.0 Ko

DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01B4C000
SIZE : 456.0 Ko

DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01DE7000
SIZE : 68.0 Ko

DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01C00000
SIZE : 40.0 Ko

DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01E14000
SIZE : 968.0 Ko

DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01F06000
SIZE : 384.0 Ko

DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01F66000
SIZE : 168.0 Ko

DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x0207A000
SIZE : 2.00 Mo

DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0227B000
SIZE : 296.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x022C5000
SIZE : 64.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\volsnap.sys => Invisible on the disk
ADDRESS : 0x022D5000
SIZE : 304.0 Ko

DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x02321000
SIZE : 32.0 Ko

DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x02333000
SIZE : 232.0 Ko

DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x0236D000
SIZE : 72.0 Ko

DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x0237F000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x02388000
SIZE : 232.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x023C2000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x02000000
SIZE : 192.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\AtiPcie.sys => Invisible on the disk
ADDRESS : 0x02030000
SIZE : 32.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x01F90000
SIZE : 168.0 Ko

DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x0206E000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x023D8000
SIZE : 28.0 Ko

DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x023DF000
SIZE : 56.0 Ko

DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x01FBA000
SIZE : 148.0 Ko

DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x023ED000
SIZE : 64.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x01FDF000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x01FE8000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x01FF1000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x01E00000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01C0A000
SIZE : 68.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01A28000
SIZE : 136.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01C1B000
SIZE : 52.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE : 276.0 Ko

DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x04AF2000
SIZE : 548.0 Ko

DRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x04B7B000
SIZE : 44.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x04B86000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x04B8F000
SIZE : 152.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x04BB5000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x04BCB000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x04BDA000
SIZE : 116.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE : 108.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x04A1B000
SIZE : 80.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04A2F000
SIZE : 324.0 Ko

DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x04A80000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x04A8C000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\Drivers\GizmoDrv.SYS => Invisible on the disk
ADDRESS : 0x04AB5000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\Drivers\ElbyCDIO.sys => Invisible on the disk
ADDRESS : 0x04AC0000
SIZE : 40.0 Ko

DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x04ACA000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x036EF000
SIZE : 524.0 Ko

DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x03772000
SIZE : 120.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03790000
SIZE : 68.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x037AD000
SIZE : 152.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\amdppm.sys => Invisible on the disk
ADDRESS : 0x037D3000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x03600000
SIZE : 472.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x0520B000
SIZE : 10.54 Mo

DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x05C94000
SIZE : 976.0 Ko

DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x05D88000
SIZE : 280.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x05DCE000
SIZE : 144.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\nusb3xhc.sys => Invisible on the disk
ADDRESS : 0x03676000
SIZE : 192.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x05DF2000
SIZE : 8.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk
ADDRESS : 0x05DF4000
SIZE : 44.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04E7E000
SIZE : 344.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x04ED4000
SIZE : 68.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk
ADDRESS : 0x04EF3000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x04F00000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ASACPI.sys => Invisible on the disk
ADDRESS : 0x04F0C000
SIZE : 32.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\Rtnic64.sys => Invisible on the disk
ADDRESS : 0x04F14000
SIZE : 72.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\1394ohci.sys => Invisible on the disk
ADDRESS : 0x04F26000
SIZE : 248.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x04F64000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x04F6D000
SIZE : 64.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x04F7D000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x04F93000
SIZE : 144.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x04FB7000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04FC3000
SIZE : 188.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x04E00000
SIZE : 108.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x04E1B000
SIZE : 132.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x04E3C000
SIZE : 104.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x04E56000
SIZE : 44.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x04E61000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x036A6000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x04E70000
SIZE : 8.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x01A4A000
SIZE : 268.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\avchv.sys => Invisible on the disk
ADDRESS : 0x060F4000
SIZE : 272.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\GenBus.sys => Invisible on the disk
ADDRESS : 0x06138000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\amdiox64.sys => Invisible on the disk
ADDRESS : 0x06144000
SIZE : 80.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x06158000
SIZE : 72.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\vmnetadapter.sys => Invisible on the disk
ADDRESS : 0x0616A000
SIZE : 32.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\VMNET.SYS => Invisible on the disk
ADDRESS : 0x06172000
SIZE : 40.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\nusb3hub.sys => Invisible on the disk
ADDRESS : 0x0617C000
SIZE : 96.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x06194000
SIZE : 360.0 Ko

DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x06000000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\drivers\AtihdW76.sys => Invisible on the disk
ADDRESS : 0x06015000
SIZE : 108.0 Ko

DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x06030000
SIZE : 244.0 Ko

DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0606D000
SIZE : 136.0 Ko

DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0608F000
SIZE : 24.0 Ko

DRIVER : C:\Windows\system32\drivers\viahduaa.sys => Invisible on the disk
ADDRESS : 0x06E27000
SIZE : 1.69 Mo

DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x06FD8000
SIZE : 116.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x06E00000
SIZE : 56.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x06E0E000
SIZE : 100.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x06FF5000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x06095000
SIZE : 56.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\LHidFilt.Sys => Invisible on the disk
ADDRESS : 0x060A3000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x060B9000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\LMouFilt.Sys => Invisible on the disk
ADDRESS : 0x060C6000
SIZE : 80.0 Ko

DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x060DA000
SIZE : 56.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x060E8000
SIZE : 48.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x061EE000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x036B5000
SIZE : 76.0 Ko

DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00040000
SIZE : 3.09 Mo

DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x04E72000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x04FF2000
SIZE : 56.0 Ko

DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00500000
SIZE : 40.0 Ko

DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00790000
SIZE : 156.0 Ko

DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x036C8000
SIZE : 140.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\avckf.sys => Invisible on the disk
ADDRESS : 0x034E5000
SIZE : 584.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\diginet.sys => Invisible on the disk
ADDRESS : 0x03577000
SIZE : 32.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\vmnetbridge.sys => Invisible on the disk
ADDRESS : 0x0357F000
SIZE : 68.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x03590000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x035A5000
SIZE : 96.0 Ko

DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03400000
SIZE : 804.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x035BD000
SIZE : 120.0 Ko

DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x035DB000
SIZE : 96.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x02038000
SIZE : 180.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x07E07000
SIZE : 312.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x07E55000
SIZE : 144.0 Ko

DRIVER : C:\Windows\system32\drivers\hcmon.sys => Invisible on the disk
ADDRESS : 0x07E79000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\drivers\vmx86.sys => Invisible on the disk
ADDRESS : 0x07E85000
SIZE : 72.0 Ko

DRIVER : C:\Windows\system32\drivers\aksdf.sys => Invisible on the disk
ADDRESS : 0x07E97000
SIZE : 80.0 Ko

DRIVER : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x07EAB000
SIZE : 216.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\aksfridge.sys => Invisible on the disk
ADDRESS : 0x07EE1000
SIZE : 132.0 Ko

DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x09A30000
SIZE : 664.0 Ko

DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x09AD6000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x09AE1000
SIZE : 196.0 Ko

DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x09B12000
SIZE : 72.0 Ko

DRIVER : C:\Windows\system32\drivers\vmnetuserif.sys => Invisible on the disk
ADDRESS : 0x09B24000
SIZE : 40.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x09B46000
SIZE : 420.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0A624000
SIZE : 608.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\GenHC.sys => Invisible on the disk
ADDRESS : 0x0A6BC000
SIZE : 212.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk
ADDRESS : 0x0A762000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x477B0000
SIZE : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.Ð&frac14;.|ûP.P.ü&frac34;.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW&sup1;å.ó¤Ë&frac12;&frac34;.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..&para;.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..&para;.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 &frac14;.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 &middot;.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva
0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta
0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin
0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera
0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 63 80 42 40 51 00 00 00 01 .....,Dc.B@Q....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 82 74 E0 E8 00 00 ...þ..?....tàè..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

_______MBR \Device\Harddisk1\DR1

0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.Ð&frac14;.|.À.Ø&frac34;.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .&sup1;..üó¤Ph..Ëû&sup1;..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 &frac12;&frac34;..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &amp;fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......&sup2;.ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..&middot;.ë..&para;.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 7F F8 52 88 00 00 00 20 em...c{..øR....
0x000001C0 21 00 07 FE FF FF 00 08 00 00 00 48 1C 1D 00 00 !..þ.......H....
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

_______MBR \Device\Harddisk2\DR2

0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.Ð&frac14;.|.À.Ø&frac34;.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .&sup1;..üó¤Ph..Ëû&sup1;..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 &frac12;&frac34;..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &amp;fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......&sup2;.ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..&middot;.ë..&para;.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 03 F9 05 00 00 00 80 01 em...c{..ù......
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 8A 1A 03 19 00 FE ...þ..?........þ
0x000001D0 FF FF 07 FE FF FF 08 1B 03 19 B8 E6 EC 4E 00 FE ...þ......¸æìN.þ
0x000001E0 FF FF 0F FE FF FF C1 0F F0 67 3E 48 80 0C 00 00 ...þ..Á.ðg>H....
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª


Uso o backup agendado do windows 7 toda semana. Ele deve ter feito backup das infecções. :wacko:
A unidade "I" tem muitos arquivos pessoais, como fotos vídeos, músicas, documentos. Formatá-lo não seria possível. Não posso simplesmente apagar os arquivos de backup? :legal:

Editado por davimafra, 09 fevereiro 2013 - 14:22.


#15
GiovaneMartins

GiovaneMartins

    Geek

  • Membro
  • PipPipPipPip
  • 2.058 posts
Olá,

Uso o backup agendado do windows 7 toda semana. Ele deve ter feito backup das infecções.
A unidade "I" tem muitos arquivos pessoais, como fotos vídeos, músicas, documentos. Formatá-lo não seria possível. Não posso simplesmente apagar os arquivos de backup?


Pode, sem problemas.

O log está limpo. ^_^

Finalizando:

1º) Renomeie o ComboFix para uninstall e execute-o.

Uma mensagem avisando que a remoção do programa ocorreu com êxito deve surgir. Apenas clique em Ok

2º) Abra o OTL e clique no botão Imagem Postada.

Permita que o programa reinicie o sistema.

3º)Imagem Postada Versões antigas do Java, têm vunerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

Baixe o JavaRa.

  • Dê um duplo-clique no JavaRa.exe.
  • Depois clique em Search For Updates
  • Clique então no botão Search.

Se estiver atualizado, o programa emitirá um aviso de que a última versão já está instalada. Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas.

4º) Imagem Postada Atualize o Adobe Reader. Versões antigas contém vulnerabilidades que são exploradas por malwares.

Remova a versão mais antiga e clique aqui para instalar a mais nova versão.

5º) Desative e ative novamente a Restauração do Sistema.

6º) Leia o artigo Proteja seu PC para mais informações de como se proteger na internet.

7º) Se não tiver mais problemas, clique no botão Imagem Postada e peça para fecharem o tópico.

Caso tenha alguma dúvida relacionada a informática e tecnologia, sinta-se a vontade para postar nas outras áreas do fórum.
[Linha Defensiva no Twitter] [Linha Defensiva no Facebook]

Imagem Postada
Retribua a nossa ajuda não abandonando seu tópico. Obrigado.
Blog do Giovane | Twitter - @giovane_vaz

#16
davimafra

davimafra

    Novato

  • Membro
  • Pip
  • 9 posts
Até que enfim fiquei limpo das ameaças. Fiz todos os procedimentos instruídos. Muito obrigado pelo suporte e orientação. :legal:

Agradeço ao melhor fórum de combate às ameaças virtuais. ^_^

#17
netcriptus

netcriptus

    Coordenador de Moderação

  • Coordenador
  • 1.839 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.
Linha Defensiva no Twitter!
Imagem Postada
Sorria, você está sendo Googlado.