Ir para conteúdo

Foto

Vírus do facebook que bloqueia antivírus


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
30 respostas neste tópico

#1
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Olá! Este é meu primeiro post, e estou recorrendo a vocês porque sinceramente já não sei mais o que fazer...

Há mais ou menos uma semana eu caí na burrada de dar OK numa solicitação no Facebook quando fui assistir ao vídeo da Amanda Todd, aquela menina que se matou nos EUA por causa de bullying no ano passado. Pois bem, depois que eu fiz isso, meu perfil no Facebook começou a enviar adware pra toda a minha lista de amigos, além de, fora do FB, ficar aparecendo umas barrinhas chatas na parte inferior do navegador (qualquer que seja, IE, Firefox ou Chrome) com "links patrocinados". Já deletei o arquivo .exe que foi baixado (alguma coisa do tipo "Fbupdate"), não tem nenhuma extensão instalada nos navegadores, e o próprio site do FB já me avisou que eu estava com malware e tentou resolver, mas não deu certo.

Tentei fazer um scan com o Avast, e ele travou. Tentei fazer um scan com o Advanced System Care, e ele travou. Tentei escanear com o Iobit Malware Fighter, e ele também travou. Tentei escanear com o Malwarebytes, e, adivinhem!, ele também travou. Quando eu digo "travou", não me refiro só aos programas, mas a todo o sistema, do tipo só conseguir desligar o note tirando a bateria (nem precisam dizer o quanto isso é desaconselhável...). Ou seja, qualquer programa que eu rode e faça um scan a procura de malwares trava o sistema...

Aguardo a ajuda de alguém... Segue abaixo o log do Hijakc This. A propósito, quando eu rodo o Hijack This, antes de terminar o scan aparece a seguinte mensagem: "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this."




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:23, on 14/04/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Jean\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: HomeTab - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: HomeTab - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: (no name) - {b89c9471-7756-4406-b7bb-b6915e8e55dd} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2011/07/28 20:02:17 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Baidu PC Faster Service 1.18.0.22 (PCFasterSvc_{PCFaster_1.18.0.22}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\1.18.0.22\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11065 bytes

#2
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Seguir este tópico, Imagem Postada,
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma Mensagem Privada (MP)

** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#3
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Valeu, pelas instruções, Ciro!!! Como pedido, aí vai um novo log do Hijack This, com a observação de que a mensagem que eu relatei acima continua aparecendo:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:15, on 14/04/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Houaiss3\Houaiss3.exe
C:\Program Files (x86)\LibreOffice 3.6\program\swriter.exe
C:\Program Files (x86)\LibreOffice 3.6\program\soffice.exe
C:\Program Files (x86)\LibreOffice 3.6\program\soffice.bin
C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearch.exe
C:\PROGRA~2\COPERN~1\DESKTO~4.EXE
C:\Users\Jean\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: HomeTab - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: HomeTab - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: (no name) - {b89c9471-7756-4406-b7bb-b6915e8e55dd} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2011/07/28 20:02:17 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Baidu PC Faster Service 1.18.0.22 (PCFasterSvc_{PCFaster_1.18.0.22}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\1.18.0.22\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11196 bytes

#4
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

Vá no Facebook, botão Configurações (engrenagem) -> Configurações da Conta -> Aplicativos -> verifique se há algum aplicativo instalado, caso haja remova os desconhecidos ou remova todos.

--------

1)

Faça o download do Farbar Service Scanner, e salve na sua área de trabalho.
http://download.blee.../farbar/FSS.exe

Dê dois cliques no FSS.exe para executá-lo. Marque todas as opções e em seguida clique no botão Scan.

Imagem Postada


** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo FSS.exe, depois clique em Imagem Postada.

Um log ficará salvo na sua área de trabalho, com o nome FSS.txt.

Copie todo o conteúdo desse log e cole na sua próxima resposta.

2)

Baixe o MbrScan.exe e salve no desktop.
http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em Imagem Postada.

Selecione, copie e cole o seu conteúdo na próxima resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#5
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Olá, Ciro! Já tinha deletado todos os apps do facebook. O log do FSS é esse que segue:




Farbar Service Scanner Version: 03-03-2013
Ran by Jean (administrator) on 15-04-2013 at 13:10:21
Running from "C:\Users\Jean\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




O log do Mbr scan é esse:




MBRScan v1.1.1

OS			 : Windows 7 Service Pack 1 (64 bit)
PROCESSOR	  : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT		   : Normal Boot
DATE		   : 2013/04/15 (ISO 8601) at 13:12:43
________________________________________________________________________________

DISK		   : Device\Harddisk0\DR0 __ST1000LM 024 HN-M101M (2AR1)
BUS_TYPE	   : (0x03)  P-ATA
USE_PIO	    : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> Unknown MBR Code ==> PARTITION TABLE FAKED !!

MBR_MD5   : C5F0EAFEC406C7F0C82ACAB31114FAEF
MBR_SHA1  : C0D9C3E991C1ABD43FBE0F2F5BEA119904177E9A

Device\Harddisk0\Partition1    100.0 Mo      0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2    660.0 Go      0x07 NTFS / HPFS
Device\Harddisk0\Partition3    21.84 Go      0x27 RE Hidden partition
Device\Harddisk0\Partition4    249.6 Go      0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03602000
SIZE    : 292.0 Ko

DRIVER  : C:\windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BD0000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C10000
SIZE    : 316.0 Ko

DRIVER  : C:\windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C73000
SIZE    : 376.0 Ko

DRIVER  : C:\windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CD1000
SIZE    : 768.0 Ko

DRIVER  : C:\windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EF8000
SIZE    : 776.0 Ko

DRIVER  : C:\windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00FBA000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 348.0 Ko

DRIVER  : C:\windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00E57000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00E60000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00E6A000
SIZE    : 204.0 Ko

DRIVER  : C:\windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E9D000
SIZE    : 52.0 Ko

DRIVER  : C:\windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00EAA000
SIZE    : 84.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00EBF000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00EC8000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00ED4000
SIZE    : 84.0 Ko

DRIVER  : C:\windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D91000
SIZE    : 368.0 Ko

DRIVER  : C:\windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FCA000
SIZE    : 104.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0106B000
SIZE    : 1.33 Mo

DRIVER  : C:\windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x011BF000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x011C8000
SIZE    : 168.0 Ko

DRIVER  : C:\windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x011F2000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01010000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x0101B000
SIZE    : 304.0 Ko

DRIVER  : C:\windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x00FE4000
SIZE    : 80.0 Ko

DRIVER  : C:\windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0123F000
SIZE    : 1.63 Mo

DRIVER  : C:\windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x0142C000
SIZE    : 376.0 Ko

DRIVER  : C:\windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x0148A000
SIZE    : 108.0 Ko

DRIVER  : C:\windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x014A5000
SIZE    : 456.0 Ko

DRIVER  : C:\windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01517000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01528000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x016E6000
SIZE    : 968.0 Ko

DRIVER  : C:\windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 384.0 Ko

DRIVER  : C:\windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01660000
SIZE    : 172.0 Ko

DRIVER  : C:\windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 2.00 Mo

DRIVER  : C:\windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0168B000
SIZE    : 292.0 Ko

DRIVER  : C:\windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x016D4000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01532000
SIZE    : 304.0 Ko

DRIVER  : C:\windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x017D8000
SIZE    : 32.0 Ko

DRIVER  : C:\windows\System32\Drivers\SmartDefragDriver.sys => Invisible on the disk
ADDRESS : 0x017E0000
SIZE    : 28.0 Ko

DRIVER  : C:\windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x0157E000
SIZE    : 232.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\nvpciflt.sys => Invisible on the disk
ADDRESS : 0x017E7000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x015B8000
SIZE    : 72.0 Ko

DRIVER  : C:\windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x017F1000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 232.0 Ko

DRIVER  : C:\windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x015CA000
SIZE    : 88.0 Ko

DRIVER  : C:\windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01ACE000
SIZE    : 192.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswRvrt.sys => Invisible on the disk
ADDRESS : 0x01AFE000
SIZE    : 76.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x03FA5000
SIZE    : 168.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x044D0000
SIZE    : 1020.0 Ko

DRIVER  : C:\windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x045CF000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x045D8000
SIZE    : 28.0 Ko

DRIVER  : C:\windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x045DF000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x04400000
SIZE    : 148.0 Ko

DRIVER  : C:\windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x04425000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x04435000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x0443E000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x04447000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x04450000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x0445B000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x0446C000
SIZE    : 136.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x0448E000
SIZE    : 52.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x0449B000
SIZE    : 80.0 Ko

DRIVER  : C:\windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01B1F000
SIZE    : 548.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswrdr2.sys => Invisible on the disk
ADDRESS : 0x044AF000
SIZE    : 80.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01BA8000
SIZE    : 276.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x044C3000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x03FCF000
SIZE    : 152.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 88.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x045ED000
SIZE    : 60.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x03E16000
SIZE    : 108.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 80.0 Ko

DRIVER  : C:\windows\system32\Drivers\SABI.sys => Invisible on the disk
ADDRESS : 0x03E31000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01A14000
SIZE    : 324.0 Ko

DRIVER  : C:\windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x01A65000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03FF5000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x01A71000
SIZE    : 60.0 Ko

DRIVER  : C:\windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x04672000
SIZE    : 524.0 Ko

DRIVER  : C:\windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x046F5000
SIZE    : 120.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x04713000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x04724000
SIZE    : 392.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x04786000
SIZE    : 152.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x05802000
SIZE    : 10.67 Mo

DRIVER  : C:\windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x062AD000
SIZE    : 976.0 Ko

DRIVER  : C:\windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x063A1000
SIZE    : 280.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x06603000
SIZE    : 11.74 Mo

DRIVER  : C:\windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x071C1000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x071D2000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04600000
SIZE    : 344.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x047AC000
SIZE    : 144.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\bcmwl664.sys => Invisible on the disk
ADDRESS : 0x04CC2000
SIZE    : 2.94 Mo

DRIVER  : C:\windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x04FB2000
SIZE    : 52.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x04C00000
SIZE    : 528.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\nusb3xhc.sys => Invisible on the disk
ADDRESS : 0x04C84000
SIZE    : 196.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x04CB5000
SIZE    : 8.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x04FBF000
SIZE    : 120.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x04FDD000
SIZE    : 60.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x05076000
SIZE    : 1.38 Mo

DRIVER  : C:\windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x051D8000
SIZE    : 60.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x051E7000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x051F0000
SIZE    : 20.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x05000000
SIZE    : 88.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x05016000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\serscan.sys => Invisible on the disk
ADDRESS : 0x05026000
SIZE    : 32.0 Ko

DRIVER  : C:\windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0502E000
SIZE    : 24.0 Ko

DRIVER  : C:\windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x01A80000
SIZE    : 268.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\clwvd.sys => Invisible on the disk
ADDRESS : 0x05034000
SIZE    : 24.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x0503A000
SIZE    : 88.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x05050000
SIZE    : 144.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x04FEC000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x047D0000
SIZE    : 188.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x071E3000
SIZE    : 108.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 132.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x04656000
SIZE    : 104.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x051F5000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x05074000
SIZE    : 8.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x063E7000
SIZE    : 72.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x05470000
SIZE    : 360.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\nusb3hub.sys => Invisible on the disk
ADDRESS : 0x054CA000
SIZE    : 100.0 Ko

DRIVER  : C:\windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x054E3000
SIZE    : 84.0 Ko

DRIVER  : C:\windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x07A7A000
SIZE    : 2.77 Mo

DRIVER  : C:\windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x07D3E000
SIZE    : 244.0 Ko

DRIVER  : C:\windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x07D7B000
SIZE    : 136.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x07D9D000
SIZE    : 332.0 Ko

DRIVER  : C:\windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00030000
SIZE    : 3.09 Mo

DRIVER  : C:\windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x07DF0000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x07A00000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x03E3B000
SIZE    : 1.33 Mo

DRIVER  : C:\windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x07A0E000
SIZE    : 76.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x07A21000
SIZE    : 116.0 Ko

DRIVER  : C:\windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x07A3E000
SIZE    : 184.0 Ko

DRIVER  : C:\windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x004A0000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x054F8000
SIZE    : 140.0 Ko

DRIVER  : C:\windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x0551B000
SIZE    : 160.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x05543000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\Sftvollh.sys => Invisible on the disk
ADDRESS : 0x0554E000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x05559000
SIZE    : 84.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x0556E000
SIZE    : 332.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x055C1000
SIZE    : 76.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x055D4000
SIZE    : 96.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\TurboB.sys => Invisible on the disk
ADDRESS : 0x055EC000
SIZE    : 32.0 Ko

DRIVER  : C:\windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x06449000
SIZE    : 804.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x06512000
SIZE    : 120.0 Ko

DRIVER  : C:\windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x06530000
SIZE    : 96.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x06548000
SIZE    : 180.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x06575000
SIZE    : 312.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x065C3000
SIZE    : 144.0 Ko

DRIVER  : C:\windows\system32\Drivers\rikvm_38F51D56.sys => Invisible on the disk
ADDRESS : 0x09E0C000
SIZE    : 1.72 Mo

DRIVER  : C:\windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x0A0C9000
SIZE    : 664.0 Ko

DRIVER  : C:\windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0A16F000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\Sftfslh.sys => Invisible on the disk
ADDRESS : 0x0A000000
SIZE    : 772.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\Sftplaylh.sys => Invisible on the disk
ADDRESS : 0x0A17A000
SIZE    : 308.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x0A1C7000
SIZE    : 196.0 Ko

DRIVER  : C:\windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x09FC4000
SIZE    : 72.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x05400000
SIZE    : 420.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x0A863000
SIZE    : 608.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\Sftredirlh.sys => Invisible on the disk
ADDRESS : 0x0A8FB000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x007A0000
SIZE    : 156.0 Ko

DRIVER  : C:\windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x0A800000
SIZE    : 216.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x0E400000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x48570000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  MAXMEM=8589934592  NOEXECUTE=OPTIN  NUMPROC=8

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   50 41 53 53 00 00 00 00 00 00 00 00 00 00 00 00   PASS............
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D8 8E C0 8E D0 BC 00 7C 8B F4 BF 00 06   3À.Ø.À.м.|.ô¿..
0x00000010   B9 00 01 FC F3 A5 EA 1B 00 60 00 0E 1F 06 E8 95   ¹..üó¥ê..`....è.
0x00000020   00 07 80 3E 97 01 01 74 75 80 3E 97 01 02 74 00   ...>...tu.>...t.
0x00000030   C6 06 94 01 00 E8 04 01 BE BE 01 B3 04 F6 04 80   Æ....è..¾¾.³.ö..
0x00000040   75 0F 83 C6 10 FE CB 75 F4 CD 18 BE 5D 01 E8 FC   u..Æ.þËuôÍ.¾].èü
0x00000050   00 BB 00 7C 06 53 50 55 8B EC C7 46 02 00 00 5D   .».|.SPU.ìÇF...]
0x00000060   50 55 8B EC C7 46 02 00 00 5D FF 74 0A FF 74 08   PU.ìÇF...].t..t.
0x00000070   06 53 50 55 8B EC C7 46 02 01 00 5D 50 55 8B EC   .SPU.ìÇF...]PU.ì
0x00000080   C7 46 02 10 00 5D 16 1F 8B F4 B4 42 CD 13 83 C4   ÇF...]...ô´BÍ..Ä
0x00000090   10 EB 00 CB C6 06 95 01 00 E8 A0 00 EB 00 BB 00   .ë.ËÆ....è..ë.».
0x000000A0   7C 06 53 B8 01 02 B5 00 B1 05 B6 00 B2 80 CD 13   |.S¸..µ.±.¶.².Í.
0x000000B0   C6 06 94 01 01 CB B8 00 F0 8E C0 33 C0 8B F0 BB   Æ....˸.ð.À3À.ð»
0x000000C0   FF FF 26 81 3C 53 77 74 08 83 C6 01 4B 75 F3 EB   ..&.<Swt..Æ.Kuóë
0x000000D0   1A 26 81 7C 02 53 6D 74 02 EB EE 26 81 7C 04 69   .&.|.Smt.ëî&.|.i
0x000000E0   40 74 02 EB E4 83 C6 06 E8 01 00 C3 1E 57 26 8B   @t.ëä.Æ.è..Ã.W&.
0x000000F0   14 26 8A 44 03 EE 26 8B 44 07 8E D8 26 8B 44 05   .&.D.î&.D..Ø&.D.
0x00000100   8B F8 C7 05 43 58 C7 45 02 5C 00 26 8A 44 02 EE   .øÇ.CXÇE.\.&.D.î
0x00000110   B1 02 8A 65 05 80 FC FF 74 13 80 FC 80 76 0E C7   ±..e..ü.t..ü.v.Ç
0x00000120   45 02 5D 00 80 EC 80 88 65 05 EE B1 01 26 8B 14   E.]..ì..e.î±.&..
0x00000130   26 8A 44 04 EE 5F 1F 88 0E 97 01 C3 BB 00 06 B8   &.D.î_.....û..¸
0x00000140   01 03 B5 00 B1 01 B6 00 B2 80 CD 13 C3 AC 3C 00   ..µ.±.¶.².Í.ì<.
0x00000150   74 0A B4 0E B7 00 B3 07 CD 10 EB F1 C3 4D 69 73   t.´.·.³.Í.ëñÃMis
0x00000160   73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73   sing operating s
0x00000170   79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 00   ystem...........
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   46 44 53 54 00 00 3E 02 00 27 00 00 BC 0A 8D 7E   FDST..>..'..¼..~
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 7D 66 49 CD 92 23 80 20   em...c{.}fIÍ.#.
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 00 80 52 00 FE   ...þ...(.....R.þ
0x000001E0   FF FF 0F FE FF FF 00 28 83 52 00 60 32 1F 00 FE   ...þ...(.R.`2..þ
0x000001F0   FF FF 27 FE FF FF 00 88 B5 71 00 D8 BA 02 55 AA   ..'þ....µq.غ.Uª


#6
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em Imagem Postada.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe Imagem Postada e salve no desktop.

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo JRT.exe, depois clique em Imagem Postada.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#7
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Ciro, fiz exatamente como você pediu, inclusive desabilitando o Avast, mas o Malware Bytes continua travando o note, do mesmo jeito que eu relatei lá em cima...
Bom, o log do AdwCleaner é esse:




# AdwCleaner v2.200 - Relatório criado em 15/04/2013 às 18:12:23
# Atualizado em 02/04/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Jean - JEAN-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Jean\Desktop\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Pasta Removido : C:\Program Files (x86)\Protected Search
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search
Pasta Removido : C:\Users\Jean\AppData\LocalLow\simplytech
Pasta Removido : C:\Users\Jean\AppData\Roaming\simplytech

***** [Registro] *****

Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\ProtectedSearch
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\SOFTWARE\Classes\wtb.Band
Chave Removida : HKLM\SOFTWARE\Classes\wtb.Band.1
Chave Removida : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Chave Removida : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Chave Removida : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Chave Removida : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Chave Removida : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Chave Removida : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registro está limpo.

-\\ Mozilla Firefox v13.0.1 (pt-BR)

Arquivo : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\h37hpluk.default\prefs.js

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [12406 octets] - [15/04/2013 18:12:23]

########## EOF - C:\AdwCleaner[S1].txt - [12467 octets] ##########





E o log do JRT é o seguinte:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Professional x64
Ran by Jean on 15/04/2013 at 18:21:08,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\tasks\driverscanner.job"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{61B67670-EFEB-4869-A18F-AC0A79A187D9}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{7228140A-3E77-4FEB-B75C-FCFAC9CCDAE2}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{80E8273A-C3F4-4772-9093-FB3B5D567BE1}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{D5DBA4C7-7707-4E33-BCAE-EBC860E65CEF}



~~~ FireFox

Emptied folder: C:\Users\Jean\AppData\Roaming\mozilla\firefox\profiles\h37hpluk.default\minidumps [33 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/04/2013 at 19:09:54,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aí vai também um log fresquinho do Hijack This:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:01, on 15/04/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Jean\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: HomeTab - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: HomeTab - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: (no name) - {b89c9471-7756-4406-b7bb-b6915e8e55dd} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2011/07/28 20:02:17 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Baidu PC Faster Service 1.18.0.22 (PCFasterSvc_{PCFaster_1.18.0.22}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\1.18.0.22\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11065 bytes

#8
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

Tente a verificação com a MalwareBytes em Modo de Segurança.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#9
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Ciro, consegui rodar o Malware Bytes no modo de segurança!!! Mas tentei escanear com o Avast e o Advanced System Care e os dois continuam travando, mesmo no modo de segurança... Outra coisa, tá aparecendo uma janelinha toda vez que eu inicio o note, dizendo alguma coisa tipo "há um programa que necessita de sua autorização para exibir uma mensagem"... Isso não acontecia antes. Bom, lá vai o log do Malware Bytes:





Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2013.04.14.03

Windows 7 Service Pack 1 x64 NTFS (Modo Seguro)
Internet Explorer 9.0.8112.16421
Jean :: JEAN-PC [administrador]

16/04/2013 01:26:04
mbam-log-2013-04-16 (01-26-04).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 231334
Tempo decorrido: 31 minuto(s), 50 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

#10
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
netsvcs
%systemroot%\system32\drivers\*.* /90
%systemdrive%\drivers\*.exe
%SYSTEMDRIVE%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.* /s
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
/md5start
services.*
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#11
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Fala, Ciro! Fiz como você pediu. Os logs ficaram bem extensos, então, em vez de colar, anexei os dois arquivos .txt. Aí estão eles:

Arquivo(s) anexado(s)



#12
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

1)

Faça o download do SystemLook.exe e salve no seu desktop.
http://images.malwar.../SystemLook.exe

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo SystemLook.exe, depois clique em Imagem Postada.

Clique duas vezes no SystemLook.exe. Selecione, copie e cole o que está dentro do Quote na caixa de texto da ferramenta.

:dir
C:\windows\SysWow64\SysInfo


Clique no botão Look e ao fim do exame um log se abrirá. Ele é salvo como SystemLook.txt no desktop.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

2)

Selecione e copie o texto dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
FF - prefs.js..extensions.enabledAddons: sqlmoz@facebook.com:3.2
[2013/04/10 13:19:32 | 000,000,000 | ---D | M] (HomeTab) -- C:\Users\Jean\AppData\Roaming\mozilla\Firefox\Profiles\h37hpluk.default\extensions\{883725bd-59a5-4533-b9c0-cee194067349}
[2013/04/14 12:49:24 | 000,045,885 | ---- | M] () (No name found) -- C:\Users\Jean\AppData\Roaming\mozilla\firefox\profiles\h37hpluk.default\extensions\sqlmoz@facebook.com.xpi
O2 - BHO: (HomeTab) - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (HomeTab) - {88a0fea2-5b93-4a13-bd60-054d1d796545} - C:\Users\Jean\AppData\Roaming\HomeTab\HomeTab.dll (Simplytech Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: []  File not found
[2013/04/10 13:19:30 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\HomeTab
[2013/04/10 13:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HomeTab
[2013/04/09 17:20:15 | 000,034,174 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\1.crx

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo log do Hijackthis.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#13
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Fala, Ciro! Segue abaixo o log do System Look. Os outros dois que você pediu estão anexos:




SystemLook 30.07.11 by jpshortstuff
Log created at 00:08 on 18/04/2013 by Jean
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\windows\SysWow64\SysInfo - Parameters: "(none)"

---Files---
SysInfo.log --a---- 410 bytes [13:34 21/01/2013] [13:34 21/01/2013]

---Folders---
None found.

-= EOF =-

Arquivo(s) anexado(s)



#14
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

Os problemas com o Facebook persistem?

----------

Desative temporiariamente seu AntiVirus
  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site AQUI
  • Faça o scan de acordo com a imagem abaixo:

    Imagem Postada
  • Ao final da verificação clique em List of found threats, clique em Export to text file... e marque a caixa "Delete Quarantined files", clique em [FINISH]
    Será gerado um relatório, que estará em:
C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

Poste esse log.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#15
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Olá, Ciro! Cara, aparentemente o facebook não está mais mandando adware... Vou ficar de olho. Tentei fazer o scan com o ESET, como você pediu, mas, dpois de uns 40 minutos escaneando travou tudo, que nem acontece com o Avast e o Advanced System Care...

#16
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Fui tentar fazer uma desfragmentação do disco, e nem isso consegui... Travou também. Que saco!!! Será que isso não pe vírus, mas algum problema de configuração ou hardware???

Ah, o facebook tá limpo!

#17
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts
Mais uma: foi criado na minha área de trabalho um arquivo de bloco de notas desktop.ini, em que tá escrito isso aqui:



[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

#18
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts
jemafase,

Especifique o "travar", o PC todo congela e você precisa desligá-lo ou só o aplicativo que está em uso?

Mais uma: foi criado na minha área de trabalho um arquivo de bloco de notas desktop.ini, em que tá escrito isso aqui:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183


Instale isto, deverá resolver:

http://go.microsoft....?linkid=9767717
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#19
jemafase

jemafase

    Novato

  • Novato
  • Pip
  • 16 posts

Por "travar", entenda travar o computador todo, do tipo eu só conseguir desligá-lo tirando a bateria (é um note).

Quanto ao programa que você recomendou pra eu baixar, estou recebendo a seguinte mensagem:

"Esse fix it não se aplica ao seu sistema operacional ou à versão de seu aplicativo".



#20
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 56.970 posts

jemafase,

 

Por "travar", entenda travar o computador todo, do tipo eu só conseguir desligá-lo tirando a bateria (é um note).

 

Sugiro que verifique possíveis problemas com hardware.

 

 

Quanto ao programa que você recomendou pra eu baixar, estou recebendo a seguinte mensagem:

"Esse fix it não se aplica ao seu sistema operacional ou à versão de seu aplicativo".

 

 

Siga as instruções para o Desejo corrigir sozinho - Método 1:

 

http://support.micro...kb/330132/pt-br


** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota