Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

amandaap

log + anti malwarebytes

12 posts neste tópico
Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:46:23, on 14/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=4294E006E6FC1DB8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: FindLyrics - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files (x86)\FindLyrics\FindLyrics.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9856 bytes

 

 

 

 

 

 

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Versão da Base de Dados:  v2013.04.04.07

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

.PC :: PC-PC [limitado]

 

14/05/2013 11:16:26

mbam-log-2013-05-14 (11-16-26).txt

 

Tipo de Verificação:  Verificação Rápida 

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados:  207137

Tempo decorrido: 4 minuto(s), 51 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 2

HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v2.300 - Relatório criado em 16/05/2013 às 09:14:48

# Atualizado em 28/04/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate  (64 bits)

# Usuário : .PC - PC-PC

# Modo de Boot : Normal

# Executado de : C:\Users\.PC\Downloads\adwcleaner.exe

# Opção [Verificar]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

 

***** [Registro] *****

 

 

***** [Navegadores] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registro está limpo.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

Arquivo : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\prefs.js

 

[OK] Arquivo está limpo.

 

-\\ Google Chrome v26.0.1410.64

 

Arquivo : C:\Users\.PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Arquivo está limpo.

 

*************************

 

AdwCleaner[R1].txt - [817 octets] - [16/05/2013 09:14:48]

AdwCleaner[s2].txt - [1095 octets] - [08/01/2013 19:04:50]

 

########## EOF - C:\AdwCleaner[R1].txt - [936 octets] ##########

 

 

 

 

 

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by .PC on 16/05/2013 at  9:08:18,60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\babylon"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\invalidprefs.js

Emptied folder: C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\minidumps [9 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16/05/2013 at  9:11:24,89

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:16:11, on 16/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\adwcleaner.exe

C:\Users\.PC\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8961 bytes

 


0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você usou a Opção errada ao executar o AdwCleaner, veja a figura acima....DELETE....

 

Favor repetir corretamente e postar o novo resultado.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v2.300 - Relatório criado em 16/05/2013 às 11:14:00

# Atualizado em 28/04/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate  (64 bits)

# Usuário : .PC - PC-PC

# Modo de Boot : Normal

# Executado de : C:\Users\.PC\Downloads\adwcleaner.exe

# Opção [Remover]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

 

***** [Registro] *****

 

 

***** [Navegadores] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registro está limpo.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

Arquivo : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\prefs.js

 

[OK] Arquivo está limpo.

 

-\\ Google Chrome v26.0.1410.64

 

Arquivo : C:\Users\.PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Arquivo está limpo.

 

*************************

 

AdwCleaner[s2].txt - [815 octets] - [16/05/2013 11:14:00]

 

########## EOF - C:\AdwCleaner[s2].txt - [874 octets] ##########

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-05-18.04 - .PC 20/05/2013  10:13:51.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.4004.2559 [GMT -3:00]

Executando de: c:\users\.PC\Downloads\ComboFix.exe

AV: AVG antivírus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG antivírus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\coontinueetosavei

c:\programdata\coontinueetosavei\51968019bb847.tlb

c:\programdata\coontinueetosavei\settings.ini

c:\programdata\cyontinyueotoSavE

c:\programdata\cyontinyueotoSavE\5195153736951.tlb

c:\programdata\cyontinyueotoSavE\5195158d4a0b8.tlb

c:\programdata\cyontinyueotoSavE\settings.ini

c:\programdata\cyontinyueotoSavE\uninstall.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\cyontinyueotoSavE

c:\programdata\Microsoft\Windows\Start Menu\Programs\cyontinyueotoSavE\cyontinyueotoSavE.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\cyontinyueotoSavE\Uninstall.lnk

c:\programdata\SearchNewTab

c:\programdata\SearchNewTab\519680511da00.tlb

c:\programdata\SearchNewTab\settings.ini

c:\users\.PC\AppData\Roaming\unins000.exe

c:\users\.PC\Desktop\Setup.exe

c:\windows\SysWow64\drivers\qandr.sys

c:\windows\SysWow64\drivers\resdr32.sys

c:\windows\SysWow64\drivers\reveal32.sys

c:\windows\SysWow64\Logof.dll

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-20 to 2013-05-20  ))))))))))))))))))))))))))))

.

.

2013-05-20 13:17 . 2013-05-20 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-20 13:16 . 2013-05-20 13:16 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys

2013-05-20 13:10 . 2013-05-20 13:10 0 ----a-w- c:\windows\SysWow64\drivers\PROCEXP113.SYS

2013-05-20 13:10 . 2013-05-20 13:10 0 ----a-w- c:\windows\SysWow64\drivers\AFD.SYS

2013-05-20 12:34 . 2013-05-20 12:34 -------- d-----w- c:\programdata\Samsung

2013-05-20 12:34 . 2012-08-02 09:08 37376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ssm1mpc.dll

2013-05-20 12:33 . 2012-11-02 04:36 219136 ----a-w- c:\windows\system32\SBuySupplies.exe

2013-05-20 12:33 . 2012-10-04 06:03 1554336 ------w- c:\windows\TotalUninstaller.exe

2013-05-20 12:33 . 2011-05-02 04:40 34304 ----a-w- c:\windows\system32\ssm1mlm.dll

2013-05-20 12:33 . 2011-03-22 08:31 151552 ----a-w- c:\windows\system32\ssm1mci.exe

2013-05-20 12:33 . 2011-03-22 08:31 89600 ----a-w- c:\windows\system32\ssm1mci.dll

2013-05-20 12:33 . 2013-05-20 12:33 -------- d-----w- c:\program files (x86)\Samsung

2013-05-20 12:21 . 2011-03-18 06:40 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS

2013-05-18 15:55 . 2013-05-18 15:55 -------- d-----w- c:\programdata\GbPlugin

2013-05-18 15:55 . 2013-05-18 15:55 -------- d-----w- c:\program files (x86)\GbPlugin

2013-05-18 15:55 . 2013-05-20 12:31 -------- d-----w- c:\programdata\GAS Tecnologia

2013-05-17 18:49 . 2013-05-17 18:49 -------- d-----w- C:\CPY_SAVES

2013-05-17 18:47 . 2013-05-17 18:47 -------- d-----w- c:\programdata\Logs

2013-05-17 18:47 . 2013-04-11 19:12 19392 ----a-w- c:\windows\system32\roboot64.exe

2013-05-17 18:29 . 2013-05-17 18:29 -------- d-----w- c:\programdata\StarApp

2013-05-17 18:26 . 2013-05-20 03:01 -------- d-----w- c:\program files (x86)\WebSearch

2013-05-17 18:25 . 2013-05-17 18:41 -------- d-----w- c:\program files (x86)\Optimizer Pro

2013-05-17 18:02 . 2013-05-18 03:42 -------- d-----w- c:\program files (x86)\Football Manager 2013

2013-05-17 17:49 . 2013-05-17 17:49 -------- d-----w- c:\program files (x86)\UltraISO

2013-05-17 17:49 . 2013-05-17 17:49 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems

2013-05-16 16:37 . 2013-05-17 18:41 -------- d-----w- c:\program files (x86)\ContinueToSave

2013-05-16 16:36 . 2013-05-17 18:41 -------- d-----w- c:\programdata\InstallMate

2013-05-16 12:08 . 2013-05-16 12:08 -------- d-----w- c:\windows\ERUNT

2013-05-16 12:01 . 2013-05-16 12:02 465 ----a-w- c:\windows\DeleteOnReboot.bat

2013-05-14 14:13 . 2013-05-14 14:13 -------- d-----w- c:\programdata\Malwarebytes

2013-05-14 14:13 . 2013-05-14 14:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-14 14:13 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-10 12:25 . 2013-05-10 12:25 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-05-08 11:46 . 2013-05-08 11:46 -------- d-----w- c:\program files (x86)\Foxit Software

2013-05-08 01:47 . 2013-05-08 01:47 -------- d-----w- c:\users\Default\AppData\Local\Google

2013-05-07 16:40 . 2013-05-15 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-07 16:40 . 2013-05-15 16:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-07 16:40 . 2013-05-07 16:40 -------- d-----w- c:\windows\SysWow64\Macromed

2013-05-07 16:40 . 2013-05-07 16:40 -------- d-----w- c:\windows\system32\Macromed

2013-05-07 15:04 . 2013-05-07 15:12 -------- d-----w- c:\program files (x86)\Comodo

2013-05-07 15:04 . 2013-05-07 15:04 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-05-07 15:04 . 2013-05-07 15:04 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2013-05-07 15:04 . 2013-05-07 15:04 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2013-05-07 15:04 . 2013-05-07 15:04 -------- d-----w- c:\program files (x86)\GPLGS

2013-05-07 15:02 . 2012-10-04 22:49 87152 ----a-w- c:\windows\system32\cpwmon64.dll

2013-05-07 15:02 . 2013-05-07 15:02 -------- d-----w- c:\program files (x86)\Acro Software

2013-05-07 12:34 . 2013-05-07 12:34 -------- d-----w- c:\programdata\McAfee Security Scan

2013-05-07 12:34 . 2013-05-07 12:37 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2013-05-07 12:34 . 2013-05-07 12:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-05-07 12:24 . 2013-05-07 12:24 -------- d-----w- c:\program files (x86)\Scpad

2013-05-07 12:23 . 2013-05-07 12:23 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-05-07 12:22 . 2013-05-07 12:22 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-05-07 12:22 . 2013-05-07 12:22 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-05-07 12:22 . 2013-05-07 12:22 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-07 12:22 . 2013-05-07 12:22 -------- d-----w- c:\program files (x86)\Java

2013-05-07 11:55 . 2013-05-14 14:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-05-07 11:55 . 2013-05-20 13:04 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-05-07 02:28 . 2013-05-07 02:28 -------- d-----w- c:\programdata\AVG2013

2013-05-07 02:27 . 2013-05-07 02:27 -------- d-----w- c:\program files (x86)\AVG

2013-05-07 02:19 . 2013-05-20 11:23 -------- d-----w- c:\programdata\MFAData

2013-05-07 02:19 . 2013-05-07 02:19 -------- d--h--w- c:\programdata\Common Files

2013-05-06 21:45 . 2013-05-06 16:59 -------- d-----w- c:\windows\Panther

2013-05-06 21:24 . 2013-05-06 21:24 -------- d-----w- C:\Windows.old.003

2013-05-06 18:48 . 2013-05-06 18:48 -------- d-----w- c:\program files (x86)\Microsoft Works

2013-05-06 18:48 . 2013-05-06 18:48 -------- d-----w- c:\windows\PCHEALTH

2013-05-06 18:48 . 2013-05-06 18:48 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-05-06 18:47 . 2013-05-06 18:47 -------- d-----w- c:\program files\Microsoft Office

2013-05-06 18:46 . 2013-05-06 18:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2013-05-06 18:46 . 2013-05-06 18:49 -------- d-----w- c:\programdata\Microsoft Help

2013-05-06 17:51 . 2013-05-14 14:50 -------- d-----w- c:\program files (x86)\uTorrent

2013-05-06 17:30 . 2013-05-06 17:31 -------- d-----w- c:\programdata\Atheros

2013-05-06 17:26 . 2013-04-17 09:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7308B0DC-8A30-4BF8-9E10-15737BC6CC74}\mpengine.dll

2013-05-06 17:26 . 2013-05-02 05:06 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-06 17:22 . 2011-01-12 20:51 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys

2013-05-06 17:21 . 2013-05-07 16:45 -------- d-----w- c:\program files (x86)\Google

2013-05-06 17:19 . 2013-05-06 17:47 -------- d-----w- c:\program files\Common Files\McAfee

2013-05-06 17:15 . 2013-05-06 17:22 -------- d-----w- c:\program files (x86)\Intel

2013-05-06 17:15 . 2010-12-15 08:10 53248 ----a-r- c:\windows\SysWow64\CSVer.dll

2013-05-06 17:10 . 2013-05-06 17:10 -------- d-----w- c:\program files (x86)\Common Files\Atheros

2013-05-06 17:09 . 2013-05-06 17:12 -------- d-----w- c:\program files (x86)\Dell Wireless

2013-05-06 17:09 . 2013-05-06 17:09 -------- d-----w- c:\windows\Options

2013-05-06 17:09 . 2011-04-21 23:17 2727424 ----a-w- c:\windows\system32\drivers\athrx.sys

2013-05-06 17:09 . 2011-04-21 23:17 2727424 ----a-w- c:\windows\system32\athrx.sys

2013-05-06 17:08 . 2013-05-06 17:09 -------- d-----w- c:\programdata\Dell

2013-05-06 17:06 . 2011-05-17 01:55 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-05-06 17:06 . 2011-05-17 01:55 533096 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-05-06 17:06 . 2011-05-17 01:55 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-05-06 17:06 . 2013-05-06 17:06 -------- d-----w- c:\program files (x86)\Realtek

2013-05-06 17:06 . 2013-05-06 17:22 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2013-05-06 17:05 . 2013-05-06 17:05 -------- d-----w- c:\windows\SysWow64\vmm32

2013-05-06 17:05 . 2013-05-06 17:05 -------- d-----w- c:\program files (x86)\Dell

2013-05-06 17:04 . 2013-05-20 12:21 -------- d-sh--w- c:\windows\Installer

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-29 05:53 . 2013-03-29 05:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-03-21 06:08 . 2013-03-21 06:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2013-02-06 16:32 1516456 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-20 146592]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-05-20 80032]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-04-25 4936752]

S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2013-02-06 415144]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 scpVista;scpVista;c:\program files (x86)\Scpad\scpVista.exe [2012-10-24 360624]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-20 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-20 298656]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-20 29344]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-20 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-20 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-20 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-20 282272]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - ISODRIVE

*NewlyCreated* - SSPORT

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-06 17:26 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-07 16:21]

.

2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-06 17:21]

.

2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-06 17:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 19:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

mStart Page = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

TCP: DhcpNameServer = 192.168.1.1

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

FF - ProfilePath - c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14&l=1&q=

FF - prefs.js: browser.search.selectedEngine - WebSearch

FF - prefs.js: browser.startup.homepage - hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

FF - prefs.js: keyword.URL - hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14&l=1&q=

FF - ExtSQL: 2013-05-16 14:19; euukq@uxdd-.co.uk; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\euukq@uxdd-.co.uk

FF - ExtSQL: 2013-05-16 14:21; [email protected]; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\[email protected]

FF - ExtSQL: 2013-05-17 16:08; [email protected]; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\[email protected]

FF - ExtSQL: 2013-05-17 16:09; [email protected]; c:\users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\extensions\[email protected]

FF - ExtSQL: 2013-05-18 12:55; {87F8774F-B485-47E2-A755-A40A8A5E8874}; c:\users\.PC\AppData\Local\GAS Tecnologia\GBBD\abn\xpi

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{E2EA1D0C-0836-59DD-1D73-918F8CF3A970} - c:\programdata\cyontinyueotoSavE\5195153736951.dll

BHO-{FFD09798-9832-3546-1FBD-D20536B469AF} - c:\programdata\cyontinyueotoSavE\5195158d4a0b8.dll

AddRemove-{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1 - c:\users\.PC\AppData\Roaming\unins000.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-05-20  10:20:02

ComboFix-quarantined-files.txt  2013-05-20 13:20

ComboFix2.txt  2013-05-06 12:38

ComboFix3.txt  2013-02-14 12:48

ComboFix4.txt  2013-01-04 11:16

ComboFix5.txt  2013-05-20 13:12

.

Pré-execução: 285.111.992.320 bytes disponíveis

Pós execução: 285.255.888.896 bytes disponíveis

.

- - End Of File - - 281B71A93DCD3C832C40FF01359E8435

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:21:35, on 20/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: cyontinyueotoSavE - {E2EA1D0C-0836-59DD-1D73-918F8CF3A970} - C:\ProgramData\cyontinyueotoSavE\5195153736951.dll (file missing)

O2 - BHO: cyontinyueotoSavE - {FFD09798-9832-3546-1FBD-D20536B469AF} - C:\ProgramData\cyontinyueotoSavE\5195158d4a0b8.dll (file missing)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9898 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v2.301 - Relatório criado em 20/05/2013 às 13:38:07

# Atualizado em 16/05/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate  (64 bits)

# Usuário : .PC - PC-PC

# Modo de Boot : Normal

# Executado de : C:\Users\.PC\Downloads\adwcleaner.exe

# Opção [Remover]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

Arquivo Removido : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\searchplugins\WebSearch.xml

Removido Durante o reboot : C:\Program Files (x86)\continuetosave

Removido Durante o reboot : C:\Program Files (x86)\Optimizer Pro

Removido Durante o reboot : C:\Program Files (x86)\WebSearch

Removido Durante o reboot : C:\ProgramData\InstallMate

 

***** [Registro] *****

 

Chave Removida : HKCU\Software\AppDataLow\SProtector

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Chave Removida : HKLM\Software\SP Global

Chave Removida : HKLM\Software\SProtector

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

 

***** [Navegadores] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14 --> hxxp://www.google.com

Substituído : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR&unqvl=14 --> hxxp://www.google.com

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

Arquivo : C:\Users\.PC\AppData\Roaming\Mozilla\Firefox\Profiles\wsfjyxeu.default\prefs.js

 

Removida : user_pref("aol_toolbar.default.homepage.check", false);

Removida : user_pref("aol_toolbar.default.search.check", false);

Removida : user_pref("browser.search.defaultenginename", "WebSearch");

Removida : user_pref("browser.search.defaultenginename,S", "WebSearch");

Removida : user_pref("browser.search.defaulturl", "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hi[...]

Removida : user_pref("browser.search.order.1", "WebSearch");

Removida : user_pref("browser.search.order.1,S", "WebSearch");

Removida : user_pref("browser.search.selectedEngine", "WebSearch");

Removida : user_pref("browser.search.selectedEngine,S", "WebSearch");

Removida : user_pref("browser.startup.homepage", "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid[...]

Removida : user_pref("extensions.5195153736868.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Removida : user_pref("extensions.5195158d49fd9.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Removida : user_pref("extensions.51968019bb75d.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Removida : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Removida : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Removida : user_pref("keyword.URL", "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&l[...]

Removida : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Removida : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Removida : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Removida : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Removida : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Removida : user_pref("sweetim.toolbar.searchguard.enable", "");

 

-\\ Google Chrome v26.0.1410.64

 

Arquivo : C:\Users\.PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Removida [l.51] : icon_url = "hxxp://websearch.lookforithere.info/favicon.ico",

Removida [l.54] : keyword = "websearch",

Removida [l.58] : search_url = "hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=922&r=2013/05/17&h[...]

Removida [l.2162] : homepage = "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid=2952347197&lg=EN&cc=BR[...]

Removida [l.2308] : urls_to_restore_on_startup = [ "hxxp://websearch.lookforithere.info/?pid=922&r=2013/05/17&hid[...]

 

*************************

 

AdwCleaner[s2].txt - [942 octets] - [16/05/2013 11:14:00]

AdwCleaner[s3].txt - [4527 octets] - [20/05/2013 13:38:07]

 

########## EOF - C:\AdwCleaner[s3].txt - [4587 octets] ##########

 

 

 

 

 

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:44:22, on 20/05/2013

Platform: Windows 7  (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\.PC\Downloads\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: cyontinyueotoSavE - {E2EA1D0C-0836-59DD-1D73-918F8CF3A970} - C:\ProgramData\cyontinyueotoSavE\5195153736951.dll (file missing)

O2 - BHO: cyontinyueotoSavE - {FFD09798-9832-3546-1FBD-D20536B469AF} - C:\ProgramData\cyontinyueotoSavE\5195158d4a0b8.dll (file missing)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9622 bytes

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faltou o resultado do JRT.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by .PC on 20/05/2013 at 16:48:33,24

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\Program Files (x86)\continuetosave"

Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"

Successfully deleted: [Folder] "C:\Program Files (x86)\websearch"

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\prefs.js

 

user_pref("extensions.5195153736868.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio

user_pref("extensions.5195158d49fd9.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio

user_pref("extensions.51968019bb75d.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio

Emptied folder: C:\Users\.PC\AppData\Roaming\mozilla\firefox\profiles\wsfjyxeu.default\minidumps [3 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20/05/2013 at 16:51:53,88

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Windows 7 SP1

Baixe e instale o IE 9, após feito poste um novo Log do HijackThis..

Internet Explorer 9

Após feito poste um novo Log do HijackThis..



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 2 Mensagens
    • 1563 Visualizações
    • 6 Mensagens
    • 642 Visualizações
    • 17 Mensagens
    • 1416 Visualizações
    • 2 Mensagens
    • 694 Visualizações
    • 3 Mensagens
    • 425 Visualizações