Ir para conteúdo

Foto

Malware bloqueia navegadores

malware bloqueia navegadores

Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
6 respostas neste tópico

#1
thanjona

thanjona

    Novato

  • Novato
  • Pip
  • 3 posts

Olá, gostaria da ajuda de vocês, minha namorada conectou um cartão tipo sd no meu notebook que estava infectado, apareceram diversas alertas do avast em wscript.exe  de url maliciosa espectrtop.org/a,  o computador fica conectado a internet mas quando e iniciado qualquer um dos navegadores sempre aparece "pagina não encontrada" alem disso  ele  bloqueia  o painel de controle, que para de funcionar que tento abri-lo. Já vi outros problemas semelhantes no fórum  mais sempre vi nos posts a recomendação de NÃO aplicar as ações especificadas em outro computador, e também reparei que em poucos casos os infectados ficaram com navegadores bloqueados então decidi criar esse novo tópico.Baixei os programas em outro pc,Instalei o panda vacine e vacinei um outro cartão de memoria para transferir os programas e os arquivos solicitados.  

o arquivo mbr e muito extenso por isso colei aqui, desde já grato.

 

MBRScan v1.1.1
 
OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/06/18 (ISO 8601) at 03:05:00
________________________________________________________________________________
 
DISK           : Device\Harddisk0\DR0 __WDC WD32 00BEVT-22ZCT (11.0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
 
DISK           : Device\Harddisk1\DR1 __REALSIL RTS5121LUN0 (1.00)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________
 
Device\Harddisk0\DR0 298.1 Go  [Fixed] ==> 7 MBR Code
 
MBR_MD5   : C22EC25B5A60F6908893C4B3E60AC868
MBR_SHA1  : C1EAE499C0C2A6FE4C878147BD2DA30CE3FC2DF7
 
Device\Harddisk0\Partition1 200.0 Mo   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 252.9 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition3 14.75 Go   0x12 Diagnostic 
Device\Harddisk0\Partition4 30.25 Go   0x07 NTFS / HPFS
________________________________________________________________________________
 
Device\Harddisk1\DR1 1.87 Go  [Removable] ==> Unknown MBR Code
 
MBR_MD5   : E7C4811166BAB12F5C19592CC9AF1009
MBR_SHA1  : DEA11BA95896F233E257736FDF4829DE0FB3AD67
 
Device\Harddisk1\Partition1 1.87 Go   0x06 FAT16 
________________________________________________________________________________
 
############################### Additional scan ################################
 
DRIVER  : C:\windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x037F3000
SIZE    : 292.0 Ko
 
DRIVER  : C:\windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BBE000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C5E000
SIZE    : 316.0 Ko
 
DRIVER  : C:\windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CC1000
SIZE    : 376.0 Ko
 
DRIVER  : C:\windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D1F000
SIZE    : 768.0 Ko
 
DRIVER  : C:\windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E2E000
SIZE    : 776.0 Ko
 
DRIVER  : C:\windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EF0000
SIZE    : 64.0 Ko
 
DRIVER  : C:\windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F00000
SIZE    : 348.0 Ko
 
DRIVER  : C:\windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F57000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F60000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F6A000
SIZE    : 204.0 Ko
 
DRIVER  : C:\windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00F9D000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FAA000
SIZE    : 84.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FBF000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00FC8000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FD4000
SIZE    : 84.0 Ko
 
DRIVER  : C:\windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 368.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x010B6000
SIZE    : 1.11 Mo
 
DRIVER  : C:\windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x011D2000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 304.0 Ko
 
DRIVER  : C:\windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0104C000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0123A000
SIZE    : 1.63 Mo
 
DRIVER  : C:\windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01490000
SIZE    : 376.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x014EE000
SIZE    : 108.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01509000
SIZE    : 456.0 Ko
 
DRIVER  : C:\windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x0157B000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0158C000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x016F3000
SIZE    : 968.0 Ko
 
DRIVER  : C:\windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 384.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01660000
SIZE    : 168.0 Ko
 
DRIVER  : C:\windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 2.00 Mo
 
DRIVER  : C:\windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0168A000
SIZE    : 292.0 Ko
 
DRIVER  : C:\windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01596000
SIZE    : 304.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x016D3000
SIZE    : 32.0 Ko
 
DRIVER  : C:\windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 232.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x016DB000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x017E5000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x0143A000
SIZE    : 232.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01474000
SIZE    : 88.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 192.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\aswVmm.sys => Invisible on the disk
ADDRESS : 0x01060000
SIZE    : 192.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\aswRvrt.sys => Invisible on the disk
ADDRESS : 0x015E2000
SIZE    : 76.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x03B4E000
SIZE    : 168.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x03C80000
SIZE    : 1020.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x03D7F000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03D88000
SIZE    : 28.0 Ko
 
DRIVER  : C:\windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03D8F000
SIZE    : 56.0 Ko
 
DRIVER  : C:\windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x03D9D000
SIZE    : 148.0 Ko
 
DRIVER  : C:\windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03DC2000
SIZE    : 64.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03DD2000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x03DDB000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x03DE4000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x03DED000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x03C11000
SIZE    : 136.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03C33000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x03C40000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x03B78000
SIZE    : 276.0 Ko
 
DRIVER  : C:\windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x02C87000
SIZE    : 548.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\aswrdr2.sys => Invisible on the disk
ADDRESS : 0x02D10000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x02D24000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x02D2D000
SIZE    : 152.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x02D53000
SIZE    : 88.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x02D69000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\funfrm.SYS => Invisible on the disk
ADDRESS : 0x02D78000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x02D8A000
SIZE    : 108.0 Ko
 
DRIVER  : C:\windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x02DA5000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x02C00000
SIZE    : 324.0 Ko
 
DRIVER  : C:\windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x02C51000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x02C5D000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\ElbyCDIO.sys => Invisible on the disk
ADDRESS : 0x02C68000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x02C74000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x02DB9000
SIZE    : 120.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x02DD7000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x04034000
SIZE    : 392.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x04096000
SIZE    : 152.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x048A9000
SIZE    : 7.00 Mo
 
DRIVER  : C:\windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x040BC000
SIZE    : 976.0 Ko
 
DRIVER  : C:\windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04FAA000
SIZE    : 280.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x04FF0000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04800000
SIZE    : 344.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x04856000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x04867000
SIZE    : 144.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\bcmwl664.sys => Invisible on the disk
ADDRESS : 0x050D4000
SIZE    : 2.66 Mo
 
DRIVER  : C:\windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x0537C000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\b57nd60a.sys => Invisible on the disk
ADDRESS : 0x05389000
SIZE    : 312.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\AcpiVpc.sys => Invisible on the disk
ADDRESS : 0x053D7000
SIZE    : 84.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x053EC000
SIZE    : 20.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x05000000
SIZE    : 120.0 Ko
 
DRIVER  : C:\windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0501E000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\Apfiltr.sys => Invisible on the disk
ADDRESS : 0x0502D000
SIZE    : 272.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x05071000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x05080000
SIZE    : 88.0 Ko
 
DRIVER  : C:\windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x05096000
SIZE    : 64.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\dfmirage.sys => Invisible on the disk
ADDRESS : 0x050A6000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x050B2000
SIZE    : 88.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x041B0000
SIZE    : 144.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x050C8000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE    : 188.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x0488B000
SIZE    : 108.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x041D4000
SIZE    : 132.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x03C52000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\WDMirror.sys => Invisible on the disk
ADDRESS : 0x053F1000
SIZE    : 28.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\VClone.sys => Invisible on the disk
ADDRESS : 0x02DE8000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x03BBD000
SIZE    : 188.0 Ko
 
DRIVER  : C:\windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x053F8000
SIZE    : 8.0 Ko
 
DRIVER  : C:\windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x0449B000
SIZE    : 268.0 Ko
 
DRIVER  : C:\windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x044DE000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x044F0000
SIZE    : 360.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x0454A000
SIZE    : 84.0 Ko
 
DRIVER  : C:\windows\system32\drivers\IntcHdmi.sys => Invisible on the disk
ADDRESS : 0x0455F000
SIZE    : 156.0 Ko
 
DRIVER  : C:\windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x04586000
SIZE    : 244.0 Ko
 
DRIVER  : C:\windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x045C3000
SIZE    : 136.0 Ko
 
DRIVER  : C:\windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x045E5000
SIZE    : 24.0 Ko
 
DRIVER  : C:\windows\system32\drivers\CHDRT64.sys => Invisible on the disk
ADDRESS : 0x06061000
SIZE    : 672.0 Ko
 
DRIVER  : C:\windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00040000
SIZE    : 3.09 Mo
 
DRIVER  : C:\windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x06109000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x06115000
SIZE    : 56.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x03A00000
SIZE    : 1.11 Mo
 
DRIVER  : C:\windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x06123000
SIZE    : 76.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x06136000
SIZE    : 116.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x06153000
SIZE    : 8.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\BisonC07.sys => Invisible on the disk
ADDRESS : 0x020DB000
SIZE    : 1.11 Mo
 
DRIVER  : C:\windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x02000000
SIZE    : 56.0 Ko
 
DRIVER  : C:\windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00420000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00640000
SIZE    : 156.0 Ko
 
DRIVER  : C:\windows\System32\dfmirage.dll => Invisible on the disk
ADDRESS : 0x00920000
SIZE    : 56.0 Ko
 
DRIVER  : C:\windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x0200E000
SIZE    : 140.0 Ko
 
DRIVER  : C:\windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x02031000
SIZE    : 160.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x02059000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x02064000
SIZE    : 84.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x02079000
SIZE    : 332.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x06155000
SIZE    : 76.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x06168000
SIZE    : 96.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x020CC000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x046B0000
SIZE    : 804.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x04779000
SIZE    : 120.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x04797000
SIZE    : 96.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x047AF000
SIZE    : 180.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x04600000
SIZE    : 312.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0464E000
SIZE    : 144.0 Ko
 
DRIVER  : C:\windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x06862000
SIZE    : 664.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x06908000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x06913000
SIZE    : 196.0 Ko
 
DRIVER  : C:\windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x06944000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x06956000
SIZE    : 420.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE    : 608.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\RtsUStor.sys => Invisible on the disk
ADDRESS : 0x069BF000
SIZE    : 236.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x06800000
SIZE    : 216.0 Ko
 
DRIVER  : C:\windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x06836000
SIZE    : 100.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x04672000
SIZE    : 216.0 Ko
 
DRIVER  : C:\windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47E80000
SIZE    : 128.0 Ko
 
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
 
SystemStartOptions :  NOEXECUTE=OPTIN
 
________________________________________________________________________________
 
_______MBR   \Device\Harddisk0\DR0  
 
0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 7B 11 16 FC 00 00 80 20   em...c{.{..ü... 
0x000001C0   21 00 07 9F 06 19 00 08 00 00 00 40 06 00 00 9F   !..........@....
0x000001D0   07 19 07 94 47 0E 00 48 06 00 00 8C 9C 1F 00 B4   ....G..H.......´
0x000001E0   E7 FF 0F 35 FA FF 00 DC A2 1F 00 E8 C7 03 00 FE   ç..5ú..Ü¢..èÇ..þ
0x000001F0   FF FF 12 FE FF FF 00 C4 6A 23 B0 26 D8 01 55 AA   ...þ...Äj#°&Ø.Uª
 
_______MBR   \Device\Harddisk1\DR1  
 
0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02   ................
0x000001C0   04 00 06 0A CA CA 81 00 00 00 7F AF 3B 00 00 00   ....ÊÊ.....¯;...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Arquivo(s) anexado(s)


Editado por thanjona, 18 junho 2013 - 05:46.


#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

thanjona,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

 

Desative seu antivírus, antispyware e firewall, para não causar conflitos.

Baixe o Dr.Web CureIt!

O programa será baixado automaticamente. Salve-o na sua Área de Trabalho.

  • Dê um duplo clique sobre o arquivo drweb-cureit.exe, e clique em Executar na janela de aviso de segurança.
  • O Dr.Web será iniciado no Enhanced Protection Mode (EPM). Dê o Cancel para que seja executado no modo normal.
  • Marque a caixa que permite o envio de estatísticas, e clique em Continue.
  • Clique no botão 2iqy61j.png, e clique em Portuguese.
  • Clique no botão bjbceu.jpg, e clique em Definições
  • Clique em Registro e em Especificar o nivel de registro deixe em Mínimo e clique em OK.
    23utt9v.png
  • Clique em Select objects for scanning, embaixo do botão Iniciar Exame
  • Clique em click para selecionar, marque a caixa My computer, depois clique em Ok.
  • Clique na caixa ao lado de Objetos Examinados, e em seguida em nnscja.png

O scan pode demorar, tenha paciência.



  • Se o programa pedir para reiniciar o computador durante a remoção, reinicie e aguarde para que ele termine de neutralizar as ameaças após o reboot.
  • Ao término da varredura, clique no botão 359jt09.png, caso tenham sido encontradas ameaças.
  • Clique em Open Report.
  • Será aberta uma janela do bloco de notas contendo informações. Selecione seu conteúdo, clique com o botão direito sobre a seleção e escolha Copiar. Cole o conteúdo na próxima resposta.

 

Poste também um novo log do HijackThis.



#3
thanjona

thanjona

    Novato

  • Novato
  • Pip
  • 3 posts

Segue abaixo o scan feito com DR.Web cureit e log do hijackthis:

=============================================================================
Dr.Web Scanner SE for Windows v8.2.0.05230
© Doctor Web, Ltd., 1992-2013
Scan session started 2013/06/19 20:03:38 
Module location : C:\Users\jonathan\AppData\Local\Temp\B70214D5-9916BF39-452386A4-572BA4B2\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
Change language: "Portuguese (Português)"
Available instances: 6
Instances used: 6
Platform: Windows 7 Basic x64/WOW (Build 7601), Service Pack 1
API Version: 2.2
Scanning Engine version: 8.1.0.4260
Virus Finding Engine version: 7.0.4.9250
Total 119 virus bases are loaded from C:\Users\jonathan\AppData\Local\Temp\B70214D5-9916BF39-452386A4-572BA4B2
awpipok1 7.0 1a92851efd6210a35e67111b39811c4c0e88c1cc 2013/06/19 17:30:33 1279 records - OK
qxzfisj1 7.0 215c2d42a54f5188e8159bfd122292450d16f29b 2011/07/25 11:20:03 2 records - OK
e6zobe7n 7.0 936368b33b9eafe3ae225d4325fed03c9609f754 2013/06/19 16:02:58 3136 records - OK
ccogcw1n 7.0 9aab251475626c658b193cfa2b5f91da471bf8f2 2013/06/17 00:05:57 13350 records - OK
0n5ewegx 7.0 e1f8aca88745fcdd49dc7ae75e142c41e1faf178 2013/06/10 00:08:13 26371 records - OK
cxeaeqcp 7.0 4e8627555a073f6bad5218bad3e69ebc4b93069f 2013/06/03 00:07:47 25525 records - OK
cz3fie9t 7.0 f562371c5115143824efde38c9567c34ccbe5d1a 2013/05/27 00:16:19 33200 records - OK
97yhvo7d 7.0 eccb30ec8ed44456f9b88fe96d9fe0de40e4fa51 2013/05/20 00:11:05 46384 records - OK
7743ynft 7.0 9b481fbfbe1f564a84f21552da1d30d24e7b01db 2013/05/13 00:07:01 34270 records - OK
6u47o6r2 7.0 1bf754dd720727b5d6803e081c16ff7f4ba7b40b 2013/05/06 00:08:46 41611 records - OK
kr3z0c6j 7.0 4e883c92513c2d991968fb3e4f27910a63d9a2df 2013/04/29 00:06:36 36105 records - OK
s23dpa1s 7.0 b047d178295ecde53c3cf1c34e4361004569fa33 2013/04/22 00:07:26 31319 records - OK
wdsjttvj 7.0 9207e55a924e4aa989dfde4d8d219cf5cc200ce2 2013/04/15 00:07:56 28216 records - OK
t5ok1zj5 7.0 78855cfb9fbc063889c5405a577fe73188f08789 2013/04/08 00:05:35 23589 records - OK
9opg6qd7 7.0 cec6d34c79d50608520e81b90a23d91f39df0b27 2013/04/01 00:07:37 26946 records - OK
adhf56nd 7.0 fd3c78d78ea4dae4e252a7f7d76db22e1a679be9 2013/03/25 00:05:37 34778 records - OK
nm7aegkb 7.0 268e71b1123ab5e60fd2f38d269fe5f3d22b3697 2013/03/18 00:06:19 11271 records - OK
vwbqw91o 7.0 d196879775b0dc0ee8286f2e4def9adedb5b88df 2013/03/11 00:05:36 12046 records - OK
0vwr1pek 7.0 0db61d4e3235481da8493523538ced712db362c2 2013/03/04 00:05:18 21747 records - OK
frqc1w92 7.0 65f99faf227b51883c9f1c854a3f76806b60affb 2013/02/25 00:06:28 11540 records - OK
3upax2gi 7.0 17bd7383b9c4b214c5c9029171db8ae1455984a0 2013/02/18 00:06:38 15568 records - OK
rnyo28ne 7.0 cbe8774953ae403e49370d552b522a5839aa9fdb 2013/02/11 01:06:00 18805 records - OK
8zt81v6a 7.0 fb6865c02a3680338e4ee0603579107227313b2b 2013/02/04 01:06:01 32488 records - OK
z3yw15oj 7.0 95fcd2e24cd9b2ec2610656ffa70b8bf46e86a8b 2013/01/28 01:04:52 15470 records - OK
cxgdemlj 7.0 3d710b3dd4580a7eca8c74d2c886d48f5b8b5172 2013/01/21 01:06:27 30093 records - OK
936p5f2s 7.0 bddde0b5426b7e5bebd61e1239ca529c87ae6e36 2013/01/14 01:04:41 16158 records - OK
5zkubswz 7.0 bc40bd9330301e8d7796f489d03357fb711b3121 2013/01/07 01:04:45 19597 records - OK
s23vqmtd 7.0 805b6089c867549c75f843eac96b759c3f8d101f 2012/12/31 01:05:41 18184 records - OK
xi88nd64 7.0 c12a817c1f95bb9fd8238ef0d5f68868a8d95686 2012/12/24 01:05:33 30183 records - OK
r47i918s 7.0 33def496782eb5b7b1cc93fdb036a1b62fa6a2fd 2012/12/17 01:06:21 25519 records - OK
1z020eyd 7.0 422abae03c588822f412aa9aae50578a1d61737e 2012/12/10 01:05:04 20358 records - OK
tgp320iy 7.0 a4f0d0ecad4fb6e0afdb1925f4e0b7863b9d03fa 2012/12/03 01:06:19 20133 records - OK
xj4qxhxs 7.0 86daa918ee3de1e4c1e5dea6f9b5f63544cf8814 2012/11/26 01:05:22 27311 records - OK
7uh5uasx 7.0 6556881c748e1f894eb9c7943ebae67017e1aec2 2012/11/19 01:06:09 29434 records - OK
va3fld48 7.0 559141ef34f9e6226bb58560e9b52e4cc5165150 2012/11/12 01:06:22 26900 records - OK
coblzbd1 7.0 cc55013e63ff89319ec772e34d77056c7108cd3b 2012/11/05 01:05:22 25164 records - OK
tzoiewj6 7.0 f477dc247d9b562bb64fd4f46a7dcbdf7124eb60 2012/10/29 01:06:37 30226 records - OK
t6xsa96q 7.0 abaf5f7fda7308fcf7573b193bbf2116723e9802 2012/10/22 01:04:37 16441 records - OK
bhcmde4p 7.0 5adc85528fb49e201d4bc61eca580d6839cc4a4c 2012/10/15 00:05:04 26289 records - OK
xulrntx5 7.0 da8cf3fbd81206bb3d8103347a439f920a74bbe2 2012/10/08 00:05:51 27278 records - OK
y8p23ra0 7.0 5988744d3cb357f1a013427d466e2d79ab5f8907 2012/10/01 00:05:11 17444 records - OK
ohksvq6v 7.0 d4a0dabf4a4df0f79805c6ccdc025f796765e786 2012/09/24 00:06:30 21205 records - OK
9734lnxu 7.0 82ed005784d9e258213070a0cd8bfceff345018d 2012/09/17 00:05:43 11686 records - OK
1r4tnq6l 7.0 a95ae63004b8d857c2db055f4e47c15bfc97f626 2012/09/10 00:04:34 12677 records - OK
94kkxnzv 7.0 c39bf233d25242ae9ed8cf204b9b788c8f45ab79 2012/09/03 00:05:28 10118 records - OK
l15xrfna 7.0 d37b5484b009947b7cdd3837dafe8148615401c2 2012/08/27 00:05:26 12602 records - OK
ozutmv71 7.0 41bf1347794ab7060dec7aaecc1d1d95cf6fecb5 2012/08/20 00:04:05 18298 records - OK
4956pi6q 7.0 1a997511e5892aaeb69b3db70e06676af36382e3 2012/08/13 00:05:19 17126 records - OK
ts6q2xrw 7.0 f7226c59914e3683e538e668c3b664af3232654d 2012/08/06 00:03:53 20539 records - OK
fwikih7g 7.0 4035c8d3b617bf935a317a8c57efaa8e835a61f4 2012/07/30 00:05:26 19330 records - OK
do89u763 7.0 09b55bc000f184ed426f1d8b9665669346fe5e71 2012/07/23 00:05:34 19692 records - OK
zzxpo40x 7.0 f746c097f298e94faa9db94e6f64ef9fd4a7b010 2012/07/16 00:05:43 14727 records - OK
f1etcwke 7.0 792a6a25a17e764390440cd4c2c6ca5a97ab162f 2012/07/09 00:04:33 19485 records - OK
u61d24j6 7.0 ca9905c39e3d93428a4db65a192debe9fbd7acf7 2012/07/02 00:04:55 22898 records - OK
z0fvbq02 7.0 dc29c610b866c66ba5327e7830452b2460149a35 2012/06/25 00:05:17 20551 records - OK
fb4yu796 7.0 c28739bea153508d12942ac9a61abd475d0a0404 2012/06/18 00:03:35 9661 records - OK
fxkjrjk6 7.0 e5b5835a7c512120c5348e31483a4caa2a845d28 2012/06/11 00:04:32 23632 records - OK
8x2y90o6 7.0 61853ce89026ef0ebbd80174f1b7dd5d25bbc63a 2012/06/04 00:04:41 12423 records - OK
3xvlhy10 7.0 4e6c9897e153b47ca97b7da48ceed23e555a7761 2012/05/28 00:04:26 15493 records - OK
na7iszgz 7.0 35f4c105cecd8ec1fd01714abebf30f8f3efb96e 2012/05/21 00:03:29 13065 records - OK
ueyun8k2 7.0 3522aa84677411aa7d67796bb05ea3ab62f02a71 2012/05/14 00:04:24 16238 records - OK
jhcx2b5a 7.0 7597333540eda537bd42c0a17d4a6526ad247a2e 2012/05/07 00:04:33 11570 records - OK
tbb34vf9 7.0 867814380363bc6ad605acf4b96e02c54dbd60f7 2012/04/30 00:03:28 15478 records - OK
kk5jgwem 7.0 3c04f402d91a19039cb9c223c435dc4ea1bb3da4 2012/04/23 00:05:05 11881 records - OK
24km7xzu 7.0 8d0220a2a50b367e61a51d3b29c2659cde41bb7f 2012/04/16 00:03:29 13578 records - OK
5gceg6iq 7.0 b79dc6f5832ad390108d1880694ec538e8b34bb0 2012/04/09 00:05:02 14292 records - OK
g2i6gk36 7.0 8ff7cc095c43c2154275b7a54a89bf365e8daf4a 2012/04/02 00:03:24 14084 records - OK
j43mu532 7.0 9502a428b32be4ad08556134e271c9ba03195398 2012/03/26 00:04:43 19126 records - OK
z107h1sj 7.0 28c2fabbc645aff41baac12b911a8499ea163536 2012/03/19 00:03:23 14920 records - OK
9qt7ga96 7.0 86de597ff06e58206f94263f2eef33cb41b2530c 2012/03/12 00:03:25 19017 records - OK
liu9gs3t 7.0 5bd1d666e7c9ca70c34e591dc6c55314ce4b11af 2012/03/05 00:04:32 19691 records - OK
ih1yk3hx 7.0 15a9d10c451d2fcf124700f29f557d9bf338e671 2012/02/27 00:03:21 23605 records - OK
x8gey7ci 7.0 5647d941e5358105ca6558dce78873f06c48d5dc 2012/02/20 00:03:45 19067 records - OK
r6vitnx3 7.0 c9b2600cb665ce34e0ccd0f19e0a88cd44437f51 2012/02/13 01:04:49 19019 records - OK
o926c6v2 7.0 9df2e129e78a9d9ab491186da1329c1dd1190e17 2012/02/06 01:05:25 28028 records - OK
g52g3fwg 7.0 b69b9504a51b8777b8e95a4680dc8ac1d8d8c25d 2012/01/30 01:08:41 29444 records - OK
xfku1wyx 7.0 3d7431bdee1a22d6329e017f348db7760f2645ac 2012/01/23 06:22:13 19353 records - OK
2kf2wa55 7.0 e04570f78fb00d758abdf77c534a460980e102c0 2012/01/16 01:12:31 20747 records - OK
chx0luv0 7.0 2de2479b112c4416e2375343f57ca789b042aecc 2012/01/09 01:04:30 28052 records - OK
o9y3bht7 7.0 c4bd9612ff1f71d8bd23b4f1bc114eed1ae2ee6b 2012/01/02 01:04:40 12183 records - OK
ai167a90 7.0 28b1d218ade8f05fdc8550c7456ac3b74f705208 2011/12/26 01:03:33 19984 records - OK
cq1agewn 7.0 539e41e8f3d97a6f347600c7cef903d9f34e0518 2011/12/19 01:08:45 22627 records - OK
66k6zl1z 7.0 f8e81968965f555bce0d02fc9933fee840b97aaf 2011/12/12 18:20:22 49580 records - OK
20qnwayp 7.0 14751e0f442bba3efc08ee12d82a2815c61cfeb6 2011/12/04 06:00:00 45195 records - OK
h5lcxz3f 7.0 1a1e6cb9b3096a2cbba2c31d05e11914c0357d52 2011/12/04 05:00:00 165532 records - OK
mhctkm5m 7.0 0f948a7d416c556bfc8a8be2c2c39f998fee6d9e 2011/12/04 04:00:00 170820 records - OK
ygj45r78 7.0 9357c3cc73a4a374346a678f197daa22496c7ae5 2011/12/04 03:00:00 171279 records - OK
lfiwbsww 7.0 ae56b06b3d6f1e13c5f10cce4ed68f2cccbf3298 2011/12/04 02:00:00 170253 records - OK
kzknws4s 7.0 fdaab5c1079d02c94f20d07c39d638cad79d8771 2011/12/04 01:00:00 170291 records - OK
uxtby0mh 7.0 b59d8841e65d7670b2aae7f2b65734269f6c4fe3 2011/12/04 00:00:00 170501 records - OK
s9w4ls4v 7.0 3946b1d195434cf7a70d144da71c87559475c58f 2011/12/03 23:00:00 353582 records - OK
nq26n418 7.0 8df4695f74ea5949551df6044720694e204b13d7 2011/12/03 22:00:00 852776 records - OK
9itp9219 7.0 c4679808d6f1cb2cfb803f8fd9b9562d40b12f5b 2013/06/19 17:31:00 1185 records - OK
8bky6qny 7.0 0cb77ee7a3e6545553585eb6df267a86d4fecbe4 2013/04/22 00:14:29 1680 records - OK
lxkpp8xi 7.0 6cb68b8fab821702ef054f864ff44917414e50fa 2013/02/04 01:13:43 2078 records - OK
02una6bq 7.0 cfbe9cf43615f7856e4c35f0fc02e2baf12e39e7 2012/12/17 01:14:14 1725 records - OK
t8nm0gfe 7.0 047694e79b1a8d295f27ea9c6565062404f84a57 2012/11/12 01:12:52 2050 records - OK
1gmx1h4g 7.0 f3413603f4ee1c88018a78c1f6faf2abeb8fa8c1 2012/09/24 00:13:14 1456 records - OK
oxakmb22 7.0 8871f579eeb7e5e7b70c6dd898afd27391d7daf4 2012/06/25 00:12:36 1421 records - OK
qct71y9d 7.0 3ee43130fe7fec4b367a791892a444d0a791b29b 2012/03/26 00:12:30 1385 records - OK
lx6fxcgh 7.0 fddc5d687537580c7166dbf117d591593bc62261 2012/01/23 02:56:09 1653 records - OK
yo94udir 7.0 211ddf93a63050fa39051d09352b2738e2656855 2013/06/19 17:30:52 784 records - OK
44ohuvgi 7.0 45cdfad530697916adbfea43a8763a4ab0c95beb 2013/05/20 00:24:48 1426 records - OK
5hima5yv 7.0 bd9fd948b79e07c8676018e17a43ee81f5335e36 2013/04/22 00:24:10 1641 records - OK
ctplzwvy 7.0 c7f70566b9bae9fd3f5a8d0b56d961f890a55508 2013/03/18 00:23:44 1742 records - OK
2ve9rl27 7.0 8893c0d254eb40c78b5c78ea17fbc3be60ea6304 2013/01/21 01:24:33 2016 records - OK
h11gm28m 7.0 cdf3a9d2dcab57f90c378d9eefacbfd358a42699 2012/12/10 01:23:23 1620 records - OK
nrqlec9a 7.0 c0726ba000e840272f0810b89051e6daa8799084 2012/11/05 01:23:16 1658 records - OK
i9vxqfmn 7.0 216611859de0125bf130d6324d43c9115cb05def 2012/10/08 00:23:20 1465 records - OK
bmbn9qnn 7.0 264c14ad60c4423ec292f5f8b182e4448504dfa9 2012/09/10 00:23:14 1588 records - OK
99eyyu8l 7.0 33197bfe9efefa9db33725d240757103c625b601 2012/07/23 00:22:36 1702 records - OK
fh21uh54 7.0 74d8e114edb84b95bc09d5a2a36191d15a61e2cb 2012/06/11 00:22:36 1659 records - OK
sewxtezy 7.0 79ca8239f310688d2b9c314fa3d738a34985cce3 2012/04/30 00:22:34 1670 records - OK
r48b9a23 7.0 aac27e986e3731e5260cb76f5b14558e36660dec 2012/03/12 00:22:28 1729 records - OK
3fvzyoqo 7.0 fa5c96b8be693a20c2a295e3545419e6f117fdc4 2012/01/30 01:23:00 1523 records - OK
6lninqa8 7.0 e9b21e0a3578ef2e2067f4876309671ddc78f65f 2011/12/19 01:22:29 1805 records - OK
uvrwpqhu 7.0 8f7a8f6f55130f6becc5331ab38dc2108746b8aa 2011/12/03 21:00:00 26456 records - OK
0b7sbk3x 7.0 e6d52b11d2f7d405ccd31347da3b6fde69825168 2011/12/03 20:00:00 74279 records - OK
4lb7d8u4 7.0 e20ffde4bbc58e0585b0b3b2f324bc91272c2360 2011/12/03 19:00:00 1 record - OK
Total records count: 4138126
Anti-rootkit module version ( ver: 8.3.201305150, api: 5.01/5.01 )
 
Using C:\Users\jonathan\AppData\Local\Temp\B70214D5-9916BF39-452386A4-572BA4B2\o6c1jdja.key as Dr.Web ® Key file
This Dr.Web ® Key is for 1 computer (A User)
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\22ACCA1B91 -rpcpr:np 
 
Object(s) to scan:
 - Scan processes in memory
 - Scan boot sectors
 - Scan system restore points
 - Scanning for rootkits 
 - C:\
 - D:\
 - E:\
 - G:\
 - C:\ac1.txt
 - C:\ac2.txt
 - C:\AtmApInit.txt
 - C:\bootsqm.dat
 - C:\eula.1028.txt
 - C:\eula.1031.txt
 - C:\eula.1033.txt
 - C:\eula.1036.txt
 - C:\eula.1040.txt
 - C:\eula.1041.txt
 - C:\eula.1042.txt
 - C:\eula.2052.txt
 - C:\eula.3082.txt
 - C:\FaceProv.log
 - C:\globdata.ini
 - C:\hiberfil.sys
 - C:\install.exe
 - C:\install.ini
 - C:\install.res.1028.dll
 - C:\install.res.1031.dll
 - C:\install.res.1033.dll
 - C:\install.res.1036.dll
 - C:\install.res.1040.dll
 - C:\install.res.1041.dll
 - C:\install.res.1042.dll
 - C:\install.res.2052.dll
 - C:\install.res.3082.dll
 - C:\MPUsbSin64.log
 - C:\msdia80.dll
 - C:\pagefile.sys
 - C:\photothumb.db
 - C:\sc1.txt
 - C:\sc2.txt
 - C:\Unidade de CD - Atalho.lnk
 - C:\vcredist.bmp
 - C:\VC_RED.cab
 - C:\VC_RED.MSI
 - C:\windows\system32\
 - C:\windows\SysWOW64\
 - C:\Users\jonathan\Documents\
 - C:\windows\TEMP\
 - C:\Users\jonathan\AppData\Local\Temp\
 
c:\windows\system32\drivers\dump_iastor.sys - file not found
c:\windows\system32\drivers\dump_dumpfve.sys - file not found
c:\users\jonathan\appdata\local\temp\22ace9f5f8.sys - file not found
c:\users\jonathan\appdata\local\temp\22b44dc186.sys - file not found
System Idle Process - file not found
System Process - file not found
c:\users\jonathan\appdata\roaming\microsoft\windows\start menu\programs\startup\72fd.js - infected with JS.Proslikefan.1
c:\users\jonathan\appdata\roaming\microsoft\windows\start menu\programs\startup\72fd.js - infected
c:\programdata\microsoft\windows\start menu\programs\startup\72fd.js - infected with JS.Proslikefan.1
c:\programdata\microsoft\windows\start menu\programs\startup\72fd.js - infected
c:\users\jonathan\appdata\roaming\31aa\27bc2.js - infected with JS.Proslikefan.1
c:\users\jonathan\appdata\roaming\31aa\27bc2.js - infected
Process :0 - read error
Process System:4 - read error
C:\System Volume Information\Syscache.hve.LOG1 - read error
C:\System Volume Information\Syscache.hve - read error
C:\System Volume Information\Syscache.hve.LOG2 - read error
C:\hiberfil.sys - read error
C:\pagefile.sys - read error
C:\Arquivos de Programas - directory
C:\Documents and Settings - directory
C:\Program Files\2ea2\2f.js - infected with JS.Proslikefan.1
C:\Program Files\2ea2\2f.js - infected
C:\Program Files\Arquivos Comuns - directory
C:\Program Files\Common Files\Sistema - directory
C:\Program Files\Windows NT\Acessórios - directory
C:\ProgramData\Application Data - directory
C:\ProgramData\Dados de aplicativos - directory
C:\ProgramData\Desktop - directory
C:\ProgramData\Documentos - directory
C:\ProgramData\Documents - directory
C:\ProgramData\Favorites - directory
C:\ProgramData\Favoritos - directory
C:\ProgramData\Menu Iniciar - directory
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - read error
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D19.log - file not found
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - read error
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - read error
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - read error
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - read error
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - read error
C:\ProgramData\Microsoft\Windows\Start Menu\Programas - directory
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\73fd.js - infected with JS.Proslikefan.1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\73fd.js - infected
C:\ProgramData\Modelos - directory
C:\ProgramData\Start Menu - directory
C:\ProgramData\Templates - directory
C:\System Volume Information - directory
C:\Users\All Users\Application Data - directory
C:\Users\All Users\Dados de aplicativos - directory
C:\Users\All Users\Desktop - directory
C:\Users\All Users\Documentos - directory
C:\Users\All Users\Documents - directory
C:\Users\All Users\Favorites - directory
C:\Users\All Users\Favoritos - directory
C:\Users\All Users\Menu Iniciar - directory
C:\Users\All Users\Modelos - directory
C:\Users\All Users\Start Menu - directory
C:\Users\All Users\Templates - directory
C:\Users\Default User - directory
C:\Users\Default\Ambiente de impressão - directory
C:\Users\Default\Ambiente de rede - directory
C:\Users\Default\AppData\Local\Application Data - directory
C:\Users\Default\AppData\Local\Dados de aplicativos - directory
C:\Users\Default\AppData\Local\History - directory
C:\Users\Default\AppData\Local\Histórico - directory
C:\Users\Default\AppData\Local\Temporary Internet Files - directory
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas - directory
C:\Users\Default\Application Data - directory
C:\Users\Default\Configurações locais - directory
C:\Users\Default\Cookies - directory
C:\Users\Default\Dados de aplicativos - directory
C:\Users\Default\Documents\Meus vídeos - directory
C:\Users\Default\Documents\Minhas imagens - directory
C:\Users\Default\Documents\Minhas músicas - directory
C:\Users\Default\Documents\My Music - directory
C:\Users\Default\Documents\My Pictures - directory
C:\Users\Default\Documents\My Videos - directory
C:\Users\Default\Local Settings - directory
C:\Users\Default\Menu Iniciar - directory
C:\Users\Default\Meus documentos - directory
C:\Users\Default\Modelos - directory
C:\Users\Default\My Documents - directory
C:\Users\Default\NetHood - directory
C:\Users\Default\PrintHood - directory
C:\Users\Default\Recent - directory
C:\Users\Default\SendTo - directory
C:\Users\Default\Start Menu - directory
C:\Users\Default\Templates - directory
C:\Users\Public\Documents\Meus vídeos - directory
C:\Users\Public\Documents\Minhas imagens - directory
C:\Users\Public\Documents\Minhas músicas - directory
C:\Users\Public\Documents\My Music - directory
C:\Users\Public\Documents\My Pictures - directory
C:\Users\Public\Documents\My Videos - directory
C:\Users\Todos os Usuários\Application Data - directory
C:\Users\Todos os Usuários\Dados de aplicativos - directory
C:\Users\Todos os Usuários\Desktop - directory
C:\Users\Todos os Usuários\Documentos - directory
C:\Users\Todos os Usuários\Documents - directory
C:\Users\Todos os Usuários\Favorites - directory
C:\Users\Todos os Usuários\Favoritos - directory
C:\Users\Todos os Usuários\Menu Iniciar - directory
C:\Users\Todos os Usuários\Modelos - directory
C:\Users\Todos os Usuários\Start Menu - directory
C:\Users\Todos os Usuários\Templates - directory
C:\Users\Usuário Padrão - directory
C:\Users\jonathan\NTUSER.DAT - read error
C:\Users\jonathan\ntuser.dat.LOG1 - read error
C:\Users\jonathan\ntuser.dat.LOG2 - read error
C:\Users\jonathan\Ambiente de impressão - directory
C:\Users\jonathan\Ambiente de rede - directory
C:\Users\jonathan\AppData\Local\Dados de aplicativos - directory
C:\Users\jonathan\AppData\Local\Histórico - directory
C:\Users\jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - read error
C:\Users\jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat - read error
C:\Users\jonathan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - read error
C:\Users\jonathan\AppData\Local\Temp\51d2.js - infected with JS.Proslikefan.1
C:\Users\jonathan\AppData\Local\Temp\51d2.js - infected
C:\Users\jonathan\AppData\Local\Temp\DeltaTB.exe - is adware program Adware.Toolbar.175
C:\Users\jonathan\AppData\Local\Temp\DeltaTB.exe - infected
C:\Users\jonathan\AppData\Local\Temp\bundlesweetimsetup.exe - is adware program Adware.SweetIM.26
C:\Users\jonathan\AppData\Local\Temp\bundlesweetimsetup.exe - infected
C:\Users\jonathan\AppData\Local\Temp\FEC5.tmp - is adware program Adware.InstallCore.101
C:\Users\jonathan\AppData\Local\Temp\FEC5.tmp - infected
C:\Users\jonathan\AppData\Local\Temp\ish43713040\locale\EN.locale - is adware program Adware.InstallCore.55
C:\Users\jonathan\AppData\Local\Temp\ish43713040\locale\EN.locale - infected
C:\Users\jonathan\AppData\Local\Temporary Internet Files - directory
C:\Users\jonathan\AppData\Roaming\31aa\27bc2.js - infected with JS.Proslikefan.1
C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programas - directory
C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73fd.js - infected with JS.Proslikefan.1
C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73fd.js - infected
C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\owet2m73.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\basis.xml - is adware program Adware.Toolbar.162
C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\owet2m73.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\basis.xml - infected
C:\Users\jonathan\AppData\Roaming\OpenCandy\D1AED79984C34A16996B024895C4063A\OCBrowserHelper_1.0.3.85.dll - is adware program Adware.Plugin.27
C:\Users\jonathan\AppData\Roaming\OpenCandy\D1AED79984C34A16996B024895C4063A\OCBrowserHelper_1.0.3.85.dll - infected
C:\Users\jonathan\Configurações locais - directory
C:\Users\jonathan\Cookies - directory
C:\Users\jonathan\Dados de aplicativos - directory
C:\Users\jonathan\Desktop\VDownloaderInstaller.exe - is adware program Adware.InstallCore.82
C:\Users\jonathan\Desktop\VDownloaderInstaller.exe - is adware program Adware.InstallCore.80
C:\Users\jonathan\Desktop\Unlocker1.9.2.exe\DeltaTB.exe - is adware program Adware.Toolbar.175
C:\Users\jonathan\Desktop\VDownloaderInstaller.exe - infected
C:\Users\jonathan\Desktop\Unlocker1.9.2.exe - infected container
C:\Users\jonathan\AppData\Local\Temp\rmi\rmp.exe - container, decompression error
C:\Users\jonathan\Documents\Downloads\Integrated_CT2776682.exe - is riskware program Program.BrotherSoft.4
C:\Users\jonathan\Documents\Downloads\Integrated_CT2776682.exe - infected
C:\Users\jonathan\Documents\Meus vídeos - directory
C:\Users\jonathan\Documents\Minhas imagens - directory
C:\Users\jonathan\Documents\Minhas músicas - directory
C:\Users\jonathan\Downloads\SoftonicDownloader_para_vdownloader.exe - is adware program Adware.Downware.1132
C:\Users\jonathan\Downloads\VDownloaderInstallerICW.exe - is adware program Adware.Somoto.8
C:\Users\jonathan\Downloads\SoftonicDownloader_para_vdownloader.exe - infected
C:\Users\jonathan\Downloads\VDownloaderInstallerICW.exe - infected
C:\Users\jonathan\Downloads\PDFWriterSetup.exe - is adware program Adware.InstallCore.114
C:\Users\jonathan\Downloads\PDFWriterSetup.exe - infected
C:\Users\jonathan\Menu Iniciar - directory
C:\Users\jonathan\Meus documentos - directory
C:\Users\jonathan\Modelos - directory
C:\Users\jonathan\Recent - directory
C:\Users\jonathan\SendTo - directory
C:\Windows\Installer\299882b.msi\stream002 - is adware program Adware.SweetIM.26
C:\Windows\Installer\299882b.msi - infected container
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - read error
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - read error
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - read error
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - read error
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - read error
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - read error
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - read error
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - read error
C:\Windows\System32\LogFiles\WMI\RtBackup - directory
C:\Windows\System32\catroot2\edb.log - read error
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - read error
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - read error
C:\Windows\System32\config\DEFAULT - read error
C:\Windows\System32\config\DEFAULT.LOG1 - read error
C:\Windows\System32\config\DEFAULT.LOG2 - read error
C:\Windows\System32\config\SAM - read error
C:\Windows\System32\config\SAM.LOG2 - read error
C:\Windows\System32\config\SAM.LOG1 - read error
C:\Windows\System32\config\SECURITY - read error
C:\Windows\System32\config\SECURITY.LOG1 - read error
C:\Windows\System32\config\SECURITY.LOG2 - read error
C:\Windows\System32\config\SOFTWARE - read error
C:\Windows\System32\config\SOFTWARE.LOG1 - read error
C:\Windows\System32\config\SOFTWARE.LOG2 - read error
C:\Windows\System32\config\SYSTEM - read error
C:\Windows\System32\config\SYSTEM.LOG1 - read error
C:\Windows\System32\config\SYSTEM.LOG2 - read error
C:\Windows\System32\config\RegBack\DEFAULT - read error
C:\Windows\System32\config\RegBack\SAM - read error
C:\Windows\System32\config\RegBack\SECURITY - read error
C:\Windows\System32\config\RegBack\SYSTEM - read error
C:\Windows\System32\config\RegBack\SOFTWARE - read error
D:\System Volume Information - directory
G: - read error
E: - read error
C:\hiberfil.sys - read error
C:\pagefile.sys - read error
C:\windows\system32\LogFiles\WMI\RtBackup - directory
C:\windows\system32\catroot2\edb.log - read error
C:\windows\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - read error
C:\windows\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - read error
C:\windows\system32\config\DEFAULT - read error
C:\windows\system32\config\DEFAULT.LOG1 - read error
C:\windows\system32\config\DEFAULT.LOG2 - read error
C:\windows\system32\config\SAM - read error
C:\windows\system32\config\SAM.LOG2 - read error
C:\windows\system32\config\SAM.LOG1 - read error
C:\windows\system32\config\SECURITY - read error
C:\windows\system32\config\SECURITY.LOG1 - read error
C:\windows\system32\config\SECURITY.LOG2 - read error
C:\windows\system32\config\SOFTWARE - read error
C:\windows\system32\config\SOFTWARE.LOG1 - read error
C:\windows\system32\config\SOFTWARE.LOG2 - read error
C:\windows\system32\config\SYSTEM - read error
C:\windows\system32\config\SYSTEM.LOG1 - read error
C:\windows\system32\config\SYSTEM.LOG2 - read error
C:\windows\system32\config\RegBack\SAM - read error
C:\windows\system32\config\RegBack\SECURITY - read error
C:\windows\system32\config\RegBack\DEFAULT - read error
C:\windows\system32\config\RegBack\SOFTWARE - read error
C:\windows\system32\config\RegBack\SYSTEM - read error
C:\Users\jonathan\Documents\Downloads\Integrated_CT2776682.exe - is riskware program Program.BrotherSoft.4
C:\Users\jonathan\Documents\Meus vídeos - directory
C:\Users\jonathan\Documents\Minhas músicas - directory
C:\Users\jonathan\Documents\Minhas imagens - directory
C:\Users\jonathan\AppData\Local\Temp\51d2.js - infected with JS.Proslikefan.1
C:\Users\jonathan\AppData\Local\Temp\DeltaTB.exe - is adware program Adware.Toolbar.175
C:\Users\jonathan\AppData\Local\Temp\bundlesweetimsetup.exe - is adware program Adware.SweetIM.26
C:\Users\jonathan\AppData\Local\Temp\FEC5.tmp - is adware program Adware.InstallCore.101
C:\Users\jonathan\AppData\Local\Temp\ish43713040\locale\EN.locale - is adware program Adware.InstallCore.55
C:\Users\jonathan\AppData\Local\Temp\rmi\rmp.exe - container, decompression error
 
Total 211003178241 bytes in 295033 files scanned (458049 objects)
Total 294832 files (457832 objects) are clean
Total 20 files (28 objects) are infected
Total 86 files (88 objects) are raised error condition
Scan time is 02:48:58.662
 
-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------
c:\users\jonathan\appdata\roaming\microsoft\windows\start menu\programs\startup\72fd.js - fatal error occured
c:\programdata\microsoft\windows\start menu\programs\startup\72fd.js - fatal error occured
c:\users\jonathan\appdata\roaming\31aa\27bc2.js - deleted, reboot required
C:\Program Files\2ea2\2f.js - deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\73fd.js - file not found
C:\Users\jonathan\AppData\Local\Temp\51d2.js - deleted
C:\Users\jonathan\AppData\Local\Temp\DeltaTB.exe - quarantined
C:\Users\jonathan\AppData\Local\Temp\bundlesweetimsetup.exe - quarantined
C:\Users\jonathan\AppData\Local\Temp\FEC5.tmp - quarantined
C:\Users\jonathan\AppData\Local\Temp\ish43713040\locale\EN.locale - quarantined
C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73fd.js - file not found
C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\owet2m73.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\basis.xml - quarantined
C:\Users\jonathan\AppData\Roaming\OpenCandy\D1AED79984C34A16996B024895C4063A\OCBrowserHelper_1.0.3.85.dll - quarantined
C:\Users\jonathan\Desktop\VDownloaderInstaller.exe - quarantined
C:\Users\jonathan\Desktop\Unlocker1.9.2.exe - quarantined
C:\Users\jonathan\Documents\Downloads\Integrated_CT2776682.exe - quarantined
C:\Users\jonathan\Downloads\SoftonicDownloader_para_vdownloader.exe - quarantined
C:\Users\jonathan\Downloads\VDownloaderInstallerICW.exe - quarantined
C:\Users\jonathan\Downloads\PDFWriterSetup.exe - quarantined
C:\Windows\Installer\299882b.msi - quarantined
 
Total 211003178241 bytes in 295033 files scanned (458049 objects)
Total 294832 files (457832 objects) are clean
Total 20 files (28 objects) are infected
Total 16 files (17 objects) are neutralized
Total 90 files (88 objects) are raised error condition
Scan time is 02:48:58.662
 
 
HijackThis:
 
Logfile of HijackThis v1.99.1
Scan saved at 23:26:19, on 19/06/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
 
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Users\jonathan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Users\jonathan\Desktop\drweb-cureit.exe
C:\Users\jonathan\AppData\Local\Temp\B70214D5-9916BF39-452386A4-572BA4B2\8yc6fjhv.exe
C:\Users\jonathan\AppData\Local\Temp\B70214D5-9916BF39-452386A4-572BA4B2\09msbsag.exe
C:\Users\jonathan\AppData\Local\Temp\B70214D5-9916BF39-452386A4-572BA4B2\u250fwxw.exe
C:\Users\jonathan\Desktop\HijackThis\1.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?u...6&ts=1350359174
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my-online...=0&affID=122471
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....00.10039&barid={4205F22B-D457-11E2-85E1-002622D7598F}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search....cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search....cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.200.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\jonathan\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [Epson Stylus TX420W(Rede)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCL.EXE /FU "C:\Users\jonathan\AppData\Local\Temp\E_SC4AA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\jonathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [27bc2] C:\Users\jonathan\AppData\Roaming\31aa\27bc2.js
O4 - Startup: 71f.js
O4 - Startup: Facebook Messenger.lnk = C:\Users\jonathan\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O4 - Global Startup: 71f.js
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files (x86)\FinalVideoDownloader\fvdRunner.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\jonathan\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs:   
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BitMeter Capture Service (BitMeterCaptureService) - Unknown owner - C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe
O23 - Service: BitMeter Web Service (BitMeterWebService) - Unknown owner - C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\windows\system32\dmwu.exe (file missing)
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TipCtrl - Unknown owner - C:\Program Files (x86)\uTIPu\TipCtrl.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 


#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

Bom dia.

 

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

 

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.* /s

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet
Explorer\Control Panel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet
Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Net User /c

/md5start
services.*

/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#5
thanjona

thanjona

    Novato

  • Novato
  • Pip
  • 3 posts

no final da ação de remoção do programa AdwCleaner ele pediu para reiniciar o computador logo após o computador não reiniciou ficou parado na tela preta de boot, tentei formata-la dando boot em cd e em pendrive mais ele não conseguiu prosseguir com boot =/ 



#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

Bom dia thanjona,
 
O que você disse na sua MP :
 

Boa noite CarlosTurco.
 
Primeiramente, gostaria de agradecê-lo pelo suporte quanto ao meu problema.
 
Contudo, resolvi formatar meu pc, pois estava precisando dele com um pouco mais de segurança e foi uma solução mais rápida.
 
Mais uma vez agradeço e desculpe por não finalizar o procedimento.
 
Atenciosamente,
 
Rodrigo Trajano

 
 
Então vai prosseguir com análise ou podemos encerrar o tópico?



#7
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.