Ir para conteúdo

Foto

Pendrive criando atalhos. Arquivo suspeito COOL.vbs

remoção de malware pendrive criando atalhos cool.vbs

Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
19 respostas neste tópico

#1
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Pessoal, boa tarde.

 

Meu pai teve aqui em casa e disse que o pendrive dele estava criando atalhos. Eu fui tentar e coloquei um pendrive dele no meu notebook e me dei mal...agora a mesma coisa acontece comigo e já procurei em todo tipo de fórum e não consigo ajuda.

Fiz alguns procedimentos, mas nada de resolver. Tipo: attrib -r -a -s -h /d /s 

 

Quando coloco no cmd "attrib", aparece no meu pendrive o arquivo COOL.vbs

 

Tento apagar esse arquivo e não consigo...e nem sei se é ele que está causando o problema, mas segundo o "USB Disk Security", ele é um arquivo suspeito...até por lá eu dou o comando de deletar, mas ele volta a aparecer.

 

MbrScan é muito grande e vou postar por aqui ok?!?

 

Desde já agradeço...e muito...

 

 

MBRScan v1.1.1
 
OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/09/09 (ISO 8601) at 17:54:13
________________________________________________________________________________
 
DISK           : Device\Harddisk0\DR0 __ST500LM0 12 HN-M500MB (2AR2)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
 
DISK           : Device\Harddisk1\DR2 __SanDisk Cruzer Fit (1.26)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________
 
Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> Vista MBR Code .
 
MBR_MD5   : 29D217D25A4D028632FC70EA38061D6C
MBR_SHA1  : BF1B680084095D15D249DBA7556F7CB5C9A34C86
 
Device\Harddisk0\Partition1 39.19 Mo   0xDE Dell Utility 
Device\Harddisk0\Partition2 13.81 Go   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3 451.9 Go   0x07 NTFS / HPFS
________________________________________________________________________________
 
Device\Harddisk1\DR2 7.45 Go  [Removable] ==> Unknown MBR Code
 
MBR_MD5   : 33A0F33FB7E7F518F64AEDCB9DAD35B0
MBR_SHA1  : C447805CA80E2E2F49C33F407932C8C8FBE64A4E
 
Device\Harddisk1\Partition1 7.45 Go   0x0B FAT32 [CHS] 
________________________________________________________________________________
 
############################### Additional scan ################################
 
DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02C10000
SIZE    : 292.0 Ko
 
DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BCD000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C58000
SIZE    : 316.0 Ko
 
DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CBB000
SIZE    : 376.0 Ko
 
DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D19000
SIZE    : 768.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E34000
SIZE    : 776.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EF6000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F06000
SIZE    : 348.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00F5D000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00F66000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F70000
SIZE    : 204.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FA3000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\iusb3hcs.sys => Invisible on the disk
ADDRESS : 0x00FB0000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FB9000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FCE000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00FD7000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00FE3000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x01081000
SIZE    : 368.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x010DD000
SIZE    : 104.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\iaStor.sys => Invisible on the disk
ADDRESS : 0x0121D000
SIZE    : 3.64 Mo
 
DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x015C1000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x010F7000
SIZE    : 304.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x015CC000
SIZE    : 80.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01643000
SIZE    : 1.63 Mo
 
DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01143000
SIZE    : 376.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x017E5000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 456.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01611000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01898000
SIZE    : 968.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0198A000
SIZE    : 384.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 2.00 Mo
 
DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0182A000
SIZE    : 292.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x011A1000
SIZE    : 304.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01873000
SIZE    : 32.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 232.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x0187B000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x0188D000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01CB2000
SIZE    : 232.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01CEC000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01D02000
SIZE    : 192.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\aswVmm.sys => Invisible on the disk
ADDRESS : 0x01D32000
SIZE    : 208.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\aswRvrt.sys => Invisible on the disk
ADDRESS : 0x01D66000
SIZE    : 76.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x047C5000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x030BC000
SIZE    : 1024.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x031BC000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x031C5000
SIZE    : 28.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x031CC000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x031DA000
SIZE    : 148.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03000000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03010000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x03019000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x03022000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x0302B000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03036000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x03047000
SIZE    : 136.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03069000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x03076000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x01D87000
SIZE    : 276.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01C00000
SIZE    : 548.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\aswrdr2.sys => Invisible on the disk
ADDRESS : 0x03088000
SIZE    : 80.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x0309C000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x030A7000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x01C89000
SIZE    : 152.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01DCC000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x047EF000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x01DE2000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x019EA000
SIZE    : 80.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04C4F000
SIZE    : 324.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x04CA0000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x04CAC000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x04CB7000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x04CC6000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x04CE4000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x04CF5000
SIZE    : 392.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x04D57000
SIZE    : 152.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x04D7D000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x0F4BA000
SIZE    : 14.07 Mo
 
DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x102CB000
SIZE    : 976.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0F400000
SIZE    : 280.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\iusb3xhc.sys => Invisible on the disk
ADDRESS : 0x04EC1000
SIZE    : 784.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x04F85000
SIZE    : 8.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x04F87000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x04F98000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04FA9000
SIZE    : 344.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x04E00000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\athrx.sys => Invisible on the disk
ADDRESS : 0x05090000
SIZE    : 2.71 Mo
 
DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x05345000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\L1C62x64.sys => Invisible on the disk
ADDRESS : 0x05352000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x0536D000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0538B000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\Apfiltr.sys => Invisible on the disk
ADDRESS : 0x05000000
SIZE    : 424.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x0506A000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x05079000
SIZE    : 20.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x0539A000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x053B0000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x053C0000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x053D6000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x0507E000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x04E24000
SIZE    : 188.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x04E53000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x04E6E000
SIZE    : 132.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x04E8F000
SIZE    : 104.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x0508A000
SIZE    : 8.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x0F446000
SIZE    : 268.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\btath_bus.sys => Invisible on the disk
ADDRESS : 0x04EA9000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x0F489000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x04D86000
SIZE    : 360.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x0F49B000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\iusb3hub.sys => Invisible on the disk
ADDRESS : 0x05C4E000
SIZE    : 372.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\CHDRT64.sys => Invisible on the disk
ADDRESS : 0x05E28000
SIZE    : 1.58 Mo
 
DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x05FBD000
SIZE    : 244.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x05E00000
SIZE    : 136.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x05E22000
SIZE    : 24.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x05CAB000
SIZE    : 344.0 Ko
 
DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000B0000
SIZE    : 3.09 Mo
 
DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x05D01000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x05D28000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x04400000
SIZE    : 3.64 Mo
 
DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x05D36000
SIZE    : 76.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x05D49000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x05D66000
SIZE    : 184.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\CtClsFlt.sys => Invisible on the disk
ADDRESS : 0x05D94000
SIZE    : 172.0 Ko
 
DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x005F0000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00650000
SIZE    : 156.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x05DCD000
SIZE    : 140.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x05C00000
SIZE    : 160.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x05C28000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x05C33000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x02C68000
SIZE    : 332.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x02CBB000
SIZE    : 76.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x02CCE000
SIZE    : 96.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\TurboB.sys => Invisible on the disk
ADDRESS : 0x02CE6000
SIZE    : 28.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x02CED000
SIZE    : 216.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x02D23000
SIZE    : 804.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x02C00000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x02C1E000
SIZE    : 96.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x02C36000
SIZE    : 180.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x04C00000
SIZE    : 312.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x103BF000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x02DEC000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x05888000
SIZE    : 664.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0592E000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x05939000
SIZE    : 196.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x0596A000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0597C000
SIZE    : 420.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x07289000
SIZE    : 608.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x07357000
SIZE    : 100.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x07321000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x07370000
SIZE    : 216.0 Ko
 
DRIVER  : C:\Users\DELL\AppData\Local\Temp\B5C37C9B.sys => Invisible on the disk
ADDRESS : 0x073A6000
SIZE    : 272.0 Ko
 
DRIVER  : C:\Users\DELL\AppData\Local\Temp\B6525F35.sys => Invisible on the disk
ADDRESS : 0x07200000
SIZE    : 188.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x07267000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x478D0000
SIZE    : 128.0 Ko
 
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
 
SystemStartOptions :  NOEXECUTE=OPTIN
 
________________________________________________________________________________
 
_______MBR   \Device\Harddisk0\DR0  
 
0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~......².
0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   ë.U2ä.V.Í.]ë..>þ
0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uªun.v.è......°
0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6   Ñædè..°ßæ`èx.°.æ
0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dèq.¸.»Í.f#Àu;f.
0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   ûTCPAu2.ù..r,fh.
0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   »..fh....fh....f
0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.
0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah...Í.Z2öê.|.
0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   .Í..·.ë..¶.ë..µ.
0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2ä....ð¬<.tü»..´
0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   .Í.ëò+Éädë.$.àø$
0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .ÃInvalid partit
0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 
0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin
0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing
0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000001B0   6D 00 00 00 00 62 7A 99 4B EC 63 BE 00 00 00 01   m....bz.Kìc¾....
0x000001C0   01 00 DE 03 3F 04 3F 00 00 00 86 39 01 00 80 19   ..Þ.?.?....9....
0x000001D0   15 05 07 FE FF FF 00 40 01 00 00 F0 B9 01 00 FE   ...þ...@...ð¹..þ
0x000001E0   FF FF 07 FE FF FF 00 30 BB 01 00 28 7D 38 00 00   ...þ...0»..(}8..
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
 
_______MBR   \Device\Harddisk1\DR2  
 
0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001C0   21 00 0B 22 D5 CD 20 00 00 00 E0 8B EE 00 00 00   !.."ÕÍ ...à.î...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

 

 

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

felipe.motaferreira,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Se em algum momento da análise ficar constatado que trata-se de um PC de empresa, o tópico será sumariamente fechado e sem possibilidade de reabertura.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP
  • Por favor, clique neste link -> Virustotal
  • Quando a página VirusTotal terminar de carregar, clique no botão 2e19e8h.png
    Na janela para escolher o arquivo, vá ate a sua Area de Trabalho/Desktop e procure pelo arquivo abaixo:
    C:\Users\DELL\AppData\Roaming\COOL.vbs
    Atente para o nome correto do arquivo
  • Após ter carregado o arquivo na caixa de dialogo, clique em 25a43h1.png
  • Note, se o VirusTotal informar que esses arquivos já foram analisados, certifique-se de clicar em z4xn4.png
  • Após o término da análise, copie o link/URL e/ou o Endereço da barra de endereços do Navegador, e cole no Próximo Post.


#3
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Antes de tudo já queria agradecer a rápida resposta...muito obrigado mesmo!

Segue abaixo:

https://www.virustot...sis/1378817590/



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

Ok,

 

worm.png Seu computador está infectado com um tipo de worm que se espalha através de qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas) e também através de outras máquinas ligadas em rede.

Para evitar que seu computador seja reinfectado, e para não infectar outros computadores, é necessário que você formate o dispositivo em questão.
Se houver mais de um, todos devem ser formatados e não devem ser utilizados em nenhum pc até que terminemos a limpeza, de modo a conseguirmos desinfectar este computador.

É recomendável que você troque todas as senhas armazenadas neste pc. Se você usou ou usa o internet banking, comunique suas instituições financeiras sobre o ocorrido e troque as senhas urgentemente.

Faça o download do Panda USB Vaccine e salve na sua área de trabalho.

  • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
  • Execute o Panda USB Vaccine
  • Vá seguindo os prompts que poderão aparecer.
  • Espere até que o programa conclua a busca e depois saia do programa.

 

Conecte todos os dispositivos de armazenamento removível nas portas USBs

 

Baixe o Kaspersky AVP Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

OBS: Após o cadastro, escolha a versão 11 em Inglês e clique no botão btnversion10pt-br-1.png
Salve-o em sua área de trabalho.

  • Duplo clique no arquivo ”setup" e aguarde a instalação;
    ** Usuários do Windows Vista e Windows 7:
    Clique com o direito sobre o arquivo, depois clique em
    execadmin.png
  • Na próxima tela marque I accept the licence agreement e clique em Start
  • Clique no botão f4uZX.png e marque:
    • Meu computador
    • Disco local (C:) (a letra do disco local pode variar)
    • Marque também a unidade de seu pendrive.
  • Clique em Actions e Marque os dois quadros.
    Zqewdl.jpg
  • Clique na aba Automatic Scan e logo depois em Start Scan.  Aguarde o término da verificação.
  • Clique no botão AouIc.png, em Detected threats e no botão "Save".
  • Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.
  • Favor postar também um novo log do HijackThis.


#5
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Fiz o processo indicado e foram encontrados 9 "Dletected threats". Ele corrigiu e coloquei ele pra rodar outra vez e não achou mais nada....e o vírus do pendrive aparentemente sumiu....agora não está mais criando atalhos e está normal. Só comi bola na parte de salvar os resultados para postar aqui...eu corrigi e coloquei pra rodar novamente...me desculpe!

Muito obrigado pela ajuda...me salvou.

Abraço e até a próxima.



#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

felipe.motaferreira,

 

Vamos verificar as sobras.

 

Execute os procedimentos abaixo:

 

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554



#7
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Tudo feito exatamente conforme as instruções.

Segue abaixo os resultados:

 

# AdwCleaner v3.003 - Relatório criado 10/09/2013 no 19:05:48
# Atualizado 07/09/2013 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : DELL - TRABALHO-PC
# Executando de : C:\Users\DELL\Downloads\adwcleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Deletado : C:\ProgramData\apn
Pasta Deletado : C:\ProgramData\Babylon
Pasta Deletado : C:\Program Files (x86)\Conduit
Pasta Deletado : C:\Program Files (x86)\Iminent
Pasta Deletado : C:\Program Files (x86)\Common Files\spigot
Pasta Deletado : C:\Users\DELL\AppData\Local\Babylon
Pasta Deletado : C:\Users\DELL\AppData\Local\Conduit
Pasta Deletado : C:\Users\DELL\AppData\Local\cre
Pasta Deletado : C:\Users\DELL\AppData\LocalLow\Conduit
Pasta Deletado : C:\Users\DELL\AppData\LocalLow\Funmoods
Pasta Deletado : C:\Users\DELL\AppData\Roaming\Babylon
Pasta Deletado : C:\Users\DELL\AppData\Roaming\baidu
Pasta Deletado : C:\Users\DELL\AppData\Roaming\OpenCandy
Pasta Deletado : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Pasta Deletado : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Pasta Deletado : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Arquivo Deletado : C:\Windows\System32\roboot64.exe
Arquivo Deletado : C:\Users\DELL\AppData\Local\funmoods.crx
Arquivo Deletado : C:\Users\DELL\AppData\Local\funmoods-speeddial.crx
Arquivo Deletado : C:\Program Files (x86)\Mozilla Firefox\user.js
Arquivo Deletado : C:\Windows\System32\Tasks\Dealply
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Deleteda : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deleteda : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deleteda : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deleteda : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deleteda : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Valor Deleteda : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Valor Deleteda : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Valor Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deleteda : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a
Chave Deleteda : HKCU\Software\e53d8d9b53dee17
Chave Deleteda : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Chave Deleteda : HKCU\Software\BI
Chave Deleteda : HKCU\Software\BrowserMngr
Chave Deleteda : HKCU\Software\Conduit
Chave Deleteda : HKCU\Software\InstallCore
Chave Deleteda : HKCU\Software\AppDataLow\SProtector
Chave Deleteda : HKCU\Software\AppDataLow\Software\Search Settings
Chave Deleteda : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deleteda : HKLM\Software\Babylon
Chave Deleteda : HKLM\Software\BrowserMngr
Chave Deleteda : HKLM\Software\Conduit
Chave Deleteda : HKLM\Software\DataMngr
Chave Deleteda : HKLM\Software\Iminent
Chave Deleteda : HKLM\Software\SP Global
Chave Deleteda : HKLM\Software\SProtector
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deleteda : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Google Chrome v29.0.1547.66
 
[ Arquivo : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6888 octets] - [10/09/2013 19:03:51]
AdwCleaner[S0].txt - [6266 octets] - [10/09/2013 19:05:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6326 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Basic x64
Ran by DELL on 10/09/2013 at 19:10:25,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-507079830-1569758447-3025900709-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_130001_1001_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_130001_1001_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{0124B397-8F89-43B9-8733-5C1818B9073F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{027C82C2-9DE9-4208-9E7C-6562D1B2B649}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{0328A956-26B6-4DFE-8698-129812E42275}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{057E1236-0194-4FF6-89DB-5FC9E36A83EB}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{06CDC4E4-5F11-4300-B34C-8520F8E713F0}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{075C2EA7-CB64-46E6-8683-85F688EFE4DF}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{077CB971-1001-4779-B8DC-3CF82623A309}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{0D3B1D90-5291-4AED-AB11-A68455487950}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{0F7AE3A2-5C78-4B10-AF31-830B8690411A}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{1082D4C8-A0A3-44D2-8BD1-AC0F64262F62}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{14002F8E-D6F3-4338-AD80-7166841B4674}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{14845739-FCE7-4EE9-B089-0713DC431F3A}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{153FE81E-1F1F-4FD7-86EB-98D3BCF6E7BE}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{1B07A492-EE5F-49FF-A9DA-4F50D4C18CDC}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{1BC0E04D-A16A-4DD4-86EB-BB1940834C29}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{1E287950-9481-4A6B-804C-63CF2B89816E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{20FA93AB-7C20-458E-A36C-F152CD081395}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{21D8E7AA-FCBD-4830-94BD-0AE28EE79FA4}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{22FCE58E-D22C-4CDF-A7E0-CE99784D7849}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{23B574B0-DB06-4F45-8D79-C0BD057ADDB2}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{24AAFC8E-8786-4935-9EC2-19A1754F6965}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{2846C44C-E07E-455F-A180-0BAE522AE679}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{296E38DE-C98C-45B3-BF4F-9C0AF3649393}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{2BD609B4-FC05-4576-9972-94F270E18F5E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{2E142E39-392E-4F4C-8A61-48A427B88F26}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{2FA86765-1806-4F09-BEC8-F510F17D4426}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{30A1510D-AF56-4F4C-901D-CF85D819AF20}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{339FB770-1719-4F66-BC4F-3A1BF0EE39A8}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{368C0239-3790-440B-B030-92225196BC64}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{3A7620E9-5AB0-4CF0-86F3-94D9D891C1E9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{3AC3E64C-01BF-48A5-98F7-23A077DE87CB}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{3BA57D7C-E334-4612-B80C-479615FFAD4A}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{3D299988-0D18-4003-9DCD-575DB0AD9ED5}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{3E518E37-9170-4709-8B43-18AFC1656EC8}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{3EF5C06B-87DB-49DB-923A-26CBFE5E8694}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{41178489-BDFC-494B-B7AC-7C9FDA81A9FF}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{41EC2FB0-9129-4D4E-8F60-782DD9DE8242}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{438E9638-7CC1-425F-9F3C-1C01C0DD3D89}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{453D9439-625B-4BA3-8CB4-C764AA160262}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{476B397A-5B40-466A-A02C-ACD981C3626E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{4B05E0FC-133F-4906-954D-B958DAD2EF1B}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{4C63817B-9E94-4A4E-9370-E11563C02033}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{512ED714-9813-4B51-BB1C-BDF0E35C3AAF}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{53EC75D9-FEF8-464E-8E04-24E49984CE08}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{53ED6B7F-4980-4212-B7D3-52F76FF7974D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{55B21F8D-1BB3-4735-9A2F-F87442903F35}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{566A6E13-93DD-4962-9571-CED07EFF0636}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{586D6AF5-A759-467D-A0B9-B13DBE8503EB}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{58E05241-B585-40F0-A2EF-E8F01291FF98}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{5909F906-2903-4B93-983C-836D8B8E3D2B}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{59329FFB-76F7-423B-8D68-9C7DCA147C0E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{5AC2E823-71C6-40F3-B0CB-7878820650E1}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{5C76B8F6-94DF-4151-859B-0E675ADAB3A6}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{5CF2E997-70D9-4419-969D-5C4EF2DEFDD9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{60FF0B4D-9A0C-4086-82DB-E09BA349E98B}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{62C9D2EA-1296-4AAE-89D2-180FB00129D9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{666EE50D-6C84-4D0F-A360-AF1C19A6446C}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{68E20248-6050-45D7-B804-EC5B6163A2E5}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{68F5C63A-AE3F-4DDB-9A4F-6E88BFFA9407}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{6C8A1D42-5BCB-4A12-8197-481C705A3A8F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{6D8A7275-70E9-4C68-AD78-A061053BD813}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{6DDB0A34-3F18-4D87-9EAD-3A97A410FFFC}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{6EE9BAD6-3035-4CAB-B0A8-171B21C6C020}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{6F594AEE-D5E3-408E-81F7-5A95D92A40B9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{700780E4-95DF-4BBF-9C95-6907CA8D4E57}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{70502325-A3DD-4CEA-AAB9-333A4413C0A1}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{73FB53F1-7561-4886-80AE-711A125AFF2D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{77425B31-9FEF-45B6-BFF4-F416F1263C1F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{78DA25A4-181E-40DE-9ECC-5E40264FE28C}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{78F95255-4211-49AF-88FC-A5DB051D1343}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{7A932889-6C24-4071-8C2D-B9E6B6EB937C}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{7BAECF52-89D3-4624-A56A-FBC3A239F0E1}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{7C98797E-00D6-4C40-A25B-7B9A5D1DFB6E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{7F17F60E-62D0-4680-9748-1A6274CAF229}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{8066CC5E-E8B4-48F1-941A-BFE8FABCF983}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{8597A8A7-CC9D-44C9-ADC0-6C0FA54426D8}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{86542D37-0FD4-466B-83DB-9DB0266A3BD4}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{86D92E34-A32D-486A-8D9A-7A4E0302B9A4}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{893677FD-CA00-42C9-A1B7-8366DFF734CD}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{8F3F5A7E-930F-4301-BFE7-AAE5402414DA}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{8FA76497-B6C2-4279-AA20-24F88B956A60}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{9035188B-80D7-42F5-B4CF-ACEC7C23A083}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{912F7463-CB13-4418-8360-64CD7F9B52C5}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{921C5544-C22D-4095-91E3-425CF2021FF6}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{92499842-A567-4509-9000-219AF26373C3}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{92D622C6-EF27-495F-9578-AD54C43EDC5D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{9639A46F-94A4-48D3-B66F-24771A835AED}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{963D2088-BBD5-48D7-892E-A78F60BC867F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{97E217DA-46C6-44BF-AE0D-7092C2A9693B}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{9F4C1D05-0158-4D96-BC3D-0C940F1A048E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{9F6A7BE4-F7AF-4020-A533-535F311F1A9F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{9FCBA72D-B8CE-49D7-B16A-27F7CE0874B9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A0F26710-DDA7-45BD-963C-C59EFDC4825F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A2CB9F32-15C9-471E-879D-0F58FD7E3505}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A34CA6A6-9AAF-4BDF-8431-0E12BEA2539F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A365159E-7BBB-4E19-847B-15CDC8CFD3F8}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A52E125D-8395-440C-94FC-EC52F564B3A9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A567913B-0ED4-4439-BFBA-490D9CFF5DF4}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A5855504-7A9C-4908-827E-DBB8DC15C4D5}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A6387B63-E4A4-418F-A240-885CBCD0514E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A66F0F14-DC88-4A00-8870-7541AC7E4AEB}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A7D67DC6-6A6F-4045-99D8-F345741C88C1}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A902C1FF-0F99-4141-82AC-8EE3E498FD0D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{A9D27CCA-A289-4888-AB84-69C04B623610}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{AC36CD8A-D557-4A12-8FFE-CE426470CF99}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{ADA5464B-8759-486D-92E8-EBD38E64018A}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{ADE60387-DBF6-41C9-BFF2-EAB391FA8E7D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{AF1FC4BD-CD44-4A12-A17D-006325907812}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{B5C95464-9DF2-425A-AC17-C8053F364182}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{B60F541E-27E5-472E-A79D-DAACE511C579}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{B7D030F5-82F2-4FF5-BD58-3A3368F0890A}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{B9F64154-FDF6-41BA-9213-97AE74BE89DC}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{BA176D07-0FC2-4A5F-B476-E7276776D7C1}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{BA53FE55-CFF5-4509-8AC0-E4F0B1AD7086}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{BC8D169B-989E-4140-8E6B-FC3594BE58ED}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{BFD6EE31-8D88-4A5E-B53E-9A01866A52FB}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{C06BC8AB-78A5-4F8E-A87A-ACA183FDE500}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{C08DAB1B-5AE3-45E2-ACA7-4029ACA54F67}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{C13C7AA5-68CA-409B-BAC9-69BD901B33C0}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{C1DF4386-D1CF-4795-8349-FFABD02957C9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{C3699F5D-67E7-4345-9958-DB4D8D37FF2E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{C90091FC-3034-457F-A9F6-08B2B1DE46D4}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{C926D09F-B134-4732-8C30-B68BB69E8E52}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{CAFC67FE-04E3-49F9-B07B-61C86EC34C92}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{CB4AF939-55C9-438A-9C20-42021A79F23D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{CD2CD1BF-1E4D-4DF6-8BC3-FE99AD4ECAEA}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{CE42A26A-94AC-41A9-801A-B1C8B66F72D6}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{CF2130EE-2668-4DEF-B122-F1B412834D56}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{CF5020A7-DC5D-474A-A61C-716F946E45AF}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{D26D08B1-B6FE-4B99-85A7-7A81397019AC}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{D45515D9-7464-4A0F-AC07-9F00836AAE2C}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{E353A827-FE7A-4AFF-B2CC-81B5B940CA4E}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{E4FCA25D-A355-4E20-9330-68AB55EB9F33}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{E59E536A-0731-4C32-AEFA-F840079C8FA5}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{E63A15FB-B4A8-4F41-8CF0-B540AC184BC8}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{E743446E-CD3D-4DA5-8D1E-D4D26887D80D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{E7BB7BDD-F579-401D-8C6B-84DF5CD011A9}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{E8FA38E7-CCFA-47EC-B20F-3967059EAAB3}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{ED162D1E-EFE8-48DC-B39D-78A77546EC16}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{EFAA6152-0F87-451D-AF28-9B0E15061F9C}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F01B6F10-82B5-4AAE-A1FB-F8BA4B2770CA}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F15F4D46-EFB1-4EE8-8F4A-6CBE42076F5D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F1A433FD-5339-469B-AB52-A53E3D50125B}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F1AAD5E4-EA34-4E1B-9CA2-E2AE0B4BE858}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F1C82A4B-7F89-436F-AB27-AFB36B8852D1}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F2387703-4CE6-4628-B3C9-C1B00033F95F}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F2722742-0800-45BE-8D09-99FAFF18794D}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{F5502B81-51C9-4FF8-ADF4-B6CA31A2ECFC}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{FA178897-5775-4222-95B2-8C6A08F88BCA}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{FB3FED9D-4694-4508-A9A8-697E838243ED}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{FB49B2BB-6074-4818-A0A2-FB0AB19201E6}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{FC3F2331-95C2-41FC-A9BD-A8F998F62F0C}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{FCEBA413-2F38-4F49-9D8F-D4C785650D66}
Successfully deleted: [Empty Folder] C:\Users\DELL\appdata\local\{FE6271F6-9C23-4D30-9745-603377FC799E}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/09/2013 at 19:15:38,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.09.10.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
DELL :: TRABALHO-PC [administrador]
 
Proteção: Permitir
 
10/09/2013 19:19:25
mbam-log-2013-09-10 (19-19-25).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  221524
Tempo decorrido: 3 minuto(s), 16 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AA5F939-C05B-6195-FBE4-5A2305609043} (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 2
C:\ProgramData\InstallMate\{9B60BBFB-AEC8-4394-A17F-E6EA4083990D}\Setup.exe (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InstallMate\{9B60BBFB-AEC8-4394-A17F-E6EA4083990D}\TsuDll.dll (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.
 
(fim)
 


#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

Ok,

 

Faça o download do Windows Repair Portable.
http://www.tweaking....all_in_one.html
 
Escolha a opção: Portable (3.12 MB)

Instale o programa e execute-o.

Clique na aba Step 4 > Clique em Create para criar um ponto de restauração e em seguida em Backup para fazer backup do registro.
dFaOZ.png

Clique em Next em seguida Start.

Clique no botão 5wyy38.png para desmarcar todas as opções. Então marque:

Reset Registry Permissions
Reset File Permissions
Register System Files

Repair WMI
Repair Windows Firewall
Repair Internet Explorer

Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Repair Windows Updates

Repair Volume Shadow Copy Service
Restore Important Windows Services
Set Windows Services To Default Startup
Repair MSI (Windows Installer)
Repair File Associations
 
 
Em seguida deixe marcado como está na imagem e dê o Start:

2hcjhvc.png

Aguarde e ao término o PC será reiniciado.

 

Poste um novo log do HijackThis.



#9
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Feito! Segue abaixo...

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:00, on 11/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\DigiBestTV\ScheduleMonitor.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\DELL\Downloads\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\DELL\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [COOL] wscript.exe //B "C:\Users\DELL\AppData\Roaming\COOL.vbs"
O4 - Startup: Dropbox.lnk = C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: ScheduleMonitor.lnk = C:\Program Files (x86)\DigiBestTV\ScheduleMonitor.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\DELL\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...10926/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
 
--
End of file - 12543 bytes


#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

Baixe o Farbar Recovery Scan  e salve na sua área de trabalho.
 
Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.
 
Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.
 
Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt



#11
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts
Feito. Segue abaixo:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 01
Ran by DELL at 2013-09-11 17:35:01
Running from C:\Users\DELL\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (x32 Version: 3.2.3.28705)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Atheros Bluetooth Suite (64) (Version: 7.4.0.126)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
CCleaner (Version: 4.02)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Conexant SmartAudio HD (Version: 8.54.29.0)
CONNECTVDigital (x32 Version: 2.9.1)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2)
CutePDF Writer 3.0 (Version:  3.0)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.5127)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.1209.101.217)
Dell Webcam Central (x32 Version: 2.01.15)
Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0)
DigiBestDriverInstall (x32 Version: 1.16.0000)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Dropbox (HKCU Version: 2.0.26)
Escape Whisper Valley ™ (x32 Version: 2.2.0.95)
ESET NOD32 Antivirus (Version: 6.0.316.1)
EVEREST Ultimate Edition v5.00 (x32 Version: 5.00)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Final Drive Fury (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
HijackThis 1.99.1 (x32 Version: 1.99.1)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.1.1399)
Intel® Processor Graphics (x32 Version: 8.15.10.2712)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Quest (x32 Version: 2.2.0.95)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Jogos da WildTangent (x32 Version: 1.0.2.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Luxor (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware versão 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Monitor da tecnologia Intel® Turbo Boost 2.0 (Version: 2.1.23.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Panda USB Vaccine 1.0.1.4 (x32)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Samantha Swift (x32 Version: 2.2.0.95)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Skype™ 6.6 (x32 Version: 6.6.106)
TomTom HOME (x32 Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Installer for WildTangent Games App (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Zuma Deluxe (x32 Version: 2.2.0.95)
 
==================== Restore Points  =========================
 
03-09-2013 23:06:10 Windows Update
09-09-2013 17:21:01 ComboFix created restore point
09-09-2013 20:31:06 OTL Restore Point - 09/09/2013 17:31:02
10-09-2013 13:01:15 Instalado ESET NOD32 Antivirus
10-09-2013 13:05:52 Windows Update
10-09-2013 14:14:02 Configuração do(a) avast! Free Antivirus
10-09-2013 14:21:12 Configuração do(a) avast! Free Antivirus
10-09-2013 17:46:30 Instalado ESET NOD32 Antivirus
10-09-2013 17:49:27 Instalado ESET Smart Security
10-09-2013 18:23:19 Instalado ESET NOD32 Antivirus
11-09-2013 12:56:04 Tweaking.com - Windows Repair
 
==================== Hosts content: ==========================
 
2009-07-13 23:34 - 2013-09-09 14:27 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02FB43ED-9F7F-411A-97CF-31B966132CBF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0BCF39DC-79D2-44DA-AC06-C9AF68981ED1} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {1FE13A7E-6CFD-4105-B5F6-D9EE2D42AF2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26] (Google Inc.)
Task: {42B7BA6C-A523-4DEE-B8BD-5721401F00B5} - \DealPly No Task File
Task: {432788CD-EFC6-45FC-9974-8FB7C74DE024} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {4965BB93-F38A-40C7-A8C6-E1B326919919} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {9230FEBD-7006-4B5C-80DA-0376B03239DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-26] (Google Inc.)
Task: {B039FF8B-E03F-49B7-8670-A70EAE86C746} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {B8E118F0-0D66-4A31-94E6-8026A289E373} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {BC68AF1C-437B-49FE-B123-82EC2C04F972} - System32\Tasks\Games\UpdateCheck_S-1-5-21-507079830-1569758447-3025900709-1000
Task: {CFF628F9-7EEF-4FDC-815C-A41BDEBE81CA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-06-05 14:17 - 2013-06-05 14:17 - 00164016 _____ (Dropbox, Inc.) C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2012-08-10 07:26 - 2012-03-26 22:40 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrPTB.lrc
2012-08-10 07:25 - 2012-01-26 03:21 - 00112504 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2012-08-10 07:26 - 2012-03-26 22:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 00254080 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 00691288 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
2013-03-21 15:19 - 2013-03-21 15:19 - 00355008 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
2013-03-21 15:19 - 2013-03-21 15:19 - 00123752 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
2013-03-21 15:19 - 2013-03-21 15:19 - 00119144 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 01653320 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 01010624 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
2013-03-21 15:20 - 2013-03-21 15:20 - 00111416 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
2012-08-10 02:34 - 2012-01-13 19:11 - 00285312 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Core.dll
2012-08-10 02:34 - 2012-01-13 19:02 - 00125568 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxHDAudioAPILib.dll
2012-08-10 02:34 - 2012-01-13 19:02 - 01255552 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxHDAudioAPI.dll
2012-08-10 02:34 - 2011-10-11 20:43 - 00011904 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxUtilSvcLib.dll
2012-08-10 02:34 - 2012-01-10 15:36 - 00022656 _____ ( ) C:\Program Files\Conexant\SA3\Interop.MaxxAudioWrapperLib.dll
2012-08-10 02:34 - 2012-01-13 19:11 - 00030208 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Creative.dll
2012-08-10 02:34 - 2012-01-13 19:11 - 02677376 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Dell.dll
2012-08-10 02:34 - 2012-01-13 19:11 - 00446080 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Localization.dll
2012-08-10 02:34 - 2012-01-13 19:12 - 00141952 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Waves.dll
2012-08-10 02:34 - 2012-01-09 17:40 - 00364544 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\Languages\pt-BR\SmartAudio.resources.dll
2012-08-10 02:34 - 2012-01-10 15:36 - 00159360 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-08-10 02:34 - 2012-01-05 17:35 - 00968536 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2012-08-10 07:25 - 2012-01-26 03:21 - 00112504 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\VXDIF.DLL
2009-06-08 03:50 - 2009-06-08 03:50 - 00065536 _____ () C:\Program Files (x86)\DigiBestTV\MEDIATVSCHEDULEMONITOR.DLL
2012-11-13 20:32 - 2012-11-13 20:32 - 03558400 _____ (wxWidgets development team) C:\Users\DELL\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 17:48 - 2013-03-13 17:48 - 24978944 _____ () C:\Users\DELL\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 17:48 - 2013-03-13 17:48 - 09956864 _____ (The ICU Project) C:\Users\DELL\AppData\Roaming\Dropbox\bin\icudt.dll
2012-08-10 02:51 - 2011-10-18 18:08 - 00238080 _____ (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CTLoadRs.dll
2012-08-10 02:51 - 2012-03-06 17:20 - 00055808 _____ (Creative Technology Ltd.) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CtPinMgr.dll
2013-06-05 14:17 - 2013-06-05 14:17 - 00130736 _____ (Dropbox, Inc.) C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2013-09-04 19:06 - 2013-09-02 17:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-04 19:06 - 2013-09-02 17:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-08-16 12:35 - 2013-08-16 12:35 - 00489472 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
2013-07-14 15:29 - 2013-07-14 15:29 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
2013-09-04 19:06 - 2013-09-02 17:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-04 19:06 - 2013-09-02 17:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-04 19:06 - 2013-09-02 17:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-04 19:06 - 2013-09-02 17:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\Windows\System32:7D84F89C_Uni.gbp
 
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2013 09:53:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2013 07:26:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/11/2013 02:50:02 PM) (Source: Disk) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR6.
 
Error: (09/11/2013 02:50:01 PM) (Source: Disk) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR6.
 
Error: (09/11/2013 02:50:00 PM) (Source: Disk) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR6.
 
Error: (09/11/2013 02:49:59 PM) (Source: Disk) (User: )
Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR6.
 
Error: (09/11/2013 02:37:47 PM) (Source: WMPNetworkSvc) (User: )
Description: O serviço 'WMPNetworkSvc' não foi iniciado corretamente porque CoCreateInstance(CLSID_UPnPDeviceFinder) encontrou o erro '0x80004005'. Verifique se o serviço UPnPHost está sendo executado e se o componente UPnPHost do Windows foi instalado adequadamente.
 
Error: (09/11/2013 10:17:31 AM) (Source: WMPNetworkSvc) (User: )
Description: O serviço 'WMPNetworkSvc' não foi iniciado corretamente porque CoCreateInstance(CLSID_UPnPDeviceFinder) encontrou o erro '0x80004005'. Verifique se o serviço UPnPHost está sendo executado e se o componente UPnPHost do Windows foi instalado adequadamente.
 
 
Microsoft Office Sessions:
=========================
Error: (09/11/2013 09:53:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2013 07:26:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-09 14:26:52.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-09 14:26:51.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-08 13:54:42.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-08 13:54:42.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-08 13:54:42.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-08 13:54:42.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-27 15:20:37.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-27 15:20:37.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-27 15:20:37.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-27 15:20:37.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 6011.34 MB
Available physical RAM: 3684.04 MB
Total Pagefile: 12020.87 MB
Available Pagefile: 9347.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:371.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: BE63EC4B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

felipe.motaferreira,

 

Faltou o log FRST.txt



#13
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Opa, desculpa.

 

Segue os dois novamente.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by DELL (administrator) on TRABALHO-PC on 11-09-2013 22:29:16
Running from C:\Users\DELL\Downloads
Windows 7 Home Basic Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
( ) C:\PROGRA~2\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\DigiBestTV\ScheduleMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [COOL] - wscript.exe //B "C:\Users\DELL\AppData\Roaming\COOL.vbs"
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKCU\...\Run: [COOL] - wscript.exe //B "C:\Users\DELL\AppData\Roaming\COOL.vbs"
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577024 2012-03-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} URL = http://start.funmood...ults.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0D0EtByDyE0AtCtCtB0FtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1262670786
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} URL = http://start.funmood...ults.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0D0EtByDyE0AtCtCtB0FtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1262670786
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
SearchScopes: HKCU - DefaultScope {646097F6-C8DF-476C-AA16-40CD8C292262} URL = http://br.search.yah...&type=198484&p={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
SearchScopes: HKCU - {03D42308-AAF9-9F83-E267-145805465551} URL = 
SearchScopes: HKCU - {646097F6-C8DF-476C-AA16-40CD8C292262} URL = http://br.search.yah...&type=198484&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\DELL\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab
Handler: livecall - No CLSID Value - 
Handler: msnim - No CLSID Value - 
Handler-x32: livecall - No CLSID Value - 
Handler-x32: msnim - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [655552 2012-10-15] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 201.77.112.3 201.77.112.9
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Web Navigation) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja\1.0_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1
CHR Extension: (Gmail) - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
 
==================== Services (Whitelisted) =================
 
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 GbpSv; C:\PROGRA~2\GbPlugin\GbpSv.exe [279744 2012-10-15] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 ISDBAlpsBDA; C:\Windows\System32\DRIVERS\ISDBAlpsBDA.sys [54400 2009-12-24] (DigiBest Technlogy CO.,LTD)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [x]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-11 17:35 - 2013-09-11 17:35 - 00024285 _____ C:\Users\DELL\Downloads\Addition.txt
2013-09-11 17:34 - 2013-09-11 17:34 - 00000000 ____D C:\FRST
2013-09-11 11:12 - 2013-09-11 22:21 - 00012423 _____ C:\Users\DELL\Downloads\hijackthis.log
2013-09-11 11:11 - 2013-09-11 11:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\DELL\Downloads\HijackThis.exe
2013-09-11 10:01 - 2013-09-11 10:15 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-11 09:58 - 2013-09-11 09:58 - 00000207 _____ C:\Windows\tweaking.com-regbackup-TRABALHO-PC-Microsoft-Windows-7-Home-Basic-(64-bit).dat
2013-09-11 09:57 - 2013-09-11 09:57 - 00000000 ____D C:\RegBackup
2013-09-11 09:55 - 2013-09-11 09:55 - 00000000 ____D C:\Users\DELL\Downloads\Tweaking.com - Windows Repair
2013-09-11 09:54 - 2013-09-11 09:55 - 03258971 _____ C:\Users\DELL\Downloads\tweaking.com_windows_repair_aio.zip
2013-09-10 19:53 - 2013-09-10 19:53 - 00000087 _____ C:\Users\DELL\Desktop\Endereço envio - Jogos.txt
2013-09-10 19:18 - 2013-09-10 19:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Malwarebytes
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 19:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-10 19:17 - 2013-09-10 19:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\DELL\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 19:15 - 2013-09-10 19:15 - 00017944 _____ C:\Users\DELL\Desktop\JRT.txt
2013-09-10 19:10 - 2013-09-10 19:10 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 19:09 - 2013-09-10 19:10 - 01029490 _____ (Thisisu) C:\Users\DELL\Downloads\JRT.exe
2013-09-10 19:08 - 2013-09-10 19:08 - 00006418 _____ C:\Users\DELL\Desktop\AdwCleaner[S0].txt
2013-09-10 19:03 - 2013-09-10 19:06 - 00000000 ____D C:\AdwCleaner
2013-09-10 19:02 - 2013-09-10 19:03 - 01037278 _____ C:\Users\DELL\Downloads\adwcleaner.exe
2013-09-10 15:24 - 2013-09-10 15:24 - 00000000 ____D C:\Users\Todos os Usuários\ESET
2013-09-10 15:24 - 2013-09-10 15:24 - 00000000 ____D C:\ProgramData\ESET
2013-09-10 15:24 - 2013-09-10 15:24 - 00000000 ____D C:\Program Files\ESET
2013-09-10 14:57 - 2013-09-10 14:57 - 00000000 ____D C:\Users\DELL\AppData\Roaming\ESET
2013-09-10 12:09 - 2013-09-10 12:09 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2013-09-10 12:09 - 2013-09-10 12:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-10 11:47 - 2013-09-10 11:47 - 00000000 ____D C:\Users\Todos os Usuários\Panda Security
2013-09-10 11:47 - 2013-09-10 11:47 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-10 11:47 - 2013-09-10 11:47 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-10 10:06 - 2013-09-10 14:57 - 00000000 ____D C:\Users\DELL\AppData\Local\ESET
2013-09-09 15:22 - 2013-09-09 15:37 - 00000000 ____D C:\Users\DELL\Doctor Web
2013-09-09 15:13 - 2013-09-09 15:13 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-09 14:28 - 2013-09-09 14:28 - 00026910 _____ C:\ComboFix.txt
2013-09-09 14:20 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-09 14:20 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-09 14:20 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-09 14:20 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-09 14:20 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-09 14:20 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-09 14:20 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-09 14:20 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-09 14:19 - 2013-09-09 14:28 - 00000000 ____D C:\Qoobox
2013-09-09 14:19 - 2013-09-09 14:27 - 00000000 ____D C:\Windows\erdnt
2013-09-09 14:02 - 2013-09-09 14:02 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Zbshareware Lab
2013-09-09 13:59 - 2013-09-09 15:01 - 00000000 ____D C:\Program Files (x86)\ClamWin
2013-08-28 21:19 - 2013-08-28 21:19 - 00000000 ____D C:\found.001
2013-08-26 21:28 - 2013-08-26 21:28 - 00000000 ____D C:\Users\DELL\Documents\CyberLink
2013-08-26 15:02 - 2013-09-04 19:06 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-26 15:00 - 2013-09-11 22:20 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-26 15:00 - 2013-09-11 19:05 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-26 15:00 - 2013-08-26 15:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-26 15:00 - 2013-08-26 15:00 - 00004060 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-26 15:00 - 2013-08-26 15:00 - 00003808 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-26 15:00 - 2013-08-26 15:00 - 00000000 ____D C:\Users\DELL\AppData\Local\Deployment
2013-08-26 15:00 - 2013-08-26 15:00 - 00000000 ____D C:\Users\DELL\AppData\Local\Apps\2.0
2013-08-25 17:29 - 2013-08-25 17:29 - 00000000 ____D C:\Users\Todos os Usuários\SummerSoft
2013-08-25 17:29 - 2013-08-25 17:29 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-25 17:25 - 2013-08-25 17:38 - 00000000 ____D C:\Users\Todos os Usuários\InstallMate
2013-08-25 17:25 - 2013-08-25 17:38 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-25 17:20 - 2013-08-25 17:20 - 00000000 ____D C:\Users\DELL\RichMedia
2013-08-25 17:20 - 2013-08-25 17:20 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Radiocom
2013-08-25 17:20 - 2013-08-25 17:20 - 00000000 ____D C:\Users\DELL\AppData\Local\Radiocom
2013-08-15 23:59 - 2013-07-26 02:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 23:59 - 2013-07-26 02:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 23:59 - 2013-07-26 02:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 23:59 - 2013-07-26 02:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 23:59 - 2013-07-26 02:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 23:59 - 2013-07-26 00:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 23:59 - 2013-07-26 00:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 23:59 - 2013-07-26 00:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 23:59 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 23:59 - 2013-07-26 00:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 23:59 - 2013-07-26 00:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 23:59 - 2013-07-25 23:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 23:59 - 2013-07-25 23:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 23:59 - 2013-07-25 22:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 23:54 - 2013-08-15 23:55 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 10:03 - 2013-07-18 22:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 10:03 - 2013-07-18 22:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 10:03 - 2013-07-09 02:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 10:03 - 2013-07-09 02:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 10:03 - 2013-07-09 02:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 10:03 - 2013-07-09 02:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 10:03 - 2013-07-09 01:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 10:03 - 2013-07-09 01:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 10:03 - 2013-07-09 01:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 10:03 - 2013-07-09 01:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 10:02 - 2013-07-25 06:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 10:02 - 2013-07-25 05:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 10:02 - 2013-07-09 03:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 10:02 - 2013-07-09 02:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 10:02 - 2013-07-09 02:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 10:02 - 2013-07-09 02:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 10:02 - 2013-07-09 02:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 10:02 - 2013-07-09 02:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 10:02 - 2013-07-09 01:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 10:02 - 2013-07-09 01:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 10:02 - 2013-07-09 01:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 10:02 - 2013-07-08 23:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 10:02 - 2013-07-08 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 10:02 - 2013-07-08 23:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 10:02 - 2013-07-08 23:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 10:02 - 2013-07-06 03:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 10:02 - 2013-06-15 01:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 20:02 - 2013-08-14 20:02 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2013-08-14 20:02 - 2013-08-14 20:02 - 00000000 ____D C:\Users\DELL\AppData\Local\VS Revo Group
2013-08-14 20:02 - 2013-08-14 20:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-08-13 15:32 - 2013-09-11 22:20 - 00000000 ___RD C:\Users\DELL\Dropbox
2013-08-13 15:31 - 2013-08-13 15:31 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-13 15:30 - 2013-09-11 22:20 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Dropbox
 
==================== One Month Modified Files and Folders =======
 
2013-09-11 22:27 - 2013-09-11 22:25 - 01949642 _____ (Farbar) C:\Users\DELL\Downloads\FRST64.exe
2013-09-11 22:24 - 2010-11-21 06:37 - 00699786 _____ C:\Windows\system32\prfh0416.dat
2013-09-11 22:24 - 2010-11-21 06:37 - 00142572 _____ C:\Windows\system32\prfc0416.dat
2013-09-11 22:24 - 2009-07-14 02:13 - 01628224 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 22:22 - 2012-08-10 02:13 - 01481524 _____ C:\Windows\WindowsUpdate.log
2013-09-11 22:21 - 2013-09-11 11:12 - 00012423 _____ C:\Users\DELL\Downloads\hijackthis.log
2013-09-11 22:20 - 2013-08-26 15:00 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 22:20 - 2013-08-13 15:32 - 00000000 ___RD C:\Users\DELL\Dropbox
2013-09-11 22:20 - 2013-08-13 15:30 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Dropbox
2013-09-11 22:20 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 22:19 - 2013-06-23 14:15 - 00012227 _____ C:\Windows\setupact.log
2013-09-11 19:53 - 2012-08-10 02:15 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 19:05 - 2013-08-26 15:00 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 17:48 - 2012-09-04 16:59 - 00000000 ____D C:\Users\DELL\Documents\FELIPE
2013-09-11 17:35 - 2013-09-11 17:35 - 00024285 _____ C:\Users\DELL\Downloads\Addition.txt
2013-09-11 17:34 - 2013-09-11 17:34 - 00000000 ____D C:\FRST
2013-09-11 16:19 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 16:19 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 11:11 - 2013-09-11 11:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\DELL\Downloads\HijackThis.exe
2013-09-11 10:18 - 2012-08-16 10:17 - 00086144 _____ C:\Users\DELL\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 10:16 - 2013-06-23 14:14 - 00133196 _____ C:\Windows\PFRO.log
2013-09-11 10:16 - 2009-07-14 01:45 - 00341696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 10:15 - 2013-09-11 10:01 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-09-11 10:12 - 2009-07-13 23:34 - 00000471 _____ C:\Windows\win.ini
2013-09-11 09:58 - 2013-09-11 09:58 - 00000207 _____ C:\Windows\tweaking.com-regbackup-TRABALHO-PC-Microsoft-Windows-7-Home-Basic-(64-bit).dat
2013-09-11 09:57 - 2013-09-11 09:57 - 00000000 ____D C:\RegBackup
2013-09-11 09:55 - 2013-09-11 09:55 - 00000000 ____D C:\Users\DELL\Downloads\Tweaking.com - Windows Repair
2013-09-11 09:55 - 2013-09-11 09:54 - 03258971 _____ C:\Users\DELL\Downloads\tweaking.com_windows_repair_aio.zip
2013-09-10 19:53 - 2013-09-10 19:53 - 00000087 _____ C:\Users\DELL\Desktop\Endereço envio - Jogos.txt
2013-09-10 19:18 - 2013-09-10 19:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Malwarebytes
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 19:18 - 2013-09-10 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 19:17 - 2013-09-10 19:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\DELL\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 19:15 - 2013-09-10 19:15 - 00017944 _____ C:\Users\DELL\Desktop\JRT.txt
2013-09-10 19:10 - 2013-09-10 19:10 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 19:10 - 2013-09-10 19:09 - 01029490 _____ (Thisisu) C:\Users\DELL\Downloads\JRT.exe
2013-09-10 19:08 - 2013-09-10 19:08 - 00006418 _____ C:\Users\DELL\Desktop\AdwCleaner[S0].txt
2013-09-10 19:07 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-10 19:06 - 2013-09-10 19:03 - 00000000 ____D C:\AdwCleaner
2013-09-10 19:05 - 2012-09-09 23:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 19:03 - 2013-09-10 19:02 - 01037278 _____ C:\Users\DELL\Downloads\adwcleaner.exe
2013-09-10 15:24 - 2013-09-10 15:24 - 00000000 ____D C:\Users\Todos os Usuários\ESET
2013-09-10 15:24 - 2013-09-10 15:24 - 00000000 ____D C:\ProgramData\ESET
2013-09-10 15:24 - 2013-09-10 15:24 - 00000000 ____D C:\Program Files\ESET
2013-09-10 14:57 - 2013-09-10 14:57 - 00000000 ____D C:\Users\DELL\AppData\Roaming\ESET
2013-09-10 14:57 - 2013-09-10 10:06 - 00000000 ____D C:\Users\DELL\AppData\Local\ESET
2013-09-10 14:57 - 2012-08-10 02:15 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-10 14:53 - 2012-08-10 02:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-10 14:53 - 2012-08-10 02:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-10 14:23 - 2012-08-16 10:19 - 00000000 ___RD C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 12:09 - 2013-09-10 12:09 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2013-09-10 12:09 - 2013-09-10 12:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-10 11:47 - 2013-09-10 11:47 - 00000000 ____D C:\Users\Todos os Usuários\Panda Security
2013-09-10 11:47 - 2013-09-10 11:47 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-10 11:47 - 2013-09-10 11:47 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-10 11:22 - 2013-02-11 17:44 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2013-09-10 11:22 - 2013-02-11 17:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-10 11:13 - 2013-02-11 17:45 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-10 10:55 - 2013-01-28 00:34 - 00000000 ____D C:\Barras
2013-09-09 17:28 - 2012-08-10 02:40 - 00000000 ____D C:\Users\Todos os Usuários\WildTangent
2013-09-09 17:28 - 2012-08-10 02:40 - 00000000 ____D C:\ProgramData\WildTangent
2013-09-09 15:37 - 2013-09-09 15:22 - 00000000 ____D C:\Users\DELL\Doctor Web
2013-09-09 15:22 - 2012-08-16 10:16 - 00000000 ____D C:\Users\DELL
2013-09-09 15:13 - 2013-09-09 15:13 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-09 15:01 - 2013-09-09 13:59 - 00000000 ____D C:\Program Files (x86)\ClamWin
2013-09-09 14:28 - 2013-09-09 14:28 - 00026910 _____ C:\ComboFix.txt
2013-09-09 14:28 - 2013-09-09 14:19 - 00000000 ____D C:\Qoobox
2013-09-09 14:28 - 2009-07-14 00:20 - 00000000 __RHD C:\Users\Default
2013-09-09 14:27 - 2013-09-09 14:19 - 00000000 ____D C:\Windows\erdnt
2013-09-09 14:27 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2013-09-09 14:19 - 2012-09-10 17:50 - 00000000 ____D C:\Users\DELL\AppData\Local\CrashDumps
2013-09-09 14:02 - 2013-09-09 14:02 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Zbshareware Lab
2013-09-09 13:46 - 2009-07-14 00:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-04 22:44 - 2013-06-22 00:32 - 00000000 ____D C:\Users\DELL\Documents\ANA
2013-09-04 19:06 - 2013-08-26 15:02 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-02 20:26 - 2013-04-21 15:19 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-08-30 04:47 - 2013-02-11 17:45 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-28 21:19 - 2013-08-28 21:19 - 00000000 ____D C:\found.001
2013-08-26 21:28 - 2013-08-26 21:28 - 00000000 ____D C:\Users\DELL\Documents\CyberLink
2013-08-26 15:02 - 2012-09-08 14:33 - 00000000 ____D C:\Users\DELL\AppData\Local\Google
2013-08-26 15:01 - 2013-08-26 15:00 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-26 15:00 - 2013-08-26 15:00 - 00004060 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-26 15:00 - 2013-08-26 15:00 - 00003808 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-26 15:00 - 2013-08-26 15:00 - 00000000 ____D C:\Users\DELL\AppData\Local\Deployment
2013-08-26 15:00 - 2013-08-26 15:00 - 00000000 ____D C:\Users\DELL\AppData\Local\Apps\2.0
2013-08-25 20:34 - 2013-06-09 20:59 - 00000000 ____D C:\Users\DELL\AppData\Roaming\uTorrent
2013-08-25 20:26 - 2013-03-24 17:17 - 00000000 ____D C:\Users\DELL\AppData\Roaming\vlc
2013-08-25 17:39 - 2012-09-09 23:29 - 00000000 ____D C:\Users\DELL\AppData\Roaming\BSplayer
2013-08-25 17:39 - 2012-09-09 23:29 - 00000000 ____D C:\Program Files (x86)\Webteh
2013-08-25 17:38 - 2013-08-25 17:25 - 00000000 ____D C:\Users\Todos os Usuários\InstallMate
2013-08-25 17:38 - 2013-08-25 17:25 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-25 17:29 - 2013-08-25 17:29 - 00000000 ____D C:\Users\Todos os Usuários\SummerSoft
2013-08-25 17:29 - 2013-08-25 17:29 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-25 17:20 - 2013-08-25 17:20 - 00000000 ____D C:\Users\DELL\RichMedia
2013-08-25 17:20 - 2013-08-25 17:20 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Radiocom
2013-08-25 17:20 - 2013-08-25 17:20 - 00000000 ____D C:\Users\DELL\AppData\Local\Radiocom
2013-08-16 18:25 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 23:55 - 2013-08-15 23:54 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 23:54 - 2012-09-08 15:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 20:02 - 2013-08-14 20:02 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2013-08-14 20:02 - 2013-08-14 20:02 - 00000000 ____D C:\Users\DELL\AppData\Local\VS Revo Group
2013-08-14 20:02 - 2013-08-14 20:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-08-13 15:31 - 2013-08-13 15:31 - 00000000 ____D C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-11 10:46
 
==================== End Of Log ============================

Arquivo(s) anexado(s)



#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

Selecione e copie o texto dentro do CODE. Abra o Bloco de notas e cole o que copiou. Salve então no desktop com o nome de fixlist.txt
 

start
HKLM\...\Run: [COOL] - wscript.exe //B "C:\Users\DELL\AppData\Roaming\COOL.vbs"
HKCU\...\Run: [COOL] - wscript.exe //B "C:\Users\DELL\AppData\Roaming\COOL.vbs"
SearchScopes: HKLM - DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} URL = http://start.funmood...ults.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0D0EtByDyE0AtCtCtB0FtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1262670786
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} URL = http://start.funmood...ults.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0D0EtByDyE0AtCtCtB0FtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1262670786
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
SearchScopes: HKCU - DefaultScope {646097F6-C8DF-476C-AA16-40CD8C292262} URL = http://br.search.yah...&type=198484&p={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
SearchScopes: HKCU - {03D42308-AAF9-9F83-E267-145805465551} URL =
SearchScopes: HKCU - {646097F6-C8DF-476C-AA16-40CD8C292262} URL = http://br.search.yah...&type=198484&p={searchTerms}
end

 
Execute o FRST64 Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
 
Selecione, copie e cole o conteúdo deste log em sua próxima resposta.
 
Poste um novo log do HijackThis.



#15
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts
Feito. O log do HijackThis segue em anexo.
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 02
Ran by DELL at 2013-09-12 08:12:22 Run:1
Running from C:\Users\DELL\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [COOL] - wscript.exe //B "C:\Users\DELL\AppData\Roaming\COOL.vbs"
HKCU\...\Run: [COOL] - wscript.exe //B "C:\Users\DELL\AppData\Roaming\COOL.vbs"
SearchScopes: HKLM - DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} URL = http://start.funmood...ults.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0D0EtByDyE0AtCtCtB0FtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1262670786
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} URL = http://start.funmood...ults.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0D0EtByDyE0AtCtCtB0FtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1262670786
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
SearchScopes: HKCU - DefaultScope {646097F6-C8DF-476C-AA16-40CD8C292262} URL = http://br.search.yah...&type=198484&p={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {08D7CB82-CAB9-452E-BCA8-06C6E1E52A76}
SearchScopes: HKCU - {03D42308-AAF9-9F83-E267-145805465551} URL =
SearchScopes: HKCU - {646097F6-C8DF-476C-AA16-40CD8C292262} URL = http://br.search.yah...&type=198484&p={searchTerms}
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COOL => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\COOL => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} => Key deleted successfully.
HKCR\CLSID\{08D7CB82-CAB9-452E-BCA8-06C6E1E52A76} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{03D42308-AAF9-9F83-E267-145805465551} => Key deleted successfully.
HKCR\CLSID\{03D42308-AAF9-9F83-E267-145805465551} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{646097F6-C8DF-476C-AA16-40CD8C292262} => Key deleted successfully.
HKCR\CLSID\{646097F6-C8DF-476C-AA16-40CD8C292262} => Key not found.
 
==== End of Fixlog ====

Arquivo(s) anexado(s)



#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

Ok,

 

Faça o download do Windows Repair Portable.
http://www.tweaking....all_in_one.html
 
Escolha a opção: Portable (3.12 MB)

Instale o programa e execute-o.

Clique na aba Step 4 > Clique em Create para criar um ponto de restauração e em seguida em Backup para fazer backup do registro.
dFaOZ.png

Clique em Next em seguida Start.

Clique no botão 5wyy38.png para desmarcar todas as opções. Então marque:

Reset Registry Permissions
Reset File Permissions
Register System Files

Repair WMI
Repair Windows Firewall
Repair Internet Explorer

Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Repair Windows Updates

Repair Volume Shadow Copy Service
Restore Important Windows Services
Set Windows Services To Default Startup
Repair MSI (Windows Installer)
Repair File Associations
 
 
Em seguida deixe marcado como está na imagem e dê o Start:

2hcjhvc.png

Aguarde e ao término o PC será reiniciado.

 

Poste um novo log do HijackThis.



#17
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Feito. Segue abaixo.

 

Obrigado.

 

 

 

Logfile of HijackThis v1.99.1
Scan saved at 17:57:34, on 12/09/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\DigiBestTV\ScheduleMonitor.exe
C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\DELL\Desktop\HijackThis\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\DELL\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: Dropbox.lnk = C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: ScheduleMonitor.lnk = C:\Program Files (x86)\DigiBestTV\ScheduleMonitor.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\DELL\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creat...102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...10926/CTPID.cab
O18 - Protocol: livecall - (no CLSID) - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)
O18 - Protocol: msnim - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe


#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts

Ok,
 
Os logs estão limpos. :)
 

Para finalizar:

  • iconjava.png Atualize o Java. Versões antigas têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u40.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 27.69 MB jre-7u40-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u40-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:



#19
felipe.motaferreira

felipe.motaferreira

    Novato

  • Novato
  • Pip
  • 10 posts

Só tenho que agradecer. Muito obrigado e pode ter certeza que recomendarei a todos o site Linha Defensiva.

 

Grande abraço! :legal:  



#20
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.763 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.