[Resolvido] &nbspVários icones do windows update ficam aparecendo na b

[wrongdoer 0]

Vários icones do windows update ficam aparecendo na barra tarefas, não consigo executar programas, somente consigo executar os programas em modo de segurança.

 

Log Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:50:04, on 01/07/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Safe mode with network support

Running processes:

C:\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Lyrics On - {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - C:\Program Files (x86)\LyricsOn\lrcson.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKCU\..\Run: [58915] C:\Users\Fabiana\AppData\Roaming\4e8\58915.js

O4 - Startup: 0fd.js

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8095 bytes

[DigRam 144]

Boa Tarde! wrongdoer

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Remover". < >

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Ou clique direto na imagem,e escolha: "Abrir link em uma nova guia"

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse:

|- Ou acesse:

|- Maiores informações: < |Link| >

A+

[wrongdoer 0]

ADW

# AdwCleaner v2.303 - Relatório criado em 01/07/2013 às 13:33:14

# Atualizado em 08/06/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate (64 bits)

# Usuário : Fabiana - FABIANA-PC

# Modo de Boot : Modo Seguro com Rede

# Executado de : C:\Users\Fabiana\Desktop\adwcleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Removido Durante o reboot : C:\Program Files (x86)\WebCake

Removido Durante o reboot : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

***** [Registro] *****

***** [Navegadores] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registro está limpo.

-\\ Google Chrome v27.0.1453.116

Arquivo : C:\Users\Fabiana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [3451 octets] - [01/07/2013 12:32:01]

AdwCleaner[s2].txt - [894 octets] - [01/07/2013 13:33:14]

########## EOF - C:\AdwCleaner[s2].txt - [953 octets] ##########

____________________________________________________________--

ZHP

http://cjoint.com/13jn/CFDsUTqUGxY.htm

[DigRam 144]

Boa Tarde! wrongdoer

|- Baixe: < > ( ... by Oleg N. Scherbakov )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o ...

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

[MD5.00000000000000000000000000000000] [APT] [Norton Security Scan for Fabiana] (...) -- C:\Program Files (x86)\NORTON~2\Engine\351~1.8\Nss.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\Fabiana\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.)   [0]    => Infection PUP (PUP.DealPly)

[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.)   [0]    => Infection PUP (PUP.DealPly)

O2 - BHO: Lyrics On [64Bits] - {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} . (.Cisum Software - Lyrics On.) -- C:\Program Files (x86)\LyricsOn\lrcson.dll

O4 - GS\Desktop: Lixeira - Atalho.lnk - Orphean Key

O43 - CFD: 28/02/2010 - 23:26:17 - [0] ----D C:\Users\Fabiana\AppData\Local\Dados de aplicativos

O43 - CFD: 28/02/2010 - 23:26:17 - [0] ----D C:\Users\Fabiana\AppData\Local\Histórico

O43 - CFD: 15/06/2013 - 19:18:27 - [0] ----D C:\Users\Fabiana\AppData\Local\Programs


C:\Program Files (x86)\LyricsOn\lrcson.dll


[HKCU\Software\MLSync]    => MLSync

[HKLM\Software\Wow6432Node\360Safe]    => Infection Diverse (Lozavita.Troj)


proxyfix

emptytemp

emptyclsid

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

|- Clique no menu,"Paste ClipBoard".

|- Clique "GO" -> Oui.

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

|- Ps: Para obter o relatório,basta clicar no ícone "Report of suppression".

|- À seguir,abra o Bloco de Notas e clique no ícone "Copy ClipBoard". << Colar!

A+

[wrongdoer 0]

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by Fabiana on 01/07/2013 at 17:10:39,70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01/07/2013 at 17:18:10,85

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

______________________________________________________________________________________________

ZHP

Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013

Fichier d'export Registre :

Run by Fabiana at 01/07/2013 17:23:18

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 64-bit (Build 7600)

Recycle Files Deleted

========== Registry Key ==========

DELETED Key: CLSID BHO: {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8}

DELETED Key: HKCU\Software\MLSync

DELETED Key: HKLM\Software\Wow6432Node\360Safe

========== Registry Value ==========

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (None) : {91508F75-A9F2-4DE9-A32B-9A8BFCAA9173}

========== Repertory ==========

No Empty CLSID Directories

DELETED Flash Cookies

========== File ==========

DELETED File: c:\program files (x86)\lyricson\lrcson.dll

DELETED File: c:\users\fabiana\desktop\lixeira - atalho.lnk

NOT FOUND Folder/File: c:\program files (x86)\lyricson\lrcson.dll

DELETED Window Temporary

DELETED Flash Cookies

========== Task ==========

DELETED Task: Norton Security Scan for Fabiana

DELETED Task: DealPly

DELETED Task: DealPlyUpdate

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

3 : Registry Key

9 : Registry Value

2 : Repertory

5 : File

3 : Task

1 : Restoration

End of clean in 00mn 37s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 01/07/2013 17:23:18 [1587]

[DigRam 144]

Bom Dia! wrongdoer

O4 - HKCU\..\Run: [58915] C:\Users\Fabiana\AppData\Roaming\4e8\58915.js

O4 - Startup: 0fd.js

|- Caso encontre,dê Fix nestas entradas!

|- Abra o HijackThis >> Marque as entradas! >> Clique "Fix Checked".

|- Confirme e reinicie o computador.

-/-

|- Baixe: < zoek > ( ... by Smeenk )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Para Windows 7,execute zoek.exe como administrador.

startupall;

autoclean;

filesrcm;

emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.

|- Clique "Run Script". <- Aguarde!

|- Aceite e/ou confirme o reboot!

 

zoek.hta failed by unknown error.

Restart computer, and try again.

 

|- Ps: Ao obter algun erro,reinicie o PC e execute,novamente,a ferramenta.

|- Poste o relatório,que estará em C:\zoek-results.txt <<

|- Poste,também,HijackThis atualizado.

A+

[wrongdoer 0]

Essa entra não achei: O4 - Startup: 0fd.js

 

HIJACK

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:39:15, on 03/07/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Safe mode with network support

Running processes:

C:\hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

O4 - Startup: 0a0.js

O4 - Global Startup: 0a0.js

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8102 bytes

__________________________________________-

JOEK

Zoek.exe Version 4.0.0.3 Updated 27-June-2013

Tool run by Fabiana on 03/07/2013 at 8:45:47,76.

Microsoft Windows 7 Ultimate 6.1.7600 x64

Running in: Safe Mode NETWORK Internet Access Detected

==== System Restore Info ======================

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"bProtectTabs"=-

==== Deleting Files \ Folders ======================

"C:\windows\SysNative\Tasks\Browser Manager" deleted

"C:\Windows\tasks\Lyrics On Update.job" deleted

"C:\Program Files (x86)\LyricsOn" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-06-18 16:17:01 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-06-18 16:17:01 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-06-18 16:17:01 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-06-18 16:17:01 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-06-18 16:17:01 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-06-13 23:39:36 E9C8673674ECF840EE59ED805DBE9966 41664 ----a-w- C:\Windows\avastSS.scr

====== C:\Users\Fabiana\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2013-07-01 16:03:46 E86C64478D9A90D62255FE9EB0150C6E 175 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys.sum

2013-07-01 16:03:46 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum

2013-07-01 16:03:46 2E83D2621E87C493AB45DC6655BA77D4 175 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum

2013-06-18 14:58:19 6B415E7AE774B9118360F559F627468E 32000 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys

2013-06-15 22:18:42 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-06-13 23:39:59 64E2BAB4096C13D2342BC4661C967E07 72016 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys

2013-06-13 23:39:57 8C0800CDB501CFC1164B286A0478DC10 1030952 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys

2013-06-13 23:39:56 22F521108881DC59837F6FC614E0568F 189936 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys

2013-06-13 23:39:55 5573AA70993A2BB81525B1C704B88763 65336 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys

2013-06-13 22:12:08 31C6AFFFAD7C733A65F888929548BC22 36680 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

====== C:\Windows\Tasks ======

2013-06-18 12:49:30 174225346985B9E4DF051F641B4A12C3 4066 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA

2013-06-18 12:49:29 008183936571220E28743A0A78DDE3B5 1070 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-18 12:49:27 80EC7867327E173D1CFA41DAD3199592 3814 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore

2013-06-15 22:22:06 406C619C3CACFC5ACBD3ECD649BB0858 1066 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-13 23:39:54 CA59515CD604C936C7A557523A49F599 4184 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-07-01 16:35:21 -------- d-sh--w- C:\Program Files\518f

2013-06-18 13:33:31 -------- d-----w- C:\Program Files\HitmanPro

======= C:\Program Files (x86) =====

2013-07-01 16:01:39 -------- d-----w- C:\Program Files (x86)\ZHPDiag

2013-06-18 13:28:53 -------- d-----w- C:\Program Files (x86)\ESET

2013-06-15 21:59:53 -------- d-----w- C:\Program Files (x86)\Google

======= C: =====

2013-07-01 16:33:14 66D2C45714AD7ABB5AF82517D959284E 1021 ----a-w- C:\AdwCleaner[s2].txt

2013-07-01 16:10:35 6D486C9F5F6D415170DCAF7947AC177C 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2013-07-01 15:32:01 FD2FFD1323ED0AA521852B6118569077 3451 ----a-w- C:\AdwCleaner[s1].txt

====== C:\Users\Fabiana\AppData\Roaming ======

2013-06-18 16:33:12 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-06-18 16:33:12 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-06-18 16:33:12 -------- d-----w- C:\users\Default User\AppData\Local\temp

2013-06-18 16:25:37 -------- d-sh--w- C:\users\Fabiana\AppData\Roaming\4e8

====== C:\Users\Fabiana ======

2013-07-01 15:58:45 9917D3355292D860CA3FE997D1A0DC93 5691768 ----a-w- C:\Users\Fabiana\Desktop\ZHPDiag2.exe

2013-07-01 15:26:56 09A3F926C400C29B3CF04FD15A0D8DEA 545954 ----a-w- C:\Users\Fabiana\Desktop\JRT.exe

2013-07-01 15:25:58 4EF33D516F31BEB1C9847D1FDA69375C 648201 ----a-w- C:\Users\Fabiana\Desktop\adwcleaner.exe

2013-06-18 16:33:12 -------- d-----w- C:\Users\Public\AppData

2013-06-18 13:27:09 -------- d-----w- C:\ProgramData\HitmanPro

2013-06-15 22:26:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

====== C: exe-files ==

2013-07-01 16:01:43 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files (x86)\ZHPDiag\catchme.exe

2013-07-01 16:01:43 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe

2013-07-01 16:01:43 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files (x86)\ZHPDiag\pv.exe

2013-07-01 16:01:43 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Program Files (x86)\ZHPDiag\FileInfos.exe

2013-07-01 16:01:42 A3F7B76494E5F3D32B05824241E82AD0 2726912 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe

2013-07-01 16:01:42 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files (x86)\ZHPDiag\mbr.exe

2013-07-01 16:01:42 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files (x86)\ZHPDiag\Lads.exe

2013-07-01 16:01:42 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files (x86)\ZHPDiag\subinacl.exe

2013-07-01 16:01:42 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl32.exe

2013-07-01 16:01:42 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl64.exe

2013-07-01 16:01:42 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files (x86)\ZHPDiag\sigcheck.exe

2013-07-01 16:01:40 BCAE94105D572D937326354FA8122BEA 7596544 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe

2013-07-01 16:01:40 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

2013-07-01 16:01:39 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files (x86)\ZHPDiag\unins000.exe

2013-07-01 16:01:39 1321DC81E317EE48C4D004775FB29AC9 1916928 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe

2013-07-01 15:58:45 9917D3355292D860CA3FE997D1A0DC93 5691768 ----a-w- C:\Users\Fabiana\Desktop\ZHPDiag2.exe

2013-07-01 15:58:24 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe

2013-07-01 15:34:36 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\JRT\erunt\ERUNT.EXE

2013-07-01 15:26:56 09A3F926C400C29B3CF04FD15A0D8DEA 545954 ----a-w- C:\Users\Fabiana\Desktop\JRT.exe

2013-07-01 15:25:58 4EF33D516F31BEB1C9847D1FDA69375C 648201 ----a-w- C:\Users\Fabiana\Desktop\adwcleaner.exe

=== C: other files ==

2013-07-01 15:34:36 E4B95882FB080670179EA3605395889B 29803 ----a-w- C:\JRT\iexplore.bat

2013-07-01 15:34:36 C0C9EBB0F67894B294057F8DFD982FB7 224236 ----a-w- C:\JRT\firefox.bat

2013-07-01 15:34:36 BC6829679AE4DF51BA5F2B6DF9C0BAFC 14243 ----a-w- C:\JRT\medfos.bat

2013-07-01 15:34:36 9EE3D7F3A45E24135711E9CBA48DC54F 11837 ----a-w- C:\JRT\JRT.bat

2013-07-01 15:34:36 892B8347BAF133646A19D3B90928AE86 15542 ----a-w- C:\JRT\chrome.bat

2013-07-01 15:34:36 833D69BA76F526DF45C9BEA1A92DC82B 29565 ----a-w- C:\JRT\prelim.bat

2013-07-01 15:34:36 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\JRT\ev_clear.bat

2013-07-01 15:34:36 6AFF3EA276AA312EFBB29BA0D5D2A85A 9763 ----a-w- C:\JRT\modules.bat

2013-07-01 15:34:36 63FEB4EAF9E8C709C3B3470BC40E3EF8 37373 ----a-w- C:\JRT\ask.bat

2013-07-01 15:34:36 620AD0970CC18D799A357D5B9C797F31 5379 ----a-w- C:\JRT\runvalues.bat

2013-07-01 15:34:36 44E5FFC65156A594FCD57D13A7546046 14028 ----a-w- C:\JRT\get.bat

2013-07-01 15:34:36 357F4F46BA2ADE86E2084DE3EC219A18 13025 ----a-w- C:\JRT\searchlnk.bat

2013-07-01 15:34:36 33A0F7BBDF15B84FB01A361D09F54DFE 1825 ----a-w- C:\JRT\delfolders.bat

2013-07-01 15:34:36 31D9F977B48014E79CC35A98D324B16A 1256 ----a-w- C:\JRT\FWPolicy.bat

2013-07-01 15:34:36 296AEB5FF1159F45030514E8C1751368 81579 ----a-w- C:\JRT\misc.bat

2013-07-01 15:34:36 1EE55AF77826E0E6F89A0ED6278E2C35 1040 ----a-w- C:\JRT\TDL4.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-140583561-3743040662-2438868854-1000\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui"

"PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\58915]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="58915"

"hkey"="HKCU"

"command"="C:\\Users\\Fabiana\\AppData\\Roaming\\4e8\\58915.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Facebook Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Fabiana\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Fabiana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

"item"="Adobe Gamma"

"path"="C:\\Users\\Fabiana\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"

"backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE"

==== Startup Folders ======================

2013-07-03 11:21:45 46986 ----a-w- C:\users\Fabiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js

2013-07-03 11:21:45 46986 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/06/2013 21:41]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140583561-3743040662-2438868854-1000Core.job --a------ C:\Users\Fabiana\AppData\Local\Facebook\Update\FacebookUpdate.exe [05/09/2012 22:12]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-140583561-3743040662-2438868854-1000UA.job --a------ C:\Users\Fabiana\AppData\Local\Facebook\Update\FacebookUpdate.exe [05/09/2012 22:12]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/06/2013 19:21]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/06/2013 19:21]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

oalifdbckgeckmcjidkfgiikhpcdbdah - C:\Program Files (x86)\LyricsOn\Chrome.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oalifdbckgeckmcjidkfgiikhpcdbdah deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Fabiana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Fabiana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Fabiana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Fabiana\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Fabiana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 03/07/2013 at 8:52:47,31 ======================

[DigRam 144]

Bom Dia! wrongdoer

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )

|- Salve-o no desktop!

|- Siga com sua instalação.

|- Desmarque: "Desativar Autorun/AutoPlay automaticamente" -> OK

|- Aperte a tecla "Shift" e conecte seu pendrive ao computador!

|- Execute o arquivo UsbFix.exe,com um duplo clique.

|- Escolha a opção "Suppression".

|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )

|- Ps: Caso possua pendrives infectados,sugiro que os formate!

A+

[wrongdoer 0]

############################## | UsbFix V 7.129 | [supressão]

Usuário: Fabiana (Administrador) # FABIANA-PC

Atualizado em 24/06/2013 por El Desaparecido

Começou em 11:59:17 | 04/07/2013

Site: http://sosvirus.net/

Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html

Contato: contact@sosvirus.net

PC: Positivo (Positivo Mobile) (x64-based PC)

CPU: Intel® Core2 Duo CPU T6500 @ 2.10GHz (2099)

RAM -> [Total : 3951 | Free : 3241]

BIOS: BIOS Revision: 1.00.13POL

BOOT: Fail-safe with network boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [(!) Disabled]

WU: Windows Update Service [Enabled]

AV: avast! Antivirus [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 228 Gb (136 Mb livre - 60%) [] # NTFS

D:\ -> Disco fixo # 238 Gb (237 Mb livre - 100%) [] # NTFS

E:\ -> CD-ROM

F:\ -> Disco removível # 487 Mb (484 Mb livre - 99%) [bABI 1] # FAT32

G:\ -> Disco removível # 4 Gb (2 Mb livre - 67%) [bABI - 2] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE | Run : [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

HKLM\SOFTWARE\wow6432Node | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

HKLM\SOFTWARE\wow6432Node | Run : [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

HKLM\SOFTWARE | RunOnce : [] -

HKLM\SOFTWARE\wow6432Node | RunOnce : [] -

HKU\S-1-5-21-140583561-3743040662-2438868854-1000\SOFTWARE | Run : [58915] - C:\Users\Fabiana\AppData\Roaming\4e8\58915.js

################## | Processos parados |

Parado! C:\Windows\Explorer.EXE (1192)

Parado! C:\Windows\system32\ctfmon.exe (1240)

Parado! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2012)

Parado! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (652)

Parado! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1172)

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Users\Fabiana\AppData\Roaming\4e8\58915.js

Supprimido ! C:\Users\Fabiana\AppData\Roaming\4e8

Supprimido ! F:\forpedi.lnk

Supprimido ! F:\GPDFIRS.lnk

Supprimido ! F:\15.lnk

Supprimido ! F:\72727.lnk

Supprimido ! F:\75757.lnk

Supprimido ! G:\Fotos da MI - 2013.lnk

Supprimido ! G:\bar.lnk

Supprimido ! G:\USBVAULT.lnk

Supprimido ! G:\Fotos da MI.lnk

Supprimido ! G:\15.lnk

Supprimido ! F:\15\g045e.js

Supprimido ! F:\15\i080.js

Supprimido ! F:\72727\i6f6.js

Supprimido ! F:\72727\g63.js

Supprimido ! F:\75757\i68686.js

Supprimido ! F:\75757\g64.js

Supprimido ! F:\4e4\g5f93.js

Supprimido ! F:\4e4\i53.js

Supprimido ! G:\15\g045e.js

Supprimido ! G:\15\i080.js

Supprimido ! G:\4e4\i53.js

Supprimido ! G:\4e4\g5f93.js

Supprimido ! G:\bar

Supprimido ! G:\USBVAULT

(!) Ficheiros temporários suprimido.

################## | Registro |

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|58915

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

Supprimido ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig

################## | Mountpoints2 |

################## | Listing |

[03/07/2013 - 08:53:01 | SHD ] C:\$RECYCLE.BIN

[06/06/2013 - 12:54:49 | D ] C:\4f09

[01/07/2013 - 12:32:19 | N | 3451] C:\AdwCleaner[s1].txt

[01/07/2013 - 13:33:27 | N | 1021] C:\AdwCleaner[s2].txt

[28/02/2010 - 23:26:06 | D ] C:\Arquivos de Programas

[28/02/2010 - 23:00:46 | D ] C:\Boot

[13/07/2009 - 22:38:58 | RASH | 383562] C:\bootmgr

[28/02/2010 - 23:00:48 | N | 8192] C:\BOOTSECT.BAK

[18/06/2013 - 13:33:07 | N | 19906] C:\ComboFix.txt

[14/07/2009 - 02:08:56 | SHD ] C:\Documents and Settings

[13/07/2009 - 22:26:00 | N | 206312] C:\grldr

[04/07/2013 - 11:51:36 | ASH | 3107328000] C:\hiberfil.sys

[03/07/2013 - 08:38:59 | D ] C:\hijack

[01/07/2013 - 17:10:06 | D ] C:\JRT

[01/03/2010 - 00:49:15 | RD ] C:\MSOCache

[04/07/2013 - 11:51:38 | ASH | 4143104000] C:\pagefile.sys

[14/07/2009 - 00:20:08 | D ] C:\PerfLogs

[01/07/2013 - 13:10:35 | N | 512] C:\PhysicalDisk0_MBR.bin

[01/07/2013 - 13:35:21 | D ] C:\Program Files

[03/07/2013 - 08:48:44 | D ] C:\Program Files (x86)

[01/07/2013 - 12:35:32 | D ] C:\ProgramData

[18/06/2013 - 13:33:18 | D ] C:\Qoobox

[28/02/2010 - 23:26:07 | D ] C:\Recovery

[01/07/2013 - 17:23:14 | SHD ] C:\System Volume Information

[04/07/2013 - 12:02:44 | D ] C:\UsbFix

[04/07/2013 - 12:02:59 | A | 4750] C:\UsbFix [Clean 1] FABIANA-PC.txt

[28/02/2010 - 23:26:16 | D ] C:\Users

[03/07/2013 - 08:52:26 | D ] C:\Windows

[01/07/2013 - 17:23:18 | D ] C:\ZHP

[03/07/2013 - 08:52:47 | N | 15286] C:\zoek-results.log

[01/03/2010 - 00:36:30 | D ] D:\$RECYCLE.BIN

[01/03/2010 - 00:36:45 | SHD ] D:\System Volume Information

[31/12/1994 - 21:00:00 | R | 44] E:\Track01.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track02.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track03.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track04.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track05.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track06.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track07.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track08.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track09.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track10.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track11.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track12.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track13.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track14.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track15.cda

[31/12/1994 - 21:00:00 | R | 44] E:\Track16.cda

[02/06/2013 - 20:50:42 | D ] F:\forpedi

[06/06/2013 - 10:26:34 | D ] F:\GPDFIRS

[04/06/2013 - 11:15:32 | D ] F:\15

[04/06/2013 - 14:03:16 | D ] F:\72727

[04/06/2013 - 14:09:00 | D ] F:\75757

[15/06/2013 - 18:59:02 | D ] F:\4e4

[04/06/2013 - 12:36:42 | D ] G:\15

[06/06/2013 - 12:54:56 | D ] G:\4e4

[24/05/2013 - 16:20:46 | D ] G:\Fotos da MI - 2013

[24/05/2013 - 16:33:10 | D ] G:\Fotos da MI

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

F:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

G:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.net |

[DigRam 144]

Boa Tarde! wrongdoer

|- Sua máquina estava infectada por worms de pendrive.

-/-

|- Baixe: < > ( ... by OldTimer Tools )

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar ou

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.

< Explorer_ > << OTL

|- Ou... baixe-o daqui,que está renomeado,e não será bloqueado por malwares.

|- Configure a ferramenta,segundo a screenshot!

|- Em "Exame Extra do Registro",assinale "Nenhum".

SAVEMBR:0

*crack* /s 

*keygen* /s 

*serial* /s 

*AutoKMS* /s

*loader* /s

*netsvcs*

*msconfig*

*activex*

*drivers32*

%SYSTEMDRIVE%\*.*

%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%systemdrive%\drivers\*.exe

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroote%\*. /mp /s

%systemroot%\system32\*.ini

%systemroot%\Tasks\*.*

%systemroot%\system32\tasks\*.* /s /64

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\drivers\*.* /90

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_64\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

%systemdrive%\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*

%systemdrive%\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.* 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

/md5start

services.exe

/md5stop

regedit /e c:\registrybackup.reg /c

%windir%\tasks\*.* /s

|- Copie estas informações que estão no Code,para o Bloco de Notas.

|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!

|- Clique na área "Exames Personalizados/Correções".

|- Clique em Ok para procurar um arquivo com exame personalizado.

|- Clique "Abrir". ( scan.txt )

|- Após colar as informações na área branca,clique em

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

|- Para enviar,acesse: < MyFile.tk >

|- Ou acesse: < >

|- Maiores informações: < |Link| >

Abs!

[wrongdoer 0]

http://cjoint.com/13ju/CGcvWJPX3VB.htm

[DigRam 144]

Bom Dia! wrongdoer

|- < C:\Users\Fabiana\AppData\Roaming\Transformice >

|- Conheces esta pasta?

|- Execute a ferramenta OTL.exe.

|- Copie estas informações que estão no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricson@lyricson.net: C:\Program Files (x86)\LyricsOn\FF\
O4 - HKLM..\RunOnce: [] File not found 
O4 - Startup: C:\Users\Fabiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js () 
O13 - gopher Prefix: missing 
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found 
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found 
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found 
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found 
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O37 - HKU\S-1-5-21-140583561-3743040662-2438868854-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
[2013/07/03 08:57:54 | 000,046,986 | ---- | M] () -- C:\Users\Fabiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js 
 [2013/07/03 08:57:54 | 000,046,986 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js
 
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"Gopher"="gopher://"
 
:Files
C:\Program Files (x86)\LyricsOn
type C:\user.js >> test.txt /c
 
:Commands 
[CLEARALLRESTOREPOINTS]
[purity] 
[emptytemp] 
[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

A+

[wrongdoer 0]

|- < C:\Users\Fabiana\AppData\Roaming\Transformice >

Conheço sim, é uma pasta de um jogo.

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.

Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricson@lyricson.net deleted successfully.

File C:\Program Files (x86)\LyricsOn\FF not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.

C:\Users\Fabiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js moved successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-140583561-3743040662-2438868854-1000_Classes\.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-140583561-3743040662-2438868854-1000_Classes\ComFile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!

File C:\Users\Fabiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js not found.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\0a0.js moved successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== FILES ==========

File\Folder C:\Program Files (x86)\LyricsOn not found.

< type C:\user.js >> test.txt /c >

C:\Users\Fabiana\Desktop\cmd.bat deleted successfully.

C:\Users\Fabiana\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

Unable to stop System Restore Service. Error code 1084. Restore points not cleared.

Unable to start System Restore Service. Error code 1084. Restore point not created.

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 57616 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Fabiana

->Temp folder emptied: 1737 bytes

->Temporary Internet Files folder emptied: 5637276 bytes

->Google Chrome cache emptied: 8074143 bytes

->Flash cache emptied: 57621 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17991520 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 30,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07062013_111739

Files\Folders moved on Reboot...

C:\Users\Fabiana\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[DigRam 144]

Boa Tarde! wrongdoer

|- Qual,atualmente,a condição em que encontra-se o PC?

-/-

|- Baixe: |DelFix| ( ... de Xplode )

|- Estando na página,clique na seta verde para o download.

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

|- Execute-a!

|- Com as duas checkbox marcadas!

|- Clique "Run".

|- Poste o log!

A+

[wrongdoer 0]

Parace ter resolvido o problema, mas o painel de controle desapareceu

 

LOG

 

# DelFix v10.3 - Logfile created 06/07/2013 at 16:25:40

# Updated 08/06/2013 by Xplode

# Username : Fabiana - FABIANA-PC

# Operating System : Windows 7 Ultimate (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox

Deleted : C:\JRT

Deleted : C:\USBFix

Deleted : C:\_OTL

Deleted : C:\ZHP

Deleted : C:\Program Files (x86)\ZHPDiag

Deleted : C:\AdwCleaner[s1].txt

Deleted : C:\AdwCleaner[s2].txt

Deleted : C:\ComboFix.txt

Deleted : C:\PhysicalDisk0_MBR.bin

Deleted : C:\UsbFix [Clean 1] FABIANA-PC.txt

Deleted : C:\zoek-results.log

Deleted : C:\Users\Fabiana\Desktop\adwcleaner.exe

Deleted : C:\Users\Fabiana\Desktop\JRT.exe

Deleted : C:\Users\Fabiana\Desktop\JRT.txt

Deleted : C:\Users\Fabiana\Desktop\hijackthis.log

Deleted : C:\Users\Fabiana\Desktop\OTL.Txt

Deleted : C:\Users\Fabiana\Desktop\OTL.exe

Deleted : C:\Users\Fabiana\Desktop\scan.txt

Deleted : C:\Users\Fabiana\Desktop\usbfix.exe

Deleted : C:\Users\Fabiana\Desktop\zhp.txt

Deleted : C:\Users\Fabiana\Desktop\ZHPDiag.txt

Deleted : C:\Users\Fabiana\Desktop\ZHPDiag2.exe

Deleted : C:\Users\Fabiana\Desktop\ZHPFixReport.txt

Deleted : C:\Users\Fabiana\Desktop\zoek.exe

Deleted : C:\Users\Public\Desktop\MBRCheck.lnk

Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk

Deleted : C:\Users\Public\Desktop\ZHPFix.lnk

Deleted : C:\Users\Fabiana\Downloads\ComboFix.exe

Deleted : C:\Users\Fabiana\Downloads\esetsmartinstaller_enu.exe

Deleted : C:\Windows\grep.exe

Deleted : C:\Windows\PEV.exe

Deleted : C:\Windows\NIRCMD.exe

Deleted : C:\Windows\MBR.exe

Deleted : C:\Windows\SED.exe

Deleted : C:\Windows\SWREG.exe

Deleted : C:\Windows\SWSC.exe

Deleted : C:\Windows\SWXCACLS.exe

Deleted : C:\Windows\Zip.exe

Deleted : HKCU\Software\USBFix

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

New restore point created !

########## - EOF - ##########

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.