franchico

Chrome - abrindo propagandas quando se clica em links

26 posts in this topic

Olá pessoal,

acabei de fazer um recovery no meu notebook e td estava bem até eu começar a instalar alguns programas. Acredito q foi durante a instalação de um desses programas e o mau se instalou em minha máquina.

Ocorre que quando eu clico nos links aparece uma janela popup com propagandas.

Como vcs poderiam me ajudar?

Um grande abraço ;)

Franchico

Share this post


Link to post
Share on other sites

Franchico,

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Peço que leia as instruções para usar a área Remoção de Vírus:

http://www.linhadefe...mocao-de-virus/

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta colocando o log do HijackThis, MbrScan e FSS de acordo com as instruções presentes na página que lhe passei acima.

Qualquer dúvida é só perguntar

Share this post


Link to post
Share on other sites

Boa tarde franchico,

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.

http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)

http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  1. Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  2. Se houver atualizações a serem feitas, serão baixadas e instaladas.
  3. Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  4. Começará então o exame. Aguarde, pois pode demorar.
  5. Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  6. Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  7. Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  8. O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  9. Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

http://linhadefensiv...showtopic=75554

Share this post


Link to post
Share on other sites

Lembrando que não consigo usar o site do banco pq o diz que o computador está em risco.

Segue os resultados das ferramentas.

# AdwCleaner v2.200 - Relatório criado em 17/04/2013 às 17:34:00

# Atualizado em 02/04/2013 por Xplode

# Sistema Operacional : Windows 7 Home Premium (64 bits)

# Usuário : Pedro - PEDRO-VAIO

# Modo de Boot : Normal

# Executado de : C:\Users\Pedro\Desktop\adwcleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Pasta Removido : C:\Program Files (x86)\Babylon

Pasta Removido : C:\Program Files\Babylon

Pasta Removido : C:\ProgramData\Babylon

Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon

Pasta Removido : C:\ProgramData\Partner

Pasta Removido : C:\ProgramData\Tarma Installer

Pasta Removido : C:\Users\Pedro\AppData\Local\Babylon

Pasta Removido : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Pasta Removido : C:\Users\Pedro\AppData\Local\Temp\Babylon

Pasta Removido : C:\Users\Pedro\AppData\Roaming\Babylon

Pasta Removido : C:\Users\Pedro\AppData\Roaming\DealPly

***** [Registro] *****

Chave Removida : HKCU\Software\APN PIP

Chave Removida : HKCU\Software\Babylon

Chave Removida : HKCU\Software\InstallCore

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Chave Removida : HKLM\Software\Babylon

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\Babylonhelper.EXE

Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE

Chave Removida : HKLM\SOFTWARE\Classes\BabyDict

Chave Removida : HKLM\SOFTWARE\Classes\BabyGloss

Chave Removida : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho

Chave Removida : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1

Chave Removida : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin

Chave Removida : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1

Chave Removida : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication

Chave Removida : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1

Chave Removida : HKLM\SOFTWARE\Classes\BabyOptFile

Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe

Chave Removida : HKLM\Software\PIP

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}

Chave Removida : HKLM\SOFTWARE\Tarma Installer

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [babylon Client]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registro está limpo.

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [5979 octets] - [17/04/2013 17:34:00]

########## EOF - C:\AdwCleaner[s1].txt - [6039 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.4 (04.16.2013:1)

OS: Windows 7 Home Premium x64

Ran by Pedro on 17/04/2013 at 17:44:33,25

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin

~~~ Files

Successfully deleted: [File] "C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"

Successfully deleted: [File] C:\Windows\prefetch\BABYLonhelpER64.EXE-F6F2FFA0.pf

Successfully deleted: [File] C:\Windows\prefetch\BABYLONTC.EXE-9AD1F6DB.pf

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/04/2013 at 17:54:24,56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.04.17.12

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Pedro :: PEDRO-VAIO [administrador]

Proteção: Permitir

17/04/2013 18:19:05

mbam-log-2013-04-17 (18-19-05).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 208434

Tempo decorrido: 4 minuto(s), 49 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Share this post


Link to post
Share on other sites

Ok,

Faça o download do BankerFix:

http://www.linhadefe...rg/dl/bankerfix

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em UAC_icon.png Executar como administrador

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do bankerfix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Share this post


Link to post
Share on other sites

BankerFix 3.5 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2013-04-18 - 15:18

-------------------------------------------------------

Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6

=======================================================

----- Fim -------------------------

Share this post


Link to post
Share on other sites

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:

http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png .

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%(x86)\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

%appdata%\*.*

%programdata%\*.*

%programdata%\*.exe /s

%programdata%\*.dll /s

%PROGRAMFILES%\Internet Explorer\*.*

C:\windows\system32\Tasks\*.* /64

%windir%\tasks\*.*

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

/md5start

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Share this post


Link to post
Share on other sites

Olá,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Program Files (x86)\FindLyrics\FF\ [2013/04/13 11:18:07 | 000,000,000 | ---D | M]
CHR - Extension: FindLyrics = C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.110_0\
O2 - BHO: (FindLyrics) - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files (x86)\FindLyrics\FindLyrics.dll (FindLyrics)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [Hoolapp Android] "C:\Users\Pedro\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found
[2013/04/13 17:10:59 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Local\PSafe
[2013/04/13 17:10:58 | 000,000,000 | ---D | C] -- C:\Users\Pedro\AppData\Roaming\PSafe
[2013/04/13 11:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics
[2013/04/18 15:10:44 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\FindLyrics Update.job
[2013/04/13 11:18:26 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPly
[2013/04/13 11:18:08 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\FindLyrics Update

:Files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.

Share this post


Link to post
Share on other sites
All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co deleted successfully.

C:\Program Files (x86)\FindLyrics\FF\chrome\content folder moved successfully.

C:\Program Files (x86)\FindLyrics\FF\chrome folder moved successfully.

C:\Program Files (x86)\FindLyrics\FF folder moved successfully.

C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade\1.110_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}\ deleted successfully.

C:\Program Files (x86)\FindLyrics\FindLyrics.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android deleted successfully.

C:\Users\Pedro\AppData\Local\PSafe folder moved successfully.

C:\Users\Pedro\AppData\Roaming\PSafe folder moved successfully.

C:\Program Files (x86)\FindLyrics folder moved successfully.

C:\Windows\Tasks\FindLyrics Update.job moved successfully.

C:\Windows\SysNative\Tasks\DealPly moved successfully.

C:\Windows\SysNative\Tasks\FindLyrics Update moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Configura‡ao de IP do Windows

Libera‡ao do Cache do DNS Resolver bem-sucedida.

C:\Users\Pedro\Desktop\cmd.bat deleted successfully.

C:\Users\Pedro\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Pedro

->Temp folder emptied: 831660344 bytes

->Temporary Internet Files folder emptied: 4529787 bytes

->Java cache emptied: 521971 bytes

->FireFox cache emptied: 2182701 bytes

->Google Chrome cache emptied: 89032213 bytes

->Flash cache emptied: 2284 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2682386639 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42290998 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 3.483,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 04202013_005015

 

Files\Folders moved on Reboot...

C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

hijackthis.log

Share this post


Link to post
Share on other sites

Tentei acessar o banco hj e:

- Continua aparecendo a primeira msg quando acesso o banco;

- depois de executado o jmid aparece a segund msg. 

 

 

:(

post-39182-0-05734800-1366475542_thumb.p

Share this post


Link to post
Share on other sites

Ok,

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://www.bleepingc...nload/combofix/

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Share this post


Link to post
Share on other sites
ComboFix 13-04-20.02 - Pedro 21/04/2013   9:08.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1046.18.4063.2663 [GMT -4:00]

Running from: c:\users\Pedro\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected 

Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll 

.

.

(((((((((((((((((((((((((   Files Created from 2013-03-21 to 2013-04-21  )))))))))))))))))))))))))))))))

.

.

2013-04-21 13:17 . 2013-04-21 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-21 00:32 . 2013-04-21 00:32 -------- d-----w- c:\program files\Tracker Software

2013-04-20 22:49 . 2013-04-20 22:49 -------- d-----w- c:\windows\LastGood.Tmp

2013-04-20 04:50 . 2013-04-20 04:50 -------- d-----w- C:\_OTL

2013-04-20 01:39 . 2010-03-03 23:51 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys

2013-04-19 23:32 . 2013-04-19 23:32 74703 ----a-w- c:\windows\SysWow64\mfc45.dll

2013-04-19 23:32 . 2013-04-19 23:49 -------- d-----w- c:\programdata\iolo

2013-04-19 23:32 . 2012-08-17 21:25 69000 ----a-w- c:\windows\system32\offreg.dll

2013-04-19 23:32 . 2012-08-17 21:25 21176 ----a-w- c:\windows\system32\iolorgdf64.exe

2013-04-19 23:32 . 2013-04-19 23:32 -------- d-----w- c:\programdata\McAfee

2013-04-19 22:16 . 2013-02-04 10:30 192800 ----a-w- c:\windows\system32\nvservice.exe

2013-04-19 22:06 . 2013-04-19 22:06 -------- d-----w- c:\program files (x86)\Atheros

2013-04-19 22:06 . 2009-10-05 12:34 1542656 ----a-w- c:\windows\system32\drivers\athrx.sys

2013-04-19 22:06 . 2009-10-05 12:34 1542656 ----a-w- c:\windows\system32\athrx.sys

2013-04-19 22:06 . 2013-04-19 22:06 -------- d-----w- c:\programdata\Atheros

2013-04-19 16:53 . 2013-04-19 16:53 -------- d-----w- c:\programdata\NVIDIA Corporation

2013-04-19 14:29 . 2013-04-19 22:23 -------- d-----w- C:\Update

2013-04-19 05:39 . 2013-04-19 16:54 -------- d-----w- c:\program files\NVIDIA Corporation

2013-04-19 05:33 . 2013-04-19 05:38 -------- d-----w- C:\Downloads

2013-04-18 19:16 . 2013-04-18 19:19 -------- d-----w- C:\LinhaDefensiva

2013-04-18 17:32 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2013-04-18 17:32 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2013-04-18 17:32 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2013-04-18 17:32 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2013-04-18 17:32 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2013-04-18 17:30 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2013-04-18 17:30 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2013-04-18 17:15 . 2013-04-18 17:15 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-04-18 16:16 . 2013-04-18 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-04-18 16:16 . 2013-04-18 16:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-18 16:16 . 2013-04-18 16:16 -------- d-----w- c:\program files (x86)\Java

2013-04-18 11:54 . 2013-04-18 11:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-18 11:52 . 2013-04-18 11:52 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-18 10:30 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2013-04-18 10:28 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-04-18 06:23 . 2013-04-18 06:23 -------- d-----w- c:\windows\system32\SPReview

2013-04-18 06:21 . 2013-04-18 06:21 -------- d-----w- c:\windows\system32\EventProviders

2013-04-18 06:18 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2013-04-18 06:18 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2013-04-18 06:16 . 2010-11-20 13:26 2067456 ----a-w- c:\windows\system32\d3d9.dll

2013-04-18 06:15 . 2010-11-20 13:27 1389056 ----a-w- c:\windows\system32\pla.dll

2013-04-18 06:14 . 2010-11-20 13:27 403968 ----a-w- c:\windows\system32\untfs.dll

2013-04-18 06:13 . 2010-11-20 13:26 623104 ----a-w- c:\windows\system32\FXSAPI.dll

2013-04-18 06:12 . 2010-11-20 13:02 7168 ----a-w- c:\windows\system32\KBDINHIN.DLL

2013-04-18 06:12 . 2010-11-20 13:14 7680 ----a-w- c:\windows\system32\spwizres.dll

2013-04-18 06:12 . 2010-11-20 13:13 69120 ----a-w- c:\windows\system32\nlsbres.dll

2013-04-18 06:12 . 2010-11-20 13:12 35328 ----a-w- c:\windows\system32\pifmgr.dll

2013-04-18 06:12 . 2010-11-20 12:54 52736 ----a-w- c:\windows\system32\BlbEvents.dll

2013-04-18 06:12 . 2010-11-20 12:07 7680 ----a-w- c:\windows\SysWow64\spwizres.dll

2013-04-18 06:12 . 2010-11-20 12:06 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll

2013-04-18 06:12 . 2010-11-20 12:05 35328 ----a-w- c:\windows\SysWow64\pifmgr.dll

2013-04-18 06:10 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2013-04-18 06:10 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2013-04-18 06:10 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll

2013-04-18 06:10 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2013-04-18 06:10 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll

2013-04-18 06:10 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2013-04-18 06:06 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2013-04-18 06:06 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2013-04-18 06:06 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2013-04-17 22:29 . 2013-04-17 22:29 -------- d-----w- c:\windows\Sun

2013-04-17 22:16 . 2013-04-17 22:16 -------- d-----w- c:\programdata\Malwarebytes

2013-04-17 21:44 . 2013-04-17 21:44 -------- d-----w- c:\windows\ERUNT

2013-04-17 21:44 . 2013-04-17 21:44 -------- d-----w- C:\JRT

2013-04-17 16:13 . 2013-04-01 23:58 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-17 16:12 . 2013-04-18 12:15 -------- d-----w- c:\program files\Microsoft Silverlight

2013-04-17 16:12 . 2013-04-18 12:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-04-16 19:41 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B375792A-C94D-4EB6-BA41-50C53674D279}\mpengine.dll

2013-04-16 04:12 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2013-04-16 04:12 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2013-04-16 04:12 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2013-04-16 04:12 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2013-04-16 04:12 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2013-04-16 04:12 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2013-04-16 04:12 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2013-04-16 04:12 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2013-04-16 04:12 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2013-04-16 04:12 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2013-04-16 04:12 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS

2013-04-16 02:19 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2013-04-16 02:19 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2013-04-16 02:19 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe

2013-04-16 02:18 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-04-16 02:18 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-04-16 02:18 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-04-16 02:18 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-04-16 02:18 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-04-16 02:18 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-04-16 02:18 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-04-15 13:38 . 2013-04-15 13:38 -------- d-----w- c:\program files (x86)\MSXML 4.0

2013-04-15 12:14 . 2013-04-15 12:14 -------- d-----w- c:\windows\SysWow64\Wat

2013-04-15 12:14 . 2013-04-15 12:14 -------- d-----w- c:\windows\system32\Wat

2013-04-15 02:53 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-04-15 02:53 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-04-15 02:53 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-04-15 02:04 . 2013-04-15 02:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-04-15 01:38 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-04-15 01:38 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-04-15 01:38 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2013-04-15 01:38 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-04-15 01:38 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-04-15 01:38 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2013-04-15 01:36 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-04-15 01:36 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-04-15 01:36 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-04-15 01:36 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-04-15 01:36 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-04-15 01:36 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2013-04-15 01:36 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-04-15 01:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-04-15 01:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-04-15 01:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2013-04-15 01:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-04-15 01:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2013-04-14 13:55 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2013-04-14 13:55 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2013-04-14 13:55 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2013-04-14 13:55 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2013-04-14 13:55 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe

2013-04-14 13:55 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe

2013-04-14 13:55 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2013-04-14 13:55 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-04-14 13:54 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll

2013-04-14 13:54 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll

2013-04-14 13:54 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-19 17:45 . 2009-08-18 21:08 1251944 ----a-w- c:\windows\RtlExUpd.dll

2013-04-19 16:52 . 2009-08-18 18:52 657512 ----a-w- c:\windows\system32\nvuhda6.exe

2013-04-18 06:39 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2013-04-18 06:39 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2013-04-13 17:27 . 2012-07-25 18:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2013-04-13 17:27 . 2012-06-08 15:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys

2013-04-13 17:27 . 2012-05-25 23:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

2013-04-13 15:58 . 2013-04-13 15:58 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui

2013-04-13 15:58 . 2013-04-13 15:58 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui

2013-04-13 15:58 . 2013-04-13 15:58 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui

2013-04-13 15:58 . 2013-04-13 15:58 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui

2013-04-13 15:58 . 2013-04-13 15:58 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui

2013-04-13 15:58 . 2013-04-13 15:58 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui

2013-04-13 13:31 . 2013-04-13 13:31 2560 ----a-w- c:\windows\SysWow64\drivers\pt-BR\qwavedrv.sys.mui

2013-04-13 13:31 . 2013-04-13 13:31 2560 ----a-w- c:\windows\SysWow64\drivers\pt-BR\scfilter.sys.mui

2013-04-13 13:31 . 2013-04-13 13:31 6144 ----a-w- c:\windows\SysWow64\drivers\pt-BR\ndiscap.sys.mui

2013-04-13 13:31 . 2013-04-13 13:31 47104 ----a-w- c:\windows\SysWow64\drivers\pt-BR\tcpip.sys.mui

2013-04-13 13:31 . 2013-04-13 13:31 15360 ----a-w- c:\windows\SysWow64\drivers\pt-BR\pacer.sys.mui

2013-04-13 13:31 . 2013-04-13 13:31 30720 ----a-w- c:\windows\SysWow64\drivers\pt-BR\bfe.dll.mui

2013-02-18 13:22 . 2013-02-18 13:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2013-02-18 13:22 . 2013-02-18 13:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2013-02-18 13:22 . 2013-02-18 13:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2013-02-12 05:45 . 2013-04-18 10:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-04-18 10:29 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-04-18 10:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-04-18 10:29 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-04-18 10:29 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-04-18 10:29 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-14 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-04-13 356376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-04 35104]

R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]

R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]

R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2013-03-26 1359408]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-15 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-13 54104]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe [2013-02-04 192800]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-07-31 91648]

S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2009-07-31 75776]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]

S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-04-13 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-04-13 29528]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-13 15:15 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-808768159-3502671841-3848927227-1000Core.job

- c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-14 03:49]

.

2013-04-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-808768159-3502671841-3848927227-1000UA.job

- c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-14 03:49]

.

2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 15:12]

.

2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 15:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-04-19 11106408]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2013-04-19 1833576]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Baixar com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download selecionado pelo Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C89C4223-6035-4965-AE06-E1237A05233F}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{C89C4223-6035-4965-AE06-E1237A05233F}\94641434F51444D494E4F514050313: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\nky0xfsr.default\

FF - ExtSQL: 2013-04-13 11:18; findlyrics@findlyrics.co; c:\program files (x86)\FindLyrics\FF

FF - ExtSQL: 2013-04-13 13:27; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2013-04-13 13:27; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2013-04-13 13:27; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF - ExtSQL: 2013-04-13 16:34; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Adobe Acrobat Synchronizer - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-findlyrics@findlyrics.co - c:\program files (x86)\FindLyrics\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Sony\VAIO Care\listener.exe

.

**************************************************************************

.

Completion time: 2013-04-21  09:29:08 - machine was rebooted

ComboFix-quarantined-files.txt  2013-04-21 13:29

.

Pre-Run: 63.912.797.184 bytes disponíveis

Post-Run: 63.577.385.472 bytes disponíveis

.

- - End Of File - - 7676C2E8ECE08F1237BB892C353A6545

Share this post


Link to post
Share on other sites

  • Configure seu windows para mostrar todos os Arquivos Ocultos <-link
  • Por favor, clique neste link -> Virustotal
  • Quando a página VirusTotal terminar de carregar, clique no botão 2e19e8h.png
    Na janela para escolher o arquivo, na caixa Nome do Arquivo cole esta linha abaixo:
    c:\windows\system32\DRIVERS\kltdi.sys
    Atente para o nome correto do arquivo
  • Após ter carregado o arquivo na caixa de dialogo, clique em 25a43h1.png
  • Note, se o VirusTotal informar que esses arquivos já foram analisados, certifique-se de clicar em z4xn4.png
  • Após o término da análise, copie o link/URL e/ou o Endereço da barra de endereços do Navegador, e cole no Próximo Post.
  • Por favor, repita o processo para esses arquivos abaixo:
    • c:\windows\system32\fsquirt.exe
    • c:\windows\system32\esent.dll
    • c:\windows\system32\drivers\rdpvideominiport.sys
    • c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll


Share this post


Link to post
Share on other sites
  • Configurei meu windows 7 para exibir pastas e arquivos ocultos (Imagem);
  • Entrei no site que você me pediu -> Virustotal
  • FOI AGORA QUE ACONTECEU UMA COISA ESTRANHA
  • Cliquei no botão 2e19e8h.png e abriu normalmente a janela p a escolha do arquivo. Só que nessa janela os aquivos que você me pede para analisar permanecem ocultos (mesmo com a configuração do sistema). Consigo visualizá-los pelo explorer, mas não pela janela do site (Imagem). Tentei colar o caminho, mas também n encontra os arquivos.

Os aquivos só foram analisados depois que arrastei do explorer para a área -> sem arquivo selecionado (do virustotal).

Segue os links:

c:\windows\system32\DRIVERS\kltdi.sys

 

https://www.virustotal.com/pt/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1366591420/

 

c:\windows\system32\fsquirt.exe

https://www.virustotal.com/pt/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1366591799/

 

c:\windows\system32\drivers\rdpvideominiport.sys

https://www.virustotal.com/pt/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1366592533/

 

c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

https://www.virustotal.com/pt/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1366592067/

post-39182-0-67353600-1366590772_thumb.j

post-39182-0-23527500-1366590784_thumb.j

Edited by franchico

Share this post


Link to post
Share on other sites

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.

Share this post


Link to post
Share on other sites
A ferramenta da ESET encontrou 19 problemas e corrigiu todos. Mas, o problema do banco ainda persiste.
Segue abaixo os logs.
 
C:\Users\Pedro\Desktop\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\Pedro\Desktop\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\aTube_Catcher_Setup.exe multiple threats cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04202013_005015\C_Program Files (x86)\FindLyrics\FindLyrics.dll a variant of Win32/Adware.AddLyrics.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04202013_005015\C_Program Files (x86)\FindLyrics\flcsur.exe a variant of Win32/Adware.AddLyrics.B application cleaned by deleting - quarantined
D:\DESKTOP 2013\DESKTOP 2012.2\aTube_Catcher.exe multiple threats cleaned by deleting - quarantined
D:\DESKTOP 2013\PROGRAMAS\Office_2010_Pt.Br_SP1_x64.iso a variant of Win32/HackKMS.A application deleted - quarantined
D:\DESKTOP 2013\PROGRAMAS\SoftonicDownloader_para_multi-ascii-art.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
D:\PENDRIVE AZUL\ProtegPen 1.0.1\Office_2010_Pt.Br_SP1_x86.iso a variant of Win32/HackKMS.A application deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\1112059_XP-Codec-Pack_253-DW.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\drivermax-640-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\folderico-40012-rc12-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\12-04-2013\ADBPDCTS105.zip a variant of Win32/Keygen.BH application deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\12-04-2013\aTube_Catcher.exe multiple threats cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\12-04-2013\Babylon_Pro_9.0.3_R12_\Babylon Pro 9.0.3 (R12)\Babylon v9.0.3.12\Babylon v9.0.3.12.exe multiple threats deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\2.ESSENCIAIS\Babylon 9 full + crack.rar.zip a variant of Win32/Toolbar.Babylon application deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\Adobe Acrobat Pro X v10.0 Multilingual\AcrobatPro_10_Web_WWEFD.exe a variant of Win32/TrojanDownloader.VB.PMY trojan cleaned by deleting - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\Adobe Acrobat Pro X v10.0 Multilingual\Serials and Activation.rar multiple threats deleted - quarantined
D:\SOFTWARES PÓS FORMATAÇÃO\DESKTOP 2013 - 12-04-2013\lamegen.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
 

___________________________________________________________________________________________________________

___________________________________________________________________________________________________________

___________________________________________________________________________________________________________

 

Logfile of HijackThis v1.99.1

Scan saved at 17:59:44, on 22/04/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Users\Pedro\Desktop\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Global Startup: Sony MSS.lnk = C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{C89C4223-6035-4965-AE06-E1237A05233F}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" -r (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: McAfee Security Scan Component Host Service for Sony (McComponentHostServiceSony) - McAfee, Inc. - C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA GuardService (nvservice) - Unknown owner - C:\Windows\system32\nvservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Unknown owner - C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=10000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 & Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Share this post


Link to post
Share on other sites

Ok,

Baixe 2mfgk11.png e salve no desktop.

Dê um duplo clique para executar o SecurityCheck by screen317.

Na janela que abrirá pressione qualquer tecla para continuar. Aguarde enquanto a ferramenta faz o exame.

Ao final, abrirá um log, o checkup.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Share this post


Link to post
Share on other sites
 Results of screen317's Security Check version 0.99.62  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 9  

``````````````Antivirus/Firewall Check:`````````````` 

Kaspersky Anti-Virus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Out of date HijackThis  installed! 

 HijackThis 1.99.1    

 Java 7 Update 21  

 Java version out of Date! 

 Adobe Flash Player 11.7.700.169  

 Mozilla Firefox (20.0.1) 

 Google Chrome 26.0.1410.64  

 Google Chrome Plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: = 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites

Modem ZTE ZXDSL 831 Series e Roteador D-link D-600.

 

Liguei para o BB e eles me informaram que o java estava dando esse problema com algumas máquinas, mas que era normal. Pediram para eu clicar em desbloquear o aplicativo Jmid da msg que aparecia...e consegui acessar. Se der bronca na minha conta a culpa será deles (tenho o protocolo e a data da ligação). 

Share this post


Link to post
Share on other sites

Ok,

 

Sugiro que faça o reset e procure atualização para o firware do seu modem.

 

Os logs estão limpos. :)

Para finalizar:

  • Vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall

    2egd02b.png

    Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.
  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • Faça o Download do CCleaner
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.
  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u21.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.2 MB jre-7u21-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u21-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.png Worms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.