Ganhe dinheiro  escrevendo tutoriais para o Fórum do BABOO! Conheça os Tutoriais Pagos 2016

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Sicairis

Como desinstalar o PSafe?

9 posts neste tópico

Boa noite,

Há um tempo atrás instalei o PSafe na minha máquina e hoje não consigo desinstalá-lo.

Alguém poderia me ajudar?

Obrigada.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para podermos ajudá-lo, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, clicando no segundo BOTÃO RESPONDER e aguarde novas instruções.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:27:24, on 12/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19272)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\aetcrss1.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\PSafe\PSafeWDS.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Sica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKG05CH6\HijackThis[1].exe

C:\Users\Sica\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PSafeWD - Psafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 7831 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o HijackThis e clique em "Do a system scan only" e marque as Entradas listadas abaixo, em seguida clique em "Fix Checked"

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-07-12.02 - Sica 12/07/2012 23:40:00.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3543.2132 [GMT -3:00]

Executando de: c:\users\Sica\Desktop\ComboFix.exe

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sica\HijackThis.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))

.

.

2012-07-13 02:49 . 2012-07-13 02:50 -------- d-----w- c:\users\Sica\AppData\Local\temp

2012-07-13 02:49 . 2012-07-13 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\users\Sica\AppData\Roaming\Malwarebytes

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 02:12 . 2012-07-03 16:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 23:33 . 2012-07-12 23:38 -------- d-----w- c:\users\Sica\AppData\Roaming\Systweak

2012-07-11 14:41 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 18:29 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-10 18:29 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-10 18:29 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-10 18:29 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-10 18:29 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-10 18:29 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-22 18:26 . 2012-06-22 18:26 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\921fb0ba1cd50a403\MeshBetaRemover.exe

2012-06-22 18:26 . 2012-06-22 18:26 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DSETUP.dll

2012-06-22 18:26 . 2012-06-22 18:26 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DXSETUP.exe

2012-06-22 18:26 . 2012-06-22 18:26 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\dsetup32.dll

2012-06-22 15:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 15:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 15:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 15:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 15:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 15:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 15:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 15:02 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 15:02 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 21:22 . 2012-06-20 21:22 -------- d-----w- C:\$AVG

2012-06-13 22:29 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]

@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]

2012-03-06 21:09 2317032 ----a-w- c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]

@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]

2012-03-06 21:09 2317032 ----a-w- c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]

@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]

2012-03-06 21:09 2317032 ----a-w- c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Sica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\windows\Downloaded Program Files\gbiehuni.dll" [2011-04-26 505336]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{7F49B9B7-2D53-433A-B40E-66C0DB18A2DD}.job

- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-12 23:50

Windows 6.0.6002 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

.

c:\users\Sica\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'lsass.exe'(616)

c:\windows\system32\aetsprov.dll

.

Tempo para conclusão: 2012-07-12 23:59:55

ComboFix-quarantined-files.txt 2012-07-13 02:59

ComboFix2.txt 2012-07-12 15:46

.

Pré-execução: 129.828.233.216 bytes disponíveis

Pós execução: 129.785.360.384 bytes disponíveis

.

- - End Of File - - 1A9943BFAB7D8C32F2CF89CD29F38144

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:21:43, on 13/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19272)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\conime.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Sica\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PSafeWD - Psafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 7525 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa branca) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::

c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]

[-HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]

[-HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]

[-HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]

Folder::

c:\program files\PSafe

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-07-13.02 - Sica 13/07/2012 11:21:44.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3543.1879 [GMT -3:00]

Executando de: c:\users\Sica\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Sica\Desktop\CFScript.txt

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\PSafe

c:\program files\PSafe\360FileOem.dll

c:\program files\PSafe\360FileOem.sys

c:\program files\PSafe\360FltOem.dll

c:\program files\PSafe\360FltOem.sys

c:\program files\PSafe\360HipsOem.dll

c:\program files\PSafe\360HookOem.sys

c:\program files\PSafe\360IpcOem.dll

c:\program files\PSafe\360MalwareSection.dll

c:\program files\PSafe\360RegOem.dll

c:\program files\PSafe\360RegOem.sys

c:\program files\PSafe\360SpOem.dll

c:\program files\PSafe\360SpOEM.sys

c:\program files\PSafe\360verify.dll

c:\program files\PSafe\bkpcf.dat

c:\program files\PSafe\bkpst.dat

c:\program files\PSafe\cloudcom2.dll

c:\program files\PSafe\cloudsec2.dll

c:\program files\PSafe\CQhCltHttpW.dll

c:\program files\PSafe\CrashLib.dll

c:\program files\PSafe\cyggcc_s-1.dll

c:\program files\PSafe\cygiconv-2.dll

c:\program files\PSafe\cygwin1.dll

c:\program files\PSafe\dbghelp.dll

c:\program files\PSafe\deepscan.dll

c:\program files\PSafe\dsr.dat

c:\program files\PSafe\gcswf32.dll

c:\program files\PSafe\heavygate.dll

c:\program files\PSafe\icudt.dll

c:\program files\PSafe\inventory.dat

c:\program files\PSafe\libcef.dll

c:\program files\PSafe\libeay32.dll

c:\program files\PSafe\libspyerp.dat

c:\program files\PSafe\libwhite.dat

c:\program files\PSafe\msvcp100.dll

c:\program files\PSafe\msvcr100.dll

c:\program files\PSafe\namespace\v2.5.1203.6402\CrashLib.dll

c:\program files\PSafe\namespace\v2.5.1203.6402\dbghelp.dll

c:\program files\PSafe\namespace\v2.5.1203.6402\PSafeNSEx86.dll

c:\program files\PSafe\netconf.dat

c:\program files\PSafe\postReply.html

c:\program files\PSafe\PSafeCategoryFinder.exe

c:\program files\PSafe\PSafeInstallHIPSFirewalls.exe

c:\program files\PSafe\PSafesvc.exe

c:\program files\PSafe\PSafeSysTray.exe

c:\program files\PSafe\PSafeWD.exe

c:\program files\PSafe\PSafeWDS.exe

c:\program files\PSafe\pshw.dll

c:\program files\PSafe\PSRsync.exe

c:\program files\PSafe\QHEngine.dll

c:\program files\PSafe\scanlog.dat

c:\program files\PSafe\schedule.dat

c:\program files\PSafe\Section\list_v01.db

c:\program files\PSafe\Section\mutex.db

c:\program files\PSafe\shell\v2.5.1203.6402\CrashLib.dll

c:\program files\PSafe\shell\v2.5.1203.6402\dbghelp.dll

c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

c:\program files\PSafe\speedmem2.hg

c:\program files\PSafe\ssleay32.dll

c:\program files\PSafe\sysfilerepS.dll

c:\program files\PSafe\unins.ico

c:\program files\PSafe\Uninstall.exe

c:\users\Sica\HijackThis.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_PSafeWD

-------\Service_PSafeWD

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))

.

.

2012-07-13 14:33 . 2012-07-13 14:45 -------- d-----w- c:\users\Sica\AppData\Local\temp

2012-07-13 14:33 . 2012-07-13 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 14:22 . 2012-06-18 06:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B63C8800-588A-4771-A10E-39EB475AC7EB}\mpengine.dll

2012-07-13 02:33 . 2012-07-13 02:33 -------- d-----w- c:\users\Sica\backups

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\users\Sica\AppData\Roaming\Malwarebytes

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 02:12 . 2012-07-03 16:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 23:33 . 2012-07-12 23:38 -------- d-----w- c:\users\Sica\AppData\Roaming\Systweak

2012-07-11 14:41 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 18:29 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-10 18:29 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-10 18:29 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-10 18:29 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-10 18:29 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-10 18:29 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-22 18:26 . 2012-06-22 18:26 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\921fb0ba1cd50a403\MeshBetaRemover.exe

2012-06-22 18:26 . 2012-06-22 18:26 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DSETUP.dll

2012-06-22 18:26 . 2012-06-22 18:26 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DXSETUP.exe

2012-06-22 18:26 . 2012-06-22 18:26 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\dsetup32.dll

2012-06-22 15:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 15:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 15:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 15:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 15:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 15:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 15:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 15:02 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 15:02 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 21:22 . 2012-06-20 21:22 -------- d-----w- C:\$AVG

2012-06-13 22:29 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 15:25 . 2010-12-02 16:31 237072 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-13_02.50.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2012-07-13 14:09 39870 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2012-07-13 14:44 58066 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-11-12 00:04 . 2012-07-13 14:44 11050 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2395481737-679381091-3117147122-1000_UserData.bin

+ 2009-09-24 14:26 . 2012-07-13 14:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-09-24 14:26 . 2012-07-13 01:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-24 14:26 . 2012-07-13 14:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-24 14:26 . 2012-07-13 01:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-24 14:26 . 2012-07-13 14:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-24 14:26 . 2012-07-13 01:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-07-13 14:35 . 2012-07-13 14:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-13 01:10 . 2012-07-13 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-13 01:10 . 2012-07-13 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-13 14:35 . 2012-07-13 14:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-24 17:43 . 2012-07-13 14:34 6396 c:\windows\bthservsdp.dat

- 2009-09-24 17:43 . 2012-07-13 01:09 6396 c:\windows\bthservsdp.dat

+ 2008-01-21 05:26 . 2012-07-13 14:40 643852 c:\windows\System32\prfh0416.dat

- 2008-01-21 05:26 . 2012-07-13 01:18 643852 c:\windows\System32\prfh0416.dat

- 2008-01-21 05:26 . 2012-07-13 01:18 125356 c:\windows\System32\prfc0416.dat

+ 2008-01-21 05:26 . 2012-07-13 14:40 125356 c:\windows\System32\prfc0416.dat

+ 2006-11-02 10:33 . 2012-07-13 14:40 596292 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2012-07-13 01:18 596292 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2012-07-13 01:18 104366 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2012-07-13 14:40 104366 c:\windows\System32\perfc009.dat

+ 2009-11-19 11:24 . 2012-07-13 03:06 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-11-19 11:24 . 2012-07-13 00:28 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-02-10 23:39 . 2012-07-13 14:34 333296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-02-10 23:39 . 2012-07-13 01:09 333296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Sica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\windows\Downloaded Program Files\gbiehuni.dll" [2011-04-26 505336]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{7F49B9B7-2D53-433A-B40E-66C0DB18A2DD}.job

- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-PSafe - c:\program files\PSafe\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-13 11:43

Windows 6.0.6002 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(5076)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\windows\System32\bcmwltry.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\LogMeIn\x86\LMIGuardianSvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\DellTPad\Apntex.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-07-13 11:55:34 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-07-13 14:55

ComboFix2.txt 2012-07-13 02:59

ComboFix3.txt 2012-07-12 15:46

.

Pré-execução: 129.734.340.608 bytes disponíveis

Pós execução: 129.479.020.544 bytes disponíveis

.

- - End Of File - - 8229A5F419A9FA130F3F65F485585437

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:18:43, on 13/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19272)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Sica\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 7505 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Abra o Painel de Controle > Sistema > Proteção do sistema e desmarque "Disco local" > Aplicar e Ok. Em seguida marque novamente > Aplicar e Ok;



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok, obrigada.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 5 Mensagens
    • 195 Visualizações
    • 1 Mensagens
    • 136 Visualizações
    • 29 Mensagens
    • 82551 Visualizações
    • 3 Mensagens
    • 361 Visualizações
    • 1 Mensagens
    • 100 Visualizações