Ganhe dinheiro  escrevendo tutoriais para o Fórum do BABOO! Conheça os Tutoriais Pagos 2016

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

maricris

Análise log HijackThis

19 posts neste tópico

Segue log para análise:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:35, on 11/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.greatresults.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehabn.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O15 - Trusted Zone: www.secureweb.com.br
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 11987 bytes
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

O PC está infectado....



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue log para analise:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.05.15.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
user :: VERA-PC [administrador]
 
Proteção: Permitir
 
15/05/2013 09:25:03
mbam-log-2013-05-15 (09-25-03).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  212990
Tempo decorrido: 3 minuto(s), 13 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)
 
 
Obrigada

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, continuando...

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi, na verdade a unica coisa que eu nao consegui fazer foi salvar no desktop o programa, no que eu cliquei ele ja salvou e rodou automaticamente, então nao faço ideia de onde ele foi salvo.... 
De qualquer forma segue o novo LOG apresentado:

 

 

ComboFix 13-05-18.04 - user 20/05/2013   9:30.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1046.18.4061.1831 [GMT -3:00]
Executando de: c:\users\user\Downloads\ComboFix.exe
AV: AVG antivírus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG antivírus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130520082008.375199
c:\programdata\boost_interprocess\20130520082008.375199\Nobu64AgentService
c:\programdata\boost_interprocess\20130520082008.375199\Nobu64TrayIcon
c:\programdata\Browase2saaVE
c:\programdata\Browase2saaVE\51657c37b6639.tlb
c:\programdata\Browase2saaVE\settings.ini
c:\programdata\Browase2saaVE\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2saaVE
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2saaVE\Browase2saaVE.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2saaVE\Uninstall.lnk
c:\windows\SysWow64\drivers\ati4irxx.sys
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-20 to 2013-05-20  ))))))))))))))))))))))))))))
.
.
2013-05-20 12:35 . 2013-05-20 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 12:33 . 2013-05-20 12:33 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\programdata\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 12:23 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-05-11 14:50 . 2013-05-11 14:50 -------- d-----w- c:\program files\CCleaner
2013-05-10 12:25 . 2013-05-10 12:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-04-30 21:41 . 2013-04-30 21:41 -------- d-----w- c:\users\user\AppData\Roaming\AVG
2013-04-30 21:40 . 2013-04-30 21:42 -------- d-----w- c:\programdata\AVG
2013-04-30 21:40 . 2013-04-30 21:40 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-25 13:16 . 2013-05-02 18:32 -------- d-----w- c:\program files (x86)\SimpleSpeedy
2013-04-24 12:46 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:11 . 2012-10-20 15:26 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 15:32 . 2012-06-05 19:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:32 . 2012-06-05 19:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 12:12 . 2011-03-28 21:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-29 05:53 . 2013-03-29 05:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-21 06:08 . 2013-03-21 06:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 12:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:16 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-23 14:56 . 2013-02-23 14:56 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-23 14:56 . 2013-02-23 14:56 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-23 14:56 . 2013-02-23 14:56 188320 ----a-w- c:\windows\system32\java.exe
2013-02-23 14:56 . 2013-02-23 14:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-23 14:56 . 2012-10-26 12:24 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 14:56 . 2012-10-26 12:24 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-23 14:53 . 2013-02-23 14:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-23 14:53 . 2012-06-05 19:22 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-23 14:53 . 2012-06-05 19:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.exe" [2009-09-22 544768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}"="c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe" [2012-10-11 143928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2012-12-04 17:21 1718256 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 168096]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130517.001\IDSvia64.sys [2013-01-18 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-12-04 527856]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-18 138912]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 17:18 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 15:32]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-20 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-04-10 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-30 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-30 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-30 411672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.greatresults.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: agentware.net
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: sabre.com
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.0.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browase2saaVE\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-05-20  09:37:54
ComboFix-quarantined-files.txt  2013-05-20 12:37
.
Pré-execução: 445.172.645.888 bytes disponíveis
Pós execução: 444.802.957.312 bytes disponíveis
.
- - End Of File - - 29935F8783BE593E3468BD07467F691A
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nunca use dois Antivírus juntos....Eles geram Conflitos, Instabilidades e Lentidão no PC, em suma um desastre completo. Dois antivírus instalados no computador competem entre si e abrem brecha para que a funcionalidade de um anule a proteção do outro.

Desinstale um, reinicie e faça/poste um novo Log para exame.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi, então eu sabia disso dos antivírus, o que eu não tinha percebido é que os dois estavam ativos no meu computador ao mesmo tempo hehehe. Obrigada pela ajuda, segue o novo LOG:

 

 

a seComboFix 13-05-20.01 - user 21/05/2013   9:49.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1046.18.4061.1914 [GMT -3:00]
Executando de: c:\users\user\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130521092731.375199
c:\programdata\boost_interprocess\20130521092731.375199\Nobu64AgentService
c:\programdata\boost_interprocess\20130521092731.375199\Nobu64TrayIcon
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-21 to 2013-05-21  ))))))))))))))))))))))))))))
.
.
2013-05-21 13:00 . 2013-05-21 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-21 13:00 . 2013-05-21 13:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99555C0C-A462-4CAA-AD6E-377D2D9F1FC4}\offreg.dll
2013-05-20 12:33 . 2013-05-20 12:33 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\programdata\Malwarebytes
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 12:23 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-15 12:23 . 2013-05-15 12:23 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-05-11 14:50 . 2013-05-11 14:50 -------- d-----w- c:\program files\CCleaner
2013-05-10 12:25 . 2013-05-10 12:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-04-30 21:41 . 2013-04-30 21:41 -------- d-----w- c:\users\user\AppData\Roaming\AVG
2013-04-30 21:40 . 2013-04-30 21:42 -------- d-----w- c:\programdata\AVG
2013-04-30 21:40 . 2013-04-30 21:40 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-25 13:16 . 2013-05-02 18:32 -------- d-----w- c:\program files (x86)\SimpleSpeedy
2013-04-24 12:46 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:11 . 2012-10-20 15:26 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 15:32 . 2012-06-05 19:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:32 . 2012-06-05 19:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 12:12 . 2011-03-28 21:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 12:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 12:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:16 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-23 14:56 . 2013-02-23 14:56 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-23 14:56 . 2013-02-23 14:56 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-23 14:56 . 2013-02-23 14:56 188320 ----a-w- c:\windows\system32\java.exe
2013-02-23 14:56 . 2013-02-23 14:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-23 14:56 . 2012-10-26 12:24 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-23 14:56 . 2012-10-26 12:24 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-23 14:53 . 2013-02-23 14:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-23 14:53 . 2012-06-05 19:22 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-23 14:53 . 2012-06-05 19:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 220608 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.exe" [2009-09-22 544768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}"="c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe" [2012-10-11 143928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2012-12-04 17:21 1718256 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 168096]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130517.001\IDSvia64.sys [2013-01-18 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-12-04 527856]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-18 138912]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 17:18 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 15:32]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-05 13:51]
.
2013-05-21 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-04-10 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-20 14:17 244672 ----a-w- c:\users\user\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-30 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-30 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-30 411672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.greatresults.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: agentware.net
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: sabre.com
Trusted Zone: santander.com.br\www
Trusted Zone: santanderempresarial.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: santandernet.com.br\wwws
Trusted Zone: santandernet.com.br\wwws2
Trusted Zone: santandernetibe.com.br\www
Trusted Zone: secureweb.com.br\www
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.0.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browase2saaVE\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-05-21  10:19:33
ComboFix-quarantined-files.txt  2013-05-21 13:19
ComboFix2.txt  2013-05-20 12:37
.
Pré-execução: 443.938.390.016 bytes disponíveis
Pós execução: 445.885.661.184 bytes disponíveis
.
- - End Of File - - 5A3B2DDD890F80950E9EB2BED850EAB7
 
Fico no aguardo e muito obrigada mais uma vez.
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, segue LOGS conforme solicitado:

 

1° - adwcleaner

 

 

# AdwCleaner v2.301 - Relatório criado em 22/05/2013 às 09:36:33
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : user - VERA-PC
# Modo de Boot : Normal
# Executado de : C:\Users\user\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Pasta Removido : C:\Program Files (x86)\WebSearch
Pasta Removido : C:\ProgramData\InstallMate
Pasta Removido : C:\ProgramData\SoftSafe
Removido Durante o reboot : C:\ProgramData\BetterSoft
Removido Durante o reboot : C:\ProgramData\boost_interprocess
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\AppDataLow\SProtector
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Removida : HKLM\Software\SP Global
Chave Removida : HKLM\Software\SProtector
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
 
***** [Navegadores] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.greatresults.info/ --> hxxp://www.google.com
 
-\\ Google Chrome v26.0.1410.64
 
*************************
 
AdwCleaner[s1].txt - [1984 octets] - [22/05/2013 09:36:33]
 
########## EOF - C:\AdwCleaner[s1].txt - [2044 octets] ##########
 
 
2° - JRT 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by user on 22/05/2013 at  9:42:27,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\bettersoft"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Program Files (x86)\SimpleSpeedy"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{00A1F99D-6D76-4CE8-8FC6-4C5EC1049435}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{02370986-9ACD-4092-8219-97EE096F469D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{05CC04DF-6E6E-48EC-BC1B-6CC47C553301}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0648F324-AA48-4CF3-97B2-7BC07477614F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{06AD671D-2CE7-4D88-833D-BF92CD3C64B0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{073ACAAE-1430-4213-8BE2-1844F12F9FB2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{09454823-464F-4D1F-AA75-BCDAE26B2F0E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{11C980FB-AD65-4880-A12A-63DDF6470FEA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{17FE841F-8722-45D1-B053-8BFD2BD6364F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1B648BC0-9A53-4921-B205-5FAA8D94AD14}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1BD49E96-ABF4-4C34-A136-53E759C96EEB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1CB7BA56-F4A6-4914-A551-52F95F781BC0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1E7EA140-69F7-4855-B046-785B058D23F9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1F03984F-867D-4FB8-ADAC-52633F733C27}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1FB18B5D-BCA7-4D5B-B6E0-B8E17ACC5B8B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2283553E-BFA8-4FA4-A38E-03DB9FCFCBEB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{24733C79-CAE2-4ECC-B939-5D267B412D0F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{24AA3A39-F20B-4554-A6E7-6E549DEE6D70}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{25564269-396E-438A-B33C-58A2203FE1EE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{26F23199-9478-44B3-A270-A3D4FC42D0FB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2816324B-1519-4C44-A101-6EF17D5EC800}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{29F681AF-1DF1-4256-A24A-877F30ECAC34}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2A22F19E-D8A4-49CD-B3F3-DA4986D7A430}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2ACC7DDE-1132-4387-9CC0-A9CCF1A640D1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2B282917-A396-4A43-97FF-F364BC65D078}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2C62EBB1-AC46-463B-AD9D-90D705C0807D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2C95813C-1A92-467C-AF3F-EB303A812CBC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2D15F96D-1DBF-4985-BEDB-CA3E865F5C47}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2DD9FFB5-39F0-4355-A7B0-DCCC0AB72764}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{32ADD56D-67CC-4F40-81E7-9FD3CED8AB11}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3436190B-9762-4437-B4F5-C2C57A3EB18E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{35D00B3A-CDC2-419B-BF0A-E26FAFB35B65}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{35DD4B02-86DE-46AA-8F7A-F6E0109053FC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{35F38CB5-C5D8-4C34-819B-729438B2074C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{36DE2A60-C25F-43FF-A670-7FBE615EBA5C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{37FAB02B-0BBF-4007-B4F1-CA0DD49C58B7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3C9A9884-D97F-446A-B891-36342DFD2FBE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{424745D3-F949-4BA4-AF97-A7F02D7E5458}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{43F615C6-59F4-49AB-88B5-8B952922FC39}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4421FE16-DD55-41C6-8219-072AE2A894B6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{44F6A7A5-AC87-4B96-B94D-6CC7D62E15FF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4B5D1149-86EF-4F04-A2B6-749CB956A047}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4D021DE8-C33B-43A4-BF46-4624992A6422}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4ED71176-39C4-464D-AD3B-506D997611A9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5272241E-F25B-44C0-8EB6-6970FB9CF226}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5522AAE6-14FB-48A5-B474-4C6B53CDD93F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{55E17252-0D40-416E-BAFE-54DD5B4738E6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{58C4DB41-57B5-42C9-970E-11B58CFEB0A5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5B905A72-BA74-4D07-BDA9-68EF1F180B73}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5E1C78DA-E093-4817-9993-B7C5D6E50EF8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5F5B1DE5-D64E-4051-AE12-D30936390A7E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{60723320-4FF2-4E9D-9B61-EE113317A57D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{650C3F0B-AC39-49A5-867A-5FE6C2593DF5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6523F07B-83CC-45EC-BE9C-A7D5DF838D2D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{666CC7EC-6AD7-4F3B-A3FB-A8224B151F62}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{68277D8B-46A7-4A2A-8E27-33A7EC0A8542}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{688986F4-67DF-44DA-B593-CF4AA3C84884}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6ACFB761-615D-4E99-8798-89030EED084E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6C1545C3-3002-463A-BE7A-A8FD92167203}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6FC33B24-3711-4008-B8CB-A9A1122E339B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{704EE3E8-0E37-4626-AFD7-B926303E2C20}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{722D7E62-2939-426B-9F78-4A5AF1931FAC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7300D689-10A8-43E5-9612-1D27D4FB8383}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{780D9B2E-B556-486F-87FB-C0574654E05A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7815B7A7-EE5B-473A-8CEF-B863E33881CC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{79EEA729-0B35-4DB3-86DE-7CE8C0A15E5D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7A2A20DE-0CB7-4A9B-9AC9-B613A63DF298}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7A8647EA-C97D-4280-A05B-DD40309D9B2E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7DF0C898-3679-4844-BC0C-7EC8490F621A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7E5990BC-59D7-41AF-9124-FA9B91E62BDD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{807FAB3D-7A92-44E6-BCEB-77751CCFBCF7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{82921958-01E2-4222-A397-0360B86ED8A7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{837ADB97-D056-4288-A60F-B1ADBE2E4632}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8683B318-4B75-436D-BFAC-F47545265D89}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{888A8398-C660-42F4-87E1-9F0F4F3AC821}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{88A87CA0-70EF-4751-B079-49674C934A84}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8A46BA2C-DF93-4DAF-8286-EA02BB5D4E1D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8B04F13D-79AB-4A60-BE7C-A262781B11A6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8F0D0B6B-4B62-4AC2-A4B5-58DC82253231}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8FE65A24-5C1F-4B64-AF23-BF34DC5CAAF3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9195FE83-4747-43AD-9BBF-F9C0EDB6FC87}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{91EF7DC4-7D5B-4BDF-9AE0-CC217F0EF92D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{926B7301-6F74-451B-8005-E12893E46065}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{95D2B720-1DA7-4AD5-90AE-5E955F672E2A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{96BBF063-6A30-4E17-8C5A-01B08A1F3E81}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9789D5B8-5A51-4D63-B5E0-6F621D17778A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9B10CA44-969C-4DE2-B896-9EB35D316637}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9BC3DB49-AD2F-472D-87E4-B870E43DE054}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9E54BF05-33AB-4271-B17F-97191BD9D255}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9F42C34F-0F5D-4BAC-8E02-28A1B5D1B855}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A2866201-F510-45E6-8318-6A08BF0911FD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A889448B-1723-4715-B707-625A7FFFDC4C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A9A01390-12FD-40E3-A4B0-8E44B998E43B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B1913130-FDB6-4DBA-AAFA-9A12DCE56632}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B192D63A-AA8B-4D03-937C-2A5E6F6844DD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B224E994-3E83-4F1C-A930-54E0CFC80E35}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B646311A-3ED6-4E38-A580-6E814396E308}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B9CBF080-039D-4F57-83B9-096EF0EDDEBC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BC265A2F-50D4-432F-BAAC-B2B87DA500AD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BD0942BB-918A-4A7A-BCD7-6952432D2720}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BD2CF57C-F228-4B46-9F25-3DA6AD6588EA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BD504E23-D97F-42C6-B8AA-EECB5EE5860D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BF2865E6-8B12-483A-9D15-AA1A0DD68B99}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BF5BF641-47FC-47A4-9F6A-0D1B8472F106}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BFEFD3B7-080B-4E46-A3FB-5E90279E3215}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C38E088F-B7BD-4014-8FAE-2B3CCBF533AE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C3A8106D-C990-4E02-9672-04D273DC802A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C3C68339-4F45-445F-8643-90592ECA66D7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C5D66D4A-DC83-4446-9C2F-B3D64BA6E964}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C6F67D58-7F33-41DC-8DCD-F3130874FFAC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C7A8BEB9-CE11-4A26-A93A-C92165BC0F58}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CE125368-4BAE-4A13-A74C-F7698C757418}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CEF05065-0C81-494C-8424-190EB6E45DB5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D01B4909-074D-42DC-91C6-F29264325F45}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D0FC13D0-023A-4E9E-889E-55CDB0FC4013}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D1EB111C-D3DE-45D7-BE30-5CDE0222B57B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D266F48A-FC7F-47B0-B658-E990F43EEFA4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D2BC466E-E3A1-44D7-A527-749F2336BAF2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D35571DE-4EC8-4A5F-811F-FDBD3538A33C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D4C36747-927F-41C9-800B-81DC5D2F03CC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D57FDFF9-D4AB-49C8-9BB1-246A404961B6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DA34DA86-7CF3-478A-9B6D-082E1D0F52B9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DAD1935D-2166-439D-A8DE-BA43CD0250E3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DBF8FD6B-3E8D-4298-8200-84002C5FF53B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E0A2E0BB-C326-4161-9E92-63DBD40BDBA2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E4784657-36C8-4504-AF42-991A7E51FA24}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E57F06C6-F8C8-49C5-909F-F1A6411E591C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E6591BA9-509C-4910-8142-550919F73849}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E9D57B5A-2B44-4123-BCDE-AAE9B0A2D5E1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EBE2EC44-94B8-4926-9B27-D76C7D56A716}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EC09288D-D8B6-42B6-986B-D56009E9E380}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EDD6C947-EFD0-47E0-8844-378A5C8417BB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F108A509-52B1-42D0-8B54-71A50717B9FD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F1822FBB-2FCF-40CF-A545-B9C722A3C7EE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F4635374-2691-4360-A182-74C4CF609E58}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F537C886-4D91-4461-8EEC-FC238AB4E962}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F557B125-1048-45C5-99C1-62CD712E7F5B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F7D04E03-C00B-4623-870D-1D5DCD540D61}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F84D2E9E-5361-42F9-9C59-04996D90A13A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FA39DDE3-B2E8-4FAF-9C9E-3FBF666DFA44}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FA7ED786-76DD-43B3-A504-005D37600317}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FCE6602E-538C-41F8-B2DC-A6614F787C19}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FE5ED4A3-46B0-42E5-BFFC-5577F11BF09E}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2013 at  9:50:11,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

Obrigada

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.

Ainda em Proteção do Sistema > Criar.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi bom dia, 

Obrigada pela ajuda, mas o meu Google Chrome continua mostrando uns links estranhos, tipo propagandas de emagrecimento, umas palavras ficam sublinhadas e quando eu coloco o mouse encima abre um popup com mais propaganda e continuam aparecendo uns barners meio "pornos/freaks", eu não sei como explicar melhor, desculpa...É que eu não consigo mandar, uma imagem da minha tela pra você ver.

Tem mais alguma coisa que eu poça fazer ou vou ter que conviver com essas coisas? hehehe

Eu desinstalei e instalei de novo só pra ver se não era isso também na nada mudou.

 

Enfim muito obrigada pela ajuda.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 12 Mensagens
    • 64 Visualizações
    • 3 Mensagens
    • 40 Visualizações
    • 5 Mensagens
    • 73 Visualizações
    • 6 Mensagens
    • 220 Visualizações
    • 13 Mensagens
    • 219 Visualizações