Jump to content


Foto

Análise log HijackThis

hijackthis



Existem 18 respostas neste tópico

#1 maricris    

maricris
  • Participante
  • 50 mensagens

Publicado 11 May 2013 - 12:03 PM

Segue log para análise:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:35, on 11/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.greatresults.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehabn.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O15 - Trusted Zone: www.secureweb.com.br
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 11987 bytes
 


PUBLICIDADE  
 

#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65723 mensagens

Publicado 11 May 2013 - 12:26 PM

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .
MillionMPV.gif

#3 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65723 mensagens

Publicado 12 May 2013 - 06:52 PM

O PC está infectado....


MillionMPV.gif

#4 maricris    

maricris
  • Participante
  • 50 mensagens

Publicado 15 May 2013 - 09:32 AM

Segue log para analise:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.05.15.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: VERA-PC [administrador]
 
Proteção: Permitir
 
15/05/2013 09:25:03
mbam-log-2013-05-15 (09-25-03).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  212990
Tempo decorrido: 3 minuto(s), 13 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)
 
 
Obrigada


#5 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65723 mensagens

Publicado 15 May 2013 - 11:54 AM

Ok, continuando...

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console:
http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

MillionMPV.gif

#6 maricris    

maricris
  • Participante
  • 50 mensagens

Publicado 20 May 2013 - 09:40 AM

Oi, na verdade a unica coisa que eu nao consegui fazer foi salvar no desktop o programa, no que eu cliquei ele ja salvou e rodou automaticamente, então nao faço ideia de onde ele foi salvo.... 
De qualquer forma segue o novo LOG apresentado:

 

 

ComboFix 13-05-18.04 - user 20/05/2013   9:30.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1046.18.4061.1831 [GMT -3:00]
Executando de: c:\users\user\Downloads\ComboFix.exe
AV: AVG antivírus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG antivírus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130520082008.375199
c:\programdata\boost_interprocess\20130520082008.375199\Nobu64AgentService
c:\programdata\boost_interprocess\20130520082008.375199\Nobu64TrayIcon
c:\programdata\Browase2saaVE
c:\programdata\Browase2saaVE\51657c37b6639.tlb
c:\programdata\Browase2saaVE\settings.ini
c:\programdata\Browase2saaVE\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2saaVE
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2saaVE\Browase2saaVE.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2saaVE\Uninstall.lnk
c:\windows\SysWow64\drivers\ati4irxx.sys
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-20 to 2013-05-20  ))))))))))))))))))))))))))))
.
.
2013-05-20 12:35 . 2013-05-20 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 12:33 . 2013-05-20 12:33 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\programdata\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 12:23 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-05-11 14:50 . 2013-05-11 14:50 -------- d-----w- c:\program files\CCleaner
2013-05-10 12:25 . 2013-05-10 12:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-04-30 21:41 . 2013-04-30 21:41 -------- d-----w- c:\users\user\AppData\Roaming\AVG
2013-04-30 21:40 . 2013-04-30 21:42 -------- d-----w- c:\programdata\AVG
2013-04-30 21:40 . 2013-04-30 21:40 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-25 13:16 . 2013-05-02 18:32 -------- d-----w- c:\program files (x86)\SimpleSpeedy
2013-04-24 12:46 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:11 . 2012-10-20 15:26 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 15:32 . 2012-06-05 19:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:32 . 2012-06-05 19:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 12:12 . 2011-03-28 21:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-29 05:53 . 2013-03-29 05:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-21 06:08 . 2013-03-21 06:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 12:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:16 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-23 14:56 . 2013-02-23 14:56 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-23 14:56 . 2013-02-23 14:56 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-23 14:56 . 2013-02-23 14:56 188320 ----a-w- c:\windows\system32\java.exe
2013-02-23 14:56 . 2013-02-23 14:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-23 14:56 . 2012-10-26 12:24 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 14:56 . 2012-10-26 12:24 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-23 14:53 . 2013-02-23 14:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-23 14:53 . 2012-06-05 19:22 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-23 14:53 . 2012-06-05 19:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.exe" [2009-09-22 544768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}"="c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe" [2012-10-11 143928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2012-12-04 17:21 1718256 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 168096]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130517.001\IDSvia64.sys [2013-01-18 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-12-04 527856]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-18 138912]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 17:18 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 15:32]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-20 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-04-10 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-30 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-30 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-30 411672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.greatresults.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: agentware.net
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: sabre.com
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.0.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browase2saaVE\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-05-20  09:37:54
ComboFix-quarantined-files.txt  2013-05-20 12:37
.
Pré-execução: 445.172.645.888 bytes disponíveis
Pós execução: 444.802.957.312 bytes disponíveis
.
- - End Of File - - 29935F8783BE593E3468BD07467F691A
 


#7 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65723 mensagens

Publicado 20 May 2013 - 11:02 AM

Nunca use dois Antivírus juntos....Eles geram Conflitos, Instabilidades e Lentidão no PC, em suma um desastre completo. Dois antivírus instalados no computador competem entre si e abrem brecha para que a funcionalidade de um anule a proteção do outro.
Desinstale um, reinicie e faça/poste um novo Log para exame.
MillionMPV.gif

#8 maricris    

maricris
  • Participante
  • 50 mensagens

Publicado 21 May 2013 - 10:22 AM

Oi, então eu sabia disso dos antivírus, o que eu não tinha percebido é que os dois estavam ativos no meu computador ao mesmo tempo hehehe. Obrigada pela ajuda, segue o novo LOG:

 

 

a seComboFix 13-05-20.01 - user 21/05/2013   9:49.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1046.18.4061.1914 [GMT -3:00]
Executando de: c:\users\user\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130521092731.375199
c:\programdata\boost_interprocess\20130521092731.375199\Nobu64AgentService
c:\programdata\boost_interprocess\20130521092731.375199\Nobu64TrayIcon
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-21 to 2013-05-21  ))))))))))))))))))))))))))))
.
.
2013-05-21 13:00 . 2013-05-21 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-21 13:00 . 2013-05-21 13:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99555C0C-A462-4CAA-AD6E-377D2D9F1FC4}\offreg.dll
2013-05-20 12:33 . 2013-05-20 12:33 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\programdata\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 12:23 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-05-11 14:50 . 2013-05-11 14:50 -------- d-----w- c:\program files\CCleaner
2013-05-10 12:25 . 2013-05-10 12:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-04-30 21:41 . 2013-04-30 21:41 -------- d-----w- c:\users\user\AppData\Roaming\AVG
2013-04-30 21:40 . 2013-04-30 21:42 -------- d-----w- c:\programdata\AVG
2013-04-30 21:40 . 2013-04-30 21:40 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-25 13:16 . 2013-05-02 18:32 -------- d-----w- c:\program files (x86)\SimpleSpeedy
2013-04-24 12:46 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:11 . 2012-10-20 15:26 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 15:32 . 2012-06-05 19:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:32 . 2012-06-05 19:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 12:12 . 2011-03-28 21:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 12:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:16 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-23 14:56 . 2013-02-23 14:56 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-23 14:56 . 2013-02-23 14:56 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-23 14:56 . 2013-02-23 14:56 188320 ----a-w- c:\windows\system32\java.exe
2013-02-23 14:56 . 2013-02-23 14:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-23 14:56 . 2012-10-26 12:24 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 14:56 . 2012-10-26 12:24 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-23 14:53 . 2013-02-23 14:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-23 14:53 . 2012-06-05 19:22 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-23 14:53 . 2012-06-05 19:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.exe" [2009-09-22 544768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}"="c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe" [2012-10-11 143928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2012-12-04 17:21 1718256 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 168096]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130517.001\IDSvia64.sys [2013-01-18 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-12-04 527856]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-18 138912]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 17:18 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 15:32]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-21 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-04-10 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-30 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-30 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-30 411672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.greatresults.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: agentware.net
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: sabre.com
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.0.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browase2saaVE\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-05-21  10:19:33
ComboFix-quarantined-files.txt  2013-05-21 13:19
ComboFix2.txt  2013-05-20 12:37
.
Pré-execução: 443.938.390.016 bytes disponíveis
Pós execução: 445.885.661.184 bytes disponíveis
.
- - End Of File - - 5A3B2DDD890F80950E9EB2BED850EAB7
 
Fico no aguardo e muito obrigada mais uma vez.
 


#9 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65723 mensagens

Publicado 21 May 2013 - 10:43 AM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:
Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de
JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.
MillionMPV.gif

#10 maricris    

maricris
  • Participante
  • 50 mensagens

Publicado 22 May 2013 - 10:21 AM

Bom dia, segue LOGS conforme solicitado:

 

1° - adwcleaner

 

 

# AdwCleaner v2.301 - Relatório criado em 22/05/2013 às 09:36:33
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : user - VERA-PC
# Modo de Boot : Normal
# Executado de : C:\Users\user\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Pasta Removido : C:\Program Files (x86)\WebSearch
Pasta Removido : C:\ProgramData\InstallMate
Pasta Removido : C:\ProgramData\SoftSafe
Removido Durante o reboot : C:\ProgramData\BetterSoft
Removido Durante o reboot : C:\ProgramData\boost_interprocess
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\AppDataLow\SProtector
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Removida : HKLM\Software\SP Global
Chave Removida : HKLM\Software\SProtector
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
 
***** [Navegadores] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/ --> hxxp://www.google.com
 
-\\ Google Chrome v26.0.1410.64
 
*************************
 
AdwCleaner[S1].txt - [1984 octets] - [22/05/2013 09:36:33]
 
########## EOF - C:\AdwCleaner[S1].txt - [2044 octets] ##########
 
 
2° - JRT 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by user on 22/05/2013 at  9:42:27,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\bettersoft"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Program Files (x86)\SimpleSpeedy"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{00A1F99D-6D76-4CE8-8FC6-4C5EC1049435}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{02370986-9ACD-4092-8219-97EE096F469D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{05CC04DF-6E6E-48EC-BC1B-6CC47C553301}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0648F324-AA48-4CF3-97B2-7BC07477614F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{06AD671D-2CE7-4D88-833D-BF92CD3C64B0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{073ACAAE-1430-4213-8BE2-1844F12F9FB2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{09454823-464F-4D1F-AA75-BCDAE26B2F0E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{11C980FB-AD65-4880-A12A-63DDF6470FEA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{17FE841F-8722-45D1-B053-8BFD2BD6364F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1B648BC0-9A53-4921-B205-5FAA8D94AD14}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1BD49E96-ABF4-4C34-A136-53E759C96EEB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1CB7BA56-F4A6-4914-A551-52F95F781BC0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1E7EA140-69F7-4855-B046-785B058D23F9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1F03984F-867D-4FB8-ADAC-52633F733C27}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1FB18B5D-BCA7-4D5B-B6E0-B8E17ACC5B8B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2283553E-BFA8-4FA4-A38E-03DB9FCFCBEB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{24733C79-CAE2-4ECC-B939-5D267B412D0F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{24AA3A39-F20B-4554-A6E7-6E549DEE6D70}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{25564269-396E-438A-B33C-58A2203FE1EE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{26F23199-9478-44B3-A270-A3D4FC42D0FB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2816324B-1519-4C44-A101-6EF17D5EC800}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{29F681AF-1DF1-4256-A24A-877F30ECAC34}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2A22F19E-D8A4-49CD-B3F3-DA4986D7A430}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2ACC7DDE-1132-4387-9CC0-A9CCF1A640D1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2B282917-A396-4A43-97FF-F364BC65D078}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2C62EBB1-AC46-463B-AD9D-90D705C0807D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2C95813C-1A92-467C-AF3F-EB303A812CBC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2D15F96D-1DBF-4985-BEDB-CA3E865F5C47}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2DD9FFB5-39F0-4355-A7B0-DCCC0AB72764}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{32ADD56D-67CC-4F40-81E7-9FD3CED8AB11}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3436190B-9762-4437-B4F5-C2C57A3EB18E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{35D00B3A-CDC2-419B-BF0A-E26FAFB35B65}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{35DD4B02-86DE-46AA-8F7A-F6E0109053FC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{35F38CB5-C5D8-4C34-819B-729438B2074C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{36DE2A60-C25F-43FF-A670-7FBE615EBA5C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{37FAB02B-0BBF-4007-B4F1-CA0DD49C58B7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3C9A9884-D97F-446A-B891-36342DFD2FBE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{424745D3-F949-4BA4-AF97-A7F02D7E5458}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{43F615C6-59F4-49AB-88B5-8B952922FC39}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4421FE16-DD55-41C6-8219-072AE2A894B6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{44F6A7A5-AC87-4B96-B94D-6CC7D62E15FF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4B5D1149-86EF-4F04-A2B6-749CB956A047}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4D021DE8-C33B-43A4-BF46-4624992A6422}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4ED71176-39C4-464D-AD3B-506D997611A9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5272241E-F25B-44C0-8EB6-6970FB9CF226}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5522AAE6-14FB-48A5-B474-4C6B53CDD93F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{55E17252-0D40-416E-BAFE-54DD5B4738E6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{58C4DB41-57B5-42C9-970E-11B58CFEB0A5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5B905A72-BA74-4D07-BDA9-68EF1F180B73}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5E1C78DA-E093-4817-9993-B7C5D6E50EF8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5F5B1DE5-D64E-4051-AE12-D30936390A7E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{60723320-4FF2-4E9D-9B61-EE113317A57D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{650C3F0B-AC39-49A5-867A-5FE6C2593DF5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6523F07B-83CC-45EC-BE9C-A7D5DF838D2D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{666CC7EC-6AD7-4F3B-A3FB-A8224B151F62}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{68277D8B-46A7-4A2A-8E27-33A7EC0A8542}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{688986F4-67DF-44DA-B593-CF4AA3C84884}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6ACFB761-615D-4E99-8798-89030EED084E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6C1545C3-3002-463A-BE7A-A8FD92167203}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6FC33B24-3711-4008-B8CB-A9A1122E339B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{704EE3E8-0E37-4626-AFD7-B926303E2C20}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{722D7E62-2939-426B-9F78-4A5AF1931FAC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7300D689-10A8-43E5-9612-1D27D4FB8383}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{780D9B2E-B556-486F-87FB-C0574654E05A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7815B7A7-EE5B-473A-8CEF-B863E33881CC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{79EEA729-0B35-4DB3-86DE-7CE8C0A15E5D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7A2A20DE-0CB7-4A9B-9AC9-B613A63DF298}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7A8647EA-C97D-4280-A05B-DD40309D9B2E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7DF0C898-3679-4844-BC0C-7EC8490F621A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7E5990BC-59D7-41AF-9124-FA9B91E62BDD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{807FAB3D-7A92-44E6-BCEB-77751CCFBCF7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{82921958-01E2-4222-A397-0360B86ED8A7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{837ADB97-D056-4288-A60F-B1ADBE2E4632}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8683B318-4B75-436D-BFAC-F47545265D89}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{888A8398-C660-42F4-87E1-9F0F4F3AC821}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{88A87CA0-70EF-4751-B079-49674C934A84}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8A46BA2C-DF93-4DAF-8286-EA02BB5D4E1D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8B04F13D-79AB-4A60-BE7C-A262781B11A6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8F0D0B6B-4B62-4AC2-A4B5-58DC82253231}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8FE65A24-5C1F-4B64-AF23-BF34DC5CAAF3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9195FE83-4747-43AD-9BBF-F9C0EDB6FC87}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{91EF7DC4-7D5B-4BDF-9AE0-CC217F0EF92D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{926B7301-6F74-451B-8005-E12893E46065}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{95D2B720-1DA7-4AD5-90AE-5E955F672E2A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{96BBF063-6A30-4E17-8C5A-01B08A1F3E81}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9789D5B8-5A51-4D63-B5E0-6F621D17778A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9B10CA44-969C-4DE2-B896-9EB35D316637}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9BC3DB49-AD2F-472D-87E4-B870E43DE054}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9E54BF05-33AB-4271-B17F-97191BD9D255}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9F42C34F-0F5D-4BAC-8E02-28A1B5D1B855}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A2866201-F510-45E6-8318-6A08BF0911FD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A889448B-1723-4715-B707-625A7FFFDC4C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A9A01390-12FD-40E3-A4B0-8E44B998E43B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B1913130-FDB6-4DBA-AAFA-9A12DCE56632}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B192D63A-AA8B-4D03-937C-2A5E6F6844DD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B224E994-3E83-4F1C-A930-54E0CFC80E35}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B646311A-3ED6-4E38-A580-6E814396E308}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B9CBF080-039D-4F57-83B9-096EF0EDDEBC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BC265A2F-50D4-432F-BAAC-B2B87DA500AD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BD0942BB-918A-4A7A-BCD7-6952432D2720}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BD2CF57C-F228-4B46-9F25-3DA6AD6588EA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BD504E23-D97F-42C6-B8AA-EECB5EE5860D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BF2865E6-8B12-483A-9D15-AA1A0DD68B99}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BF5BF641-47FC-47A4-9F6A-0D1B8472F106}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BFEFD3B7-080B-4E46-A3FB-5E90279E3215}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C38E088F-B7BD-4014-8FAE-2B3CCBF533AE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C3A8106D-C990-4E02-9672-04D273DC802A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C3C68339-4F45-445F-8643-90592ECA66D7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C5D66D4A-DC83-4446-9C2F-B3D64BA6E964}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C6F67D58-7F33-41DC-8DCD-F3130874FFAC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C7A8BEB9-CE11-4A26-A93A-C92165BC0F58}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CE125368-4BAE-4A13-A74C-F7698C757418}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CEF05065-0C81-494C-8424-190EB6E45DB5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D01B4909-074D-42DC-91C6-F29264325F45}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D0FC13D0-023A-4E9E-889E-55CDB0FC4013}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D1EB111C-D3DE-45D7-BE30-5CDE0222B57B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D266F48A-FC7F-47B0-B658-E990F43EEFA4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D2BC466E-E3A1-44D7-A527-749F2336BAF2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D35571DE-4EC8-4A5F-811F-FDBD3538A33C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D4C36747-927F-41C9-800B-81DC5D2F03CC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D57FDFF9-D4AB-49C8-9BB1-246A404961B6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DA34DA86-7CF3-478A-9B6D-082E1D0F52B9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DAD1935D-2166-439D-A8DE-BA43CD0250E3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DBF8FD6B-3E8D-4298-8200-84002C5FF53B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E0A2E0BB-C326-4161-9E92-63DBD40BDBA2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E4784657-36C8-4504-AF42-991A7E51FA24}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E57F06C6-F8C8-49C5-909F-F1A6411E591C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E6591BA9-509C-4910-8142-550919F73849}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E9D57B5A-2B44-4123-BCDE-AAE9B0A2D5E1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EBE2EC44-94B8-4926-9B27-D76C7D56A716}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EC09288D-D8B6-42B6-986B-D56009E9E380}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EDD6C947-EFD0-47E0-8844-378A5C8417BB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F108A509-52B1-42D0-8B54-71A50717B9FD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F1822FBB-2FCF-40CF-A545-B9C722A3C7EE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F4635374-2691-4360-A182-74C4CF609E58}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F537C886-4D91-4461-8EEC-FC238AB4E962}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F557B125-1048-45C5-99C1-62CD712E7F5B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F7D04E03-C00B-4623-870D-1D5DCD540D61}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F84D2E9E-5361-42F9-9C59-04996D90A13A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FA39DDE3-B2E8-4FAF-9C9E-3FBF666DFA44}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FA7ED786-76DD-43B3-A504-005D37600317}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FCE6602E-538C-41F8-B2DC-A6614F787C19}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FE5ED4A3-46B0-42E5-BFFC-5577F11BF09E}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2013 at  9:50:11,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

Obrigada




PUBLICIDADE  
 









Tópicos com palavra-chave: hijackthis