Ir para conteúdo

Foto

Chrome - abrindo propagandas quando se clica em links


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
25 respostas neste tópico

#1
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
Olá pessoal,

acabei de fazer um recovery no meu notebook e td estava bem até eu começar a instalar alguns programas. Acredito q foi durante a instalação de um desses programas e o mau se instalou em minha máquina.

Ocorre que quando eu clico nos links aparece uma janela popup com propagandas.

Como vcs poderiam me ajudar?

Um grande abraço ;)

Franchico

#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts
Franchico,

Por favor, observe o seguinte:
  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Imagem Postada (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP
Peço que leia as instruções para usar a área Remoção de Vírus:
http://www.linhadefe...mocao-de-virus/

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta colocando o log do HijackThis, MbrScan e FSS de acordo com as instruções presentes na página que lhe passei acima.

Qualquer dúvida é só perguntar

#3
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
Segue o que foi pedido.

Obrigado pela ajuda. :)

Arquivo(s) anexado(s)



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts
Boa tarde franchico,

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em Imagem Postada.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe Imagem Postada e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione Imagem Postada

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

#5
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
Lembrando que não consigo usar o site do banco pq o diz que o computador está em risco.
Segue os resultados das ferramentas.

# AdwCleaner v2.200 - Relatório criado em 17/04/2013 às 17:34:00
# Atualizado em 02/04/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium (64 bits)
# Usuário : Pedro - PEDRO-VAIO
# Modo de Boot : Normal
# Executado de : C:\Users\Pedro\Desktop\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Pasta Removido : C:\Program Files (x86)\Babylon
Pasta Removido : C:\Program Files\Babylon
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Pasta Removido : C:\ProgramData\Partner
Pasta Removido : C:\ProgramData\Tarma Installer
Pasta Removido : C:\Users\Pedro\AppData\Local\Babylon
Pasta Removido : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Pasta Removido : C:\Users\Pedro\AppData\Local\Temp\Babylon
Pasta Removido : C:\Users\Pedro\AppData\Roaming\Babylon
Pasta Removido : C:\Users\Pedro\AppData\Roaming\DealPly

***** [Registro] *****

Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\Babylon
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\Babylonhelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Chave Removida : HKLM\SOFTWARE\Classes\BabyDict
Chave Removida : HKLM\SOFTWARE\Classes\BabyGloss
Chave Removida : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Chave Removida : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Chave Removida : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Chave Removida : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Chave Removida : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Chave Removida : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Chave Removida : HKLM\SOFTWARE\Classes\BabyOptFile
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Chave Removida : HKLM\Software\PIP
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Chave Removida : HKLM\SOFTWARE\Tarma Installer
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registro está limpo.

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [5979 octets] - [17/04/2013 17:34:00]

########## EOF - C:\AdwCleaner[S1].txt - [6039 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.4 (04.16.2013:1)
OS: Windows 7 Home Premium x64
Ran by Pedro on 17/04/2013 at 17:44:33,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin



~~~ Files

Successfully deleted: [File] "C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"
Successfully deleted: [File] C:\Windows\prefetch\BABYLonhelpER64.EXE-F6F2FFA0.pf
Successfully deleted: [File] C:\Windows\prefetch\BABYLONTC.EXE-9AD1F6DB.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/04/2013 at 17:54:24,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2013.04.17.12

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Pedro :: PEDRO-VAIO [administrador]

Proteção: Permitir

17/04/2013 18:19:05
mbam-log-2013-04-17 (18-19-05).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 208434
Tempo decorrido: 4 minuto(s), 49 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)

#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts
Ok,

Faça o download do BankerFix:
http://www.linhadefe...rg/dl/bankerfix

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em Imagem Postada Executar como administrador


Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do bankerfix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

#7
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
BankerFix 3.5 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefe....org/bankerfix/
-------------------------------------------------------
Data: 2013-04-18 - 15:18
-------------------------------------------------------
Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6
=======================================================



----- Fim -------------------------

#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts
Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em Imagem Postada
.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start
services.*
/md5stop


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

#9
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
Estou enviando os dois arquivos anexados pq o site informava que minha resposta estava muito grande e que eu teria que diminuir.

Arquivo(s) anexado(s)



#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts
Olá,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Program Files (x86)\FindLyrics\FF\ [2013/04/13 11:18:07 | 000,000,000 | ---D | M]
CHR - Extension: FindLyrics = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.110_0\
O2 - BHO: (FindLyrics) - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files (x86)\FindLyrics\FindLyrics.dll (FindLyrics)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Hoolapp Android] "C:\Users\Pedro\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
[2013/04/13 17:10:59 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\PSafe
[2013/04/13 17:10:58 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\PSafe
[2013/04/13 11:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics
[2013/04/18 15:10:44 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\FindLyrics Update.job
[2013/04/13 11:18:26 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPly
[2013/04/13 11:18:08 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\FindLyrics Update

:Files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.

#11
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co deleted successfully.
C:\Program Files (x86)\FindLyrics\FF\chrome\content folder moved successfully.
C:\Program Files (x86)\FindLyrics\FF\chrome folder moved successfully.
C:\Program Files (x86)\FindLyrics\FF folder moved successfully.
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.110_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\ deleted successfully.
C:\Program Files (x86)\FindLyrics\FindLyrics.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android deleted successfully.
C:\Users\Pedro\AppData\Local\PSafe folder moved successfully.
C:\Users\Pedro\AppData\Roaming\PSafe folder moved successfully.
C:\Program Files (x86)\FindLyrics folder moved successfully.
C:\Windows\Tasks\FindLyrics Update.job moved successfully.
C:\Windows\SysNative\Tasks\DealPly moved successfully.
C:\Windows\SysNative\Tasks\FindLyrics Update moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡ao de IP do Windows
Libera‡ao do Cache do DNS Resolver bem-sucedida.
C:\Users\Pedro\Desktop\cmd.bat deleted successfully.
C:\Users\Pedro\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Pedro
->Temp folder emptied: 831660344 bytes
->Temporary Internet Files folder emptied: 4529787 bytes
->Java cache emptied: 521971 bytes
->FireFox cache emptied: 2182701 bytes
->Google Chrome cache emptied: 89032213 bytes
->Flash cache emptied: 2284 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2682386639 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42290998 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.483,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04202013_005015
 
Files\Folders moved on Reboot...
C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Arquivo(s) anexado(s)



#12
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts

Tentei acessar o banco hj e:

- Continua aparecendo a primeira msg quando acesso o banco;

- depois de executado o jmid aparece a segund msg. 

 

 

:(

Arquivo(s) anexado(s)

  • Arquivo anexado  bb.png   48,16K   2 Downloads


#13
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts

Ok,

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://www.bleepingc...nload/combofix/

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.


#14
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
ComboFix 13-04-20.02 - Pedro 21/04/2013   9:08.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1046.18.4063.2663 [GMT -4:00]
Running from: c:\users\Pedro\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected 
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll 
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-21 to 2013-04-21  )))))))))))))))))))))))))))))))
.
.
2013-04-21 13:17 . 2013-04-21 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-21 00:32 . 2013-04-21 00:32 -------- d-----w- c:\program files\Tracker Software
2013-04-20 22:49 . 2013-04-20 22:49 -------- d-----w- c:\windows\LastGood.Tmp
2013-04-20 04:50 . 2013-04-20 04:50 -------- d-----w- C:\_OTL
2013-04-20 01:39 . 2010-03-03 23:51 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2013-04-19 23:32 . 2013-04-19 23:32 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2013-04-19 23:32 . 2013-04-19 23:49 -------- d-----w- c:\programdata\iolo
2013-04-19 23:32 . 2012-08-17 21:25 69000 ----a-w- c:\windows\system32\offreg.dll
2013-04-19 23:32 . 2012-08-17 21:25 21176 ----a-w- c:\windows\system32\iolorgdf64.exe
2013-04-19 23:32 . 2013-04-19 23:32 -------- d-----w- c:\programdata\McAfee
2013-04-19 22:16 . 2013-02-04 10:30 192800 ----a-w- c:\windows\system32\nvservice.exe
2013-04-19 22:06 . 2013-04-19 22:06 -------- d-----w- c:\program files (x86)\Atheros
2013-04-19 22:06 . 2009-10-05 12:34 1542656 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-04-19 22:06 . 2009-10-05 12:34 1542656 ----a-w- c:\windows\system32\athrx.sys
2013-04-19 22:06 . 2013-04-19 22:06 -------- d-----w- c:\programdata\Atheros
2013-04-19 16:53 . 2013-04-19 16:53 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-19 14:29 . 2013-04-19 22:23 -------- d-----w- C:\Update
2013-04-19 05:39 . 2013-04-19 16:54 -------- d-----w- c:\program files\NVIDIA Corporation
2013-04-19 05:33 . 2013-04-19 05:38 -------- d-----w- C:\Downloads
2013-04-18 19:16 . 2013-04-18 19:19 -------- d-----w- C:\LinhaDefensiva
2013-04-18 17:32 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-18 17:32 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-18 17:32 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-18 17:32 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-18 17:32 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-18 17:30 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-18 17:30 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-18 17:15 . 2013-04-18 17:15 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-04-18 16:16 . 2013-04-18 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-18 16:16 . 2013-04-18 16:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 16:16 . 2013-04-18 16:16 -------- d-----w- c:\program files (x86)\Java
2013-04-18 11:54 . 2013-04-18 11:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-18 11:52 . 2013-04-18 11:52 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-18 10:30 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-04-18 10:28 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-18 06:23 . 2013-04-18 06:23 -------- d-----w- c:\windows\system32\SPReview
2013-04-18 06:21 . 2013-04-18 06:21 -------- d-----w- c:\windows\system32\EventProviders
2013-04-18 06:18 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-04-18 06:18 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-04-18 06:16 . 2010-11-20 13:26 2067456 ----a-w- c:\windows\system32\d3d9.dll
2013-04-18 06:15 . 2010-11-20 13:27 1389056 ----a-w- c:\windows\system32\pla.dll
2013-04-18 06:14 . 2010-11-20 13:27 403968 ----a-w- c:\windows\system32\untfs.dll
2013-04-18 06:13 . 2010-11-20 13:26 623104 ----a-w- c:\windows\system32\FXSAPI.dll
2013-04-18 06:12 . 2010-11-20 13:02 7168 ----a-w- c:\windows\system32\KBDINHIN.DLL
2013-04-18 06:12 . 2010-11-20 13:14 7680 ----a-w- c:\windows\system32\spwizres.dll
2013-04-18 06:12 . 2010-11-20 13:13 69120 ----a-w- c:\windows\system32\nlsbres.dll
2013-04-18 06:12 . 2010-11-20 13:12 35328 ----a-w- c:\windows\system32\pifmgr.dll
2013-04-18 06:12 . 2010-11-20 12:54 52736 ----a-w- c:\windows\system32\BlbEvents.dll
2013-04-18 06:12 . 2010-11-20 12:07 7680 ----a-w- c:\windows\SysWow64\spwizres.dll
2013-04-18 06:12 . 2010-11-20 12:06 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2013-04-18 06:12 . 2010-11-20 12:05 35328 ----a-w- c:\windows\SysWow64\pifmgr.dll
2013-04-18 06:10 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2013-04-18 06:10 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2013-04-18 06:10 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-04-18 06:10 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-04-18 06:10 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-04-18 06:10 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-04-18 06:06 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-04-18 06:06 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-04-18 06:06 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-04-17 22:29 . 2013-04-17 22:29 -------- d-----w- c:\windows\Sun
2013-04-17 22:16 . 2013-04-17 22:16 -------- d-----w- c:\programdata\Malwarebytes
2013-04-17 21:44 . 2013-04-17 21:44 -------- d-----w- c:\windows\ERUNT
2013-04-17 21:44 . 2013-04-17 21:44 -------- d-----w- C:\JRT
2013-04-17 16:13 . 2013-04-01 23:58 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-17 16:12 . 2013-04-18 12:15 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-17 16:12 . 2013-04-18 12:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-16 19:41 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B375792A-C94D-4EB6-BA41-50C53674D279}\mpengine.dll
2013-04-16 04:12 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-04-16 04:12 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-04-16 04:12 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-04-16 04:12 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-04-16 04:12 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-04-16 04:12 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-04-16 04:12 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-04-16 04:12 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-04-16 04:12 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-04-16 04:12 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-04-16 04:12 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-04-16 02:19 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-04-16 02:19 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-04-16 02:19 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2013-04-16 02:18 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-04-16 02:18 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-04-16 02:18 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-04-16 02:18 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-04-16 02:18 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-04-16 02:18 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-04-16 02:18 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-04-15 13:38 . 2013-04-15 13:38 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-04-15 12:14 . 2013-04-15 12:14 -------- d-----w- c:\windows\SysWow64\Wat
2013-04-15 12:14 . 2013-04-15 12:14 -------- d-----w- c:\windows\system32\Wat
2013-04-15 02:53 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-04-15 02:53 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-04-15 02:53 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-04-15 02:04 . 2013-04-15 02:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-15 01:38 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-04-15 01:38 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-04-15 01:38 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-04-15 01:38 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-04-15 01:38 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-04-15 01:38 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-04-15 01:36 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-04-15 01:36 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-04-15 01:36 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-04-15 01:36 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-04-15 01:36 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-04-15 01:36 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-04-15 01:36 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-04-15 01:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-04-15 01:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-04-15 01:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-04-15 01:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-04-15 01:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-04-14 13:55 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-04-14 13:55 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2013-04-14 13:55 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-04-14 13:55 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-04-14 13:55 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2013-04-14 13:55 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2013-04-14 13:55 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-04-14 13:55 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-04-14 13:54 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2013-04-14 13:54 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2013-04-14 13:54 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-19 17:45 . 2009-08-18 21:08 1251944 ----a-w- c:\windows\RtlExUpd.dll
2013-04-19 16:52 . 2009-08-18 18:52 657512 ----a-w- c:\windows\system32\nvuhda6.exe
2013-04-18 06:39 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-04-18 06:39 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-04-13 17:27 . 2012-07-25 18:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-04-13 17:27 . 2012-06-08 15:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-04-13 17:27 . 2012-05-25 23:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-04-13 15:58 . 2013-04-13 15:58 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2013-04-13 15:58 . 2013-04-13 15:58 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2013-04-13 15:58 . 2013-04-13 15:58 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2013-04-13 15:58 . 2013-04-13 15:58 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2013-04-13 15:58 . 2013-04-13 15:58 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2013-04-13 15:58 . 2013-04-13 15:58 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2013-04-13 13:31 . 2013-04-13 13:31 2560 ----a-w- c:\windows\SysWow64\drivers\pt-BR\qwavedrv.sys.mui
2013-04-13 13:31 . 2013-04-13 13:31 2560 ----a-w- c:\windows\SysWow64\drivers\pt-BR\scfilter.sys.mui
2013-04-13 13:31 . 2013-04-13 13:31 6144 ----a-w- c:\windows\SysWow64\drivers\pt-BR\ndiscap.sys.mui
2013-04-13 13:31 . 2013-04-13 13:31 47104 ----a-w- c:\windows\SysWow64\drivers\pt-BR\tcpip.sys.mui
2013-04-13 13:31 . 2013-04-13 13:31 15360 ----a-w- c:\windows\SysWow64\drivers\pt-BR\pacer.sys.mui
2013-04-13 13:31 . 2013-04-13 13:31 30720 ----a-w- c:\windows\SysWow64\drivers\pt-BR\bfe.dll.mui
2013-02-18 13:22 . 2013-02-18 13:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 13:22 . 2013-02-18 13:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 13:22 . 2013-02-18 13:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-04-18 10:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-18 10:29 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-18 10:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-18 10:29 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-18 10:29 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-18 10:29 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-14 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-04-13 356376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-04 35104]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2013-03-26 1359408]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-15 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-13 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe [2013-02-04 192800]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-07-31 91648]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2009-07-31 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-04-13 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-04-13 29528]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 15:15 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-808768159-3502671841-3848927227-1000Core.job
- c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-14 03:49]
.
2013-04-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-808768159-3502671841-3848927227-1000UA.job
- c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-14 03:49]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 15:12]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 15:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-19 11106408]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2013-04-19 1833576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Baixar com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download selecionado pelo Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C89C4223-6035-4965-AE06-E1237A05233F}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C89C4223-6035-4965-AE06-E1237A05233F}\94641434F51444D494E4F514050313: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\nky0xfsr.default\
FF - ExtSQL: 2013-04-13 11:18; findlyrics@findlyrics.co; c:\program files (x86)\FindLyrics\FF
FF - ExtSQL: 2013-04-13 13:27; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-04-13 13:27; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-04-13 13:27; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-04-13 16:34; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe Acrobat Synchronizer - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-findlyrics@findlyrics.co - c:\program files (x86)\FindLyrics\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2013-04-21  09:29:08 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-21 13:29
.
Pre-Run: 63.912.797.184 bytes disponíveis
Post-Run: 63.577.385.472 bytes disponíveis
.
- - End Of File - - 7676C2E8ECE08F1237BB892C353A6545


#15
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts

O banco continua com o mesmo problema  :mellow:  :unsure:



#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts

  • Configure seu windows para mostrar todos os Arquivos Ocultos <-link
  • Por favor, clique neste link -> Virustotal
  • Quando a página VirusTotal terminar de carregar, clique no botão 2e19e8h.png
    Na janela para escolher o arquivo, na caixa Nome do Arquivo cole esta linha abaixo:
    c:\windows\system32\DRIVERS\kltdi.sys
    Atente para o nome correto do arquivo
  • Após ter carregado o arquivo na caixa de dialogo, clique em 25a43h1.png
  • Note, se o VirusTotal informar que esses arquivos já foram analisados, certifique-se de clicar em z4xn4.png
  • Após o término da análise, copie o link/URL e/ou o Endereço da barra de endereços do Navegador, e cole no Próximo Post.
  • Por favor, repita o processo para esses arquivos abaixo:
  • c:\windows\system32\fsquirt.exe
  • c:\windows\system32\esent.dll
  • c:\windows\system32\drivers\rdpvideominiport.sys
  • c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll



#17
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
  • Configurei meu windows 7 para exibir pastas e arquivos ocultos (Imagem);
  • Entrei no site que você me pediu -> Virustotal
  • FOI AGORA QUE ACONTECEU UMA COISA ESTRANHA
  • Cliquei no botão 2e19e8h.png e abriu normalmente a janela p a escolha do arquivo. Só que nessa janela os aquivos que você me pede para analisar permanecem ocultos (mesmo com a configuração do sistema). Consigo visualizá-los pelo explorer, mas não pela janela do site (Imagem). Tentei colar o caminho, mas também n encontra os arquivos.

Os aquivos só foram analisados depois que arrastei do explorer para a área -> sem arquivo selecionado (do virustotal).

Segue os links:

c:\windows\system32\DRIVERS\kltdi.sys

 

https://www.virustot...sis/1366591420/

 

c:\windows\system32\fsquirt.exe

https://www.virustot...sis/1366591799/

 

c:\windows\system32\drivers\rdpvideominiport.sys

https://www.virustot...sis/1366592533/

 

c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

https://www.virustot...sis/1366592067/

Arquivo(s) anexado(s)

  • Arquivo anexado  1.jpg   138,71K   1 Downloads
  • Arquivo anexado  2.jpg   112,69K   1 Downloads

Editado por franchico, 21 abril 2013 - 22:07.


#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#19
franchico

franchico

    Novato

  • Membro
  • Pip
  • 42 posts
A ferramenta da ESET encontrou 19 problemas e corrigiu todos. Mas, o problema do banco ainda persiste.
Segue abaixo os logs.
 
C:\Users\Pedro\Desktop\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\Pedro\Desktop\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\aTube_Catcher_Setup.exe multiple threats cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04202013_005015\C_Program Files (x86)\FindLyrics\FindLyrics.dll a variant of Win32/Adware.AddLyrics.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04202013_005015\C_Program Files (x86)\FindLyrics\flcsur.exe a variant of Win32/Adware.AddLyrics.B application cleaned by deleting - quarantined
D:\DESKTOP 2013\DESKTOP 2012.2\aTube_Catcher.exe multiple threats cleaned by deleting - quarantined
D:\DESKTOP 2013\PROGRAMAS\Office_2010_Pt.Br_SP1_x64.iso a variant of Win32/HackKMS.A application deleted - quarantined
D:\DESKTOP 2013\PROGRAMAS\SoftonicDownloader_para_multi-ascii-art.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
D:\PENDRIVE AZUL\ProtegPen 1.0.1\Office_2010_Pt.Br_SP1_x86.iso a variant of Win32/HackKMS.A application deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\1112059_XP-Codec-Pack_253-DW.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\drivermax-640-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\folderico-40012-rc12-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\12-04-2013\ADBPDCTS105.zip a variant of Win32/Keygen.BH application deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\12-04-2013\aTube_Catcher.exe multiple threats cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\12-04-2013\Babylon_Pro_9.0.3_R12_\Babylon Pro 9.0.3 (R12)\Babylon v9.0.3.12\Babylon v9.0.3.12.exe multiple threats deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\2.ESSENCIAIS\Babylon 9 full + crack.rar.zip a variant of Win32/Toolbar.Babylon application deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\Adobe Acrobat Pro X v10.0 Multilingual\AcrobatPro_10_Web_WWEFD.exe a variant of Win32/TrojanDownloader.VB.PMY trojan cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\Adobe Acrobat Pro X v10.0 Multilingual\Serials and Activation.rar multiple threats deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\DESKTOP 2013 - 12-04-2013\lamegen.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
 

___________________________________________________________________________________________________________

___________________________________________________________________________________________________________

___________________________________________________________________________________________________________

 

Logfile of HijackThis v1.99.1

Scan saved at 17:59:44, on 22/04/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Users\Pedro\Desktop\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Global Startup: Sony MSS.lnk = C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C89C4223-6035-4965-AE06-E1237A05233F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" -r (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: McAfee Security Scan Component Host Service for Sony (McComponentHostServiceSony) - McAfee, Inc. - C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA GuardService (nvservice) - Unknown owner - C:\Windows\system32\nvservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Unknown owner - C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=10000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 & Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)


#20
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.916 posts

Ok,

Baixe 2mfgk11.png e salve no desktop.

Dê um duplo clique para executar o SecurityCheck by screen317.

Na janela que abrirá pressione qualquer tecla para continuar. Aguarde enquanto a ferramenta faz o exame.

Ao final, abrirá um log, o checkup.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.