Spyder.RV 0 Denunciar post Postado Novembro 9, 2013 Há alguns dias, com a ajuda do iMasters resolvi o problema dos meus micros e agora preciso de ajuda novamente; mas para resolver o notebook de um amigo. Está com excesso de popups de publicidade e os sites estão sendo deformados, pois alteram tudo por conta de várias propagandas que são inseridas neles. Abaixo, segue o log do Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:41:50, on 09/11/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\taskhost.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Users\User\AppData\Roaming\VIVO INTERNET\ouc.exe C:\Windows\system32\SearchFilterHost.exe C:\Remoção de Malware\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\VuuPC\RemoteEngineHelper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77DE8857&p2=^9N^xdm074^YYA^br&ptb=3704733C-30CB-435C-BF89-1F973A12AFF1&si=CLGN2IT1nbgCFVIV7AodZ20AhA R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {b3b5c47e-61f7-4d81-af06-461fc86686ce} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll O2 - BHO: Toolbar BHO - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\PROGRA~1\MYSCRA~2\bar\1.bin\12bar.dll O2 - BHO: FoodBuzz - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll O2 - BHO: Search Assistant BHO - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: My Scrap Nook - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [My Scrap Nook Search Scope Monitor] "C:\PROGRA~1\MYSCRA~2\bar\1.bin\12srchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: My Scrap NookService (MyScrapNook_12Service) - COMPANYVERS_NAME - C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe O23 - Service: VuuPC RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files\VuuPC\remoteengine.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: VuuPC Connectivity (VuuPCConnectivity) - ClickMeIn Limited - C:\Program Files\VuuPC\Connectivity.exe -- End of file - 7240 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 9, 2013 Bom Dia! Spyder.RV|- Baixe: < > ( ... par Xplode )|- Ao acessar,clique na imagem: < >|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".|- Salve-o no desktop!|- Clique direito em adwcleaner.exe,e escolha sua execução como |- Ps: Dê início à ferramenta,clicando em "Scan".|- Ao concluir,clique "Clean" >> Clique "Report".|- Poste: < C:\AdwCleaner\AdwCleaner[s1].txt >A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 9, 2013 Bom dia, obrigado pela rapidez!Seguem os logs do adwCleaner:AdwCleaner[s0] # AdwCleaner v3.011 - Relatório criado 09/11/2013 às 11:03:32# Atualizado 03/11/2013 por Xplode# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)# Usuário : User - USER-PC# Executando de : C:\Remoção de Malware\adwcleaner.exe# Opção : Limpar***** [ Serviços ] *****Serviço Deletada : BitGuard AdwCleaner[s1] # AdwCleaner v3.011 - Relatório criado 09/11/2013 às 11:05:13# Atualizado 03/11/2013 por Xplode# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)# Usuário : User - USER-PC# Executando de : C:\Remoção de Malware\adwcleaner.exe# Opção : Limpar***** [ Serviços ] *****[#] Serviço Deletada : RemoteEngineServiceServiço Deletada : VuuPCConnectivity***** [ Arquivos / Pastas ] *****Pasta Deletada : C:\ProgramData\apnPasta Deletada : C:\ProgramData\Babylon[!] Pasta Deletada : C:\ProgramData\BitGuardPasta Deletada : C:\Program Files\DeltaPasta Deletada : C:\Program Files\LyrmixPasta Deletada : C:\Program Files\MyScrapNook_12Pasta Deletada : C:\Program Files\VuuPCPasta Deletada : C:\Users\User\FunmoodsPasta Deletada : C:\Users\User\AppData\Local\MyScrapNook_12Pasta Deletada : C:\Users\User\AppData\Local\Temp\apnPasta Deletada : C:\Users\User\AppData\LocalLow\MyScrapNook_12Pasta Deletada : C:\Users\User\AppData\Roaming\BabSolutionPasta Deletada : C:\Users\User\AppData\Roaming\BabylonPasta Deletada : C:\Users\User\AppData\Roaming\DeltaPasta Deletada : C:\Users\User\AppData\Roaming\file scoutPasta Deletada : C:\Users\User\AppData\Roaming\FunmoodsPasta Deletada : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuardPasta Deletada : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPCPasta Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\MyScrapNook_12Pasta Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\Extensions\ffxtlbr@delta.comPasta Deletada : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphhPasta Deletada : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehojPasta Deletada : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgfcicgjhneabbbfhddfcgifljdhhplArquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\bprotector_extensions.sqliteArquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\bprotector_prefs.jsArquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\searchplugins\ask-web-search.xmlArquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\searchplugins\Babylon.xmlArquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\searchplugins\delta.xmlArquivo Deletada : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\user.jsArquivo Deletada : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bProtector Web DataArquivo Deletada : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferencesArquivo Deletada : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorageArquivo Deletada : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorageArquivo Deletada : C:\Windows\System32\Tasks\EPUpdaterArquivo Deletada : C:\Windows\System32\Tasks\FunmoodsArquivo Deletada : C:\Windows\System32\Tasks\VuuPCUpdateArquivo Deletada : C:\Windows\System32\Tasks\VuuPCUpdateLogin***** [ Atalhos ] ********** [ Registro ] *****Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhChave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehojChave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\nkgfcicgjhneabbbfhddfcgifljdhhpl[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DC5A1FC-6DC2-4009-9811-08989E98F031}[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DC5A1FC-6DC2-4009-9811-08989E98F031}[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17AECC3C-B6A8-4702-A162-CAADDE426F0E}[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17AECC3C-B6A8-4702-A162-CAADDE426F0E}[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89EE3CB7-24BF-4BB1-8EE0-1673F61AAD35}[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72096B1B-F57E-472E-8AAC-B8D9C0433407}[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89EE3CB7-24BF-4BB1-8EE0-1673F61AAD35}[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{72096B1B-F57E-472E-8AAC-B8D9C0433407}Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsChave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escort.DLLChave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLChave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLChave Deletedo : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLChave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXEChave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaappCoreChave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaappCore.1Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltadskBndChave Deletedo : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaHlprChave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPaneChave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane.1Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.deltaESrvcChave Deletedo : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.capChave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCSChave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FunmoodsChave Deletedo : HKCU\Software\592dfdeb235e910Chave Deletedo : HKLM\SOFTWARE\592dfdeb235e910Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Scrap Nook Search Scope Monitor]Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0214754E-4E7D-4589-829D-E2523E6A3085}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A8E06666-F1AE-4436-80C1-A1A1A865F236}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FE6F06FB-0FC0-4499-828F-EE48088F504F}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754E-4E7D-4589-829D-E2523E6A3085}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754E-4E7D-4589-829D-E2523E6A3085}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8E06666-F1AE-4436-80C1-A1A1A865F236}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6F06FB-0FC0-4499-828F-EE48088F504F}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754E-4E7D-4589-829D-E2523E6A3085}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65F159FB-5F5E-46F4-B45D-CCFA236D2073}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8E06666-F1AE-4436-80C1-A1A1A865F236}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE6F06FB-0FC0-4499-828F-EE48088F504F}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE6F06FB-0FC0-4499-828F-EE48088F504F}]Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE6F06FB-0FC0-4499-828F-EE48088F504F}]Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B3B5C47E-61F7-4D81-AF06-461FC86686CE}]Chave Deletedo : HKCU\Software\BabSolutionChave Deletedo : HKCU\Software\DataMngr[#] Chave Deletedo : HKCU\Software\DataMngr_ToolbarChave Deletedo : HKCU\Software\delta LTDChave Deletedo : HKCU\Software\DeltaChave Deletedo : HKCU\Software\FunmoodsChave Deletedo : HKCU\Software\InstallCoreChave Deletedo : HKCU\Software\AppDataLow\Software\LyrmixChave Deletedo : HKLM\Software\DataMngrChave Deletedo : HKLM\Software\DeltaChave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FunmoodsChave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome ToolbarChave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeltaChave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyrmix@lyrmix.netChave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VuuPCDados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll***** [ Navegadores ] *****-\\ Internet Explorer v9.0.8112.16450Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]-\\ Mozilla Firefox v24.0 (pt-BR)[ Arquivo : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\prefs.js ]Linha deletada : user_pref("browser.search.defaultenginename", "Ask Web Search");Linha deletada : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=3704733C-30CB-435C-BF89-1F973A12AFF1&n=77fd7d06&p2=^9N^xdm074^YYA^br&si=CLGN2IT1nbgCFVIV7AodZ20AhA");Linha deletada : user_pref("extensions.delta.bbDpng", "9");Linha deletada : user_pref("extensions.delta.cntry", "BR");Linha deletada : user_pref("extensions.delta.hdrMd5", "");Linha deletada : user_pref("extensions.delta.lastVrsnTs", "");Linha deletada : user_pref("extensions.delta.sg", "er");Linha deletada : user_pref("extensions.delta.smplGrp", "er");Linha deletada : user_pref("extensions.enabledAddons", "ffxtlbr@delta.com:1.5.0,{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}:9.0,lyrmix@lyrmix.net:1.114,wrc@avast.com:8.0.1497,12ffxtbr@MyScrapNook_12.com:5.40.2.[...]Linha deletada : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");Linha deletada : user_pref("extensions.mywebsearch.prevKwdEnabled", true);Linha deletada : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.BUTTON_STRUCTURE", "[{\"b\":212154380,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":212154381,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=3704733C-30CB-435C-BF89-1F973A12AFF1&n=77fd7d06&p2=^9N^xdm074^YYA^br&si=CLGN2IT1nbgCFVIV7AodZ20Ah[...]Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.hp.enabled", true);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", "");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2013101318");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "^9N^xdm074^YYA^br");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "CLGN2IT1nbgCFVIV7AodZ20AhA");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "3704733C-30CB-435C-BF89-1F973A12AFF1");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1383995377769");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.lastKnownVersion", "5.40.2.31992");Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", true);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", true);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", true);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", true);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.toolbarCollapsed", false);Linha deletada : user_pref("extensions.toolbar.mindspark._12Members_.weather.location", "10001");Linha deletada : user_pref("extensions.toolbar.mindspark.hp.enabled", true);Linha deletada : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "myscrapnook@mindspark.com");Linha deletada : user_pref("extensions.toolbar.mindspark.lastInstalled", "myscrapnook@mindspark.com");Linha deletada : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=3704733C-30CB-435C-BF89-1F973A12AFF1&n=77fd7d06&ind=2013101318&p2=^9N^xdm074^YYA^br&si=CLGN2IT1nbgCFVIV7AodZ20AhA&sear[...]-\\ Google Chrome v30.0.1599.101[ Arquivo : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [18421 octets] - [09/11/2013 11:02:11]AdwCleaner[R1].txt - [18510 octets] - [09/11/2013 11:04:06]AdwCleaner[s0].txt - [333 octets] - [09/11/2013 11:03:32]AdwCleaner[s1].txt - [17889 octets] - [09/11/2013 11:05:13]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [17950 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 9, 2013 Bom Dia! Spyder.RV|- Baixe: < > ( ... by Oleg N. Scherbakov )|- Salve-o no desktop!|- Desabilite seu antivírus!|- Para Windows 7,clique direito em JRT.exe e execute-o ... |- Aguarde a conclusão e poste o relatório. ( JRT.txt )-/-|- Baixe Farbar Recovery Scan Tool.|- Baixe: < > ( ... by Farbar )|- Ou aqui...< Farbar Recovery Scan Tool 64-Bit >|- Ou aqui,para sistemas 64bit!|- Salve-o no desktop! (Área de trabalho ...)|- Execute a ferramenta! Clique "Yes" >> "Scan".|- Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.|- Em "Optional Scan",deixe marcada a checkbox "Addition.txt".|- Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.|- Poste os relatórios! (FRST.txt + Addition.txt)|- Ps: Se os logs forem extensos,envie-os à Pjjoint.malekal.|- Ou acesse: < >|- Maiores informações: < |Link| >A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 9, 2013 Seguem os logs do JRT, FRST e Addiction.txtJRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x86Ran by User on 09/11/2013 at 11:29:16,06~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3175704452-3321941460-2113021798-1000\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsmixUpdate_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsmixUpdate_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}~~~ Files~~~ Folders~~~ FireFoxSuccessfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xu3iho3p.default\searchplugins\babylon.xmlEmptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xu3iho3p.default\minidumps [14 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 09/11/2013 at 11:31:58,56End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013Ran by User (administrator) on USER-PC on 09-11-2013 11:34:45Running from C:\Remoção de MalwareMicrosoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Portuguese BrazilianInternet Explorer Version 9Boot Mode: Normal==================== Processes (Whitelisted) ===================(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe() C:\ProgramData\DatacardService\HWDeviceService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe() C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe(Huawei Technologies Co., Ltd.) C:\Users\User\AppData\Roaming\VIVO INTERNET\ouc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE(Thisisu) C:\Remoção de Malware\JRT.exe(Microsoft Corporation) C:\Windows\system32\cmd.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKCU\...\Run: [Facebook Update] - C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-07] (Facebook Inc.)HKCU\...\Run: [FoodBuzzUpdate] - C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe [251144 2013-05-25] (FoodBuzz)HKCU\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] - C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)MountPoints2: {27ff37fa-0f34-11e3-ae1a-50b7c3c3b6f2} - F:\AutoRun.exeMountPoints2: {27ff380f-0f34-11e3-ae1a-50b7c3c3b6f2} - F:\AutoRun.exeMountPoints2: {df6fc232-1319-11e3-bddf-50b7c3c3b6f2} - F:\iLinker.exe==================== Internet (Whitelisted) ====================SearchScopes: HKLM - DefaultScope value is missing.BHO: FoodBuzz - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll ()BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} https://cpne.bradesco.com.br/certifexp.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.25.1FireFox:========FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.defaultFF NewTab: user_pref("browser.newtab.url", "");FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @MyScrapNook_12.com/Plugin - C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll No FileFF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xmlFF Extension: My Scrap Nook - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\Extensions\12ffxtbr@MyScrapNook_12.comFF Extension: FoodBuzz - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\Extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FFFF HKLM\...\Firefox\Extensions: [12ffxtbr@MyScrapNook_12.com] - C:\Program Files\MyScrapNook_12\bar\1.binFF HKCU\...\Firefox\Extensions: [lyrmix@lyrmix.net] - C:\Program Files\Lyrmix\FF\Chrome: =======CHR DefaultSearchURL: (Search the web) - http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=241772B7C3C3B6F1&affID=121232&tl=gcn34162&tt=040713_ifrmful&tsp=4936CHR DefaultSuggestURL: (Search the web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1CHR HKLM\...\Chrome\Extension: [jofdlbdmefjogcipddjnblinigmpagoj] - C:\Program Files\Lyrmix\Chrome.crx========================== Services (Whitelisted) =================R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-06-11] (Intel Corporation)R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)S2 MyScrapNook_12Service; C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe [x]==================== Drivers (Whitelisted) ====================R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2239488 2012-04-19] (Qualcomm Atheros Communications, Inc.)S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-01-30] (Huawei Technologies Co., Ltd.)R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-10] (Intel Corporation)U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [102784 2010-07-27] (Huawei Technologies Co., Ltd.)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-11-09 11:34 - 2013-11-09 11:34 - 00000000 ____D C:\FRST2013-11-09 11:31 - 2013-11-09 11:31 - 00002011 _____ C:\Users\User\Desktop\JRT.txt2013-11-09 11:29 - 2013-11-09 11:29 - 00000000 ____D C:\Windows\ERUNT2013-11-09 11:01 - 2013-11-09 11:05 - 00000000 ____D C:\AdwCleaner2013-11-09 10:40 - 2013-11-09 11:34 - 00000000 ____D C:\Remoção de Malware2013-11-09 10:40 - 2013-11-09 10:40 - 00002969 _____ C:\Users\User\Desktop\HiJackThis.lnk2013-11-09 10:40 - 2013-11-09 10:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2013-11-09 10:39 - 2013-11-09 10:39 - 01402880 _____ C:\Users\User\Downloads\HijackThis.msi2013-10-22 14:40 - 2013-10-22 14:40 - 00003352 ____N C:\bootsqm.dat2013-10-13 00:27 - 2013-10-13 00:27 - 00000000 ____D C:\Windows\system32\searchplugins2013-10-13 00:27 - 2013-10-13 00:27 - 00000000 ____D C:\Windows\system32\Extensions==================== One Month Modified Files and Folders =======2013-11-09 11:34 - 2013-11-09 11:34 - 00000000 ____D C:\FRST2013-11-09 11:34 - 2013-11-09 10:40 - 00000000 ____D C:\Remoção de Malware2013-11-09 11:32 - 2013-07-01 05:15 - 00345915 _____ C:\Windows\WindowsUpdate.log2013-11-09 11:31 - 2013-11-09 11:31 - 00002011 _____ C:\Users\User\Desktop\JRT.txt2013-11-09 11:29 - 2013-11-09 11:29 - 00000000 ____D C:\Windows\ERUNT2013-11-09 11:06 - 2013-07-02 03:35 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-11-09 11:06 - 2013-07-02 03:15 - 00025726 _____ C:\Windows\setupact.log2013-11-09 11:06 - 2013-07-02 02:09 - 00000818 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2013-11-09 11:06 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-11-09 11:05 - 2013-11-09 11:01 - 00000000 ____D C:\AdwCleaner2013-11-09 11:05 - 2009-07-14 02:34 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-09 11:05 - 2009-07-14 02:34 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-09 10:47 - 2013-07-02 03:35 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-11-09 10:43 - 2013-07-02 02:24 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-11-09 10:40 - 2013-11-09 10:40 - 00002969 _____ C:\Users\User\Desktop\HiJackThis.lnk2013-11-09 10:40 - 2013-11-09 10:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2013-11-09 10:39 - 2013-11-09 10:39 - 01402880 _____ C:\Users\User\Downloads\HijackThis.msi2013-11-09 10:33 - 2013-07-02 03:28 - 00021258 _____ C:\Windows\PFRO.log2013-11-09 09:14 - 2013-07-07 14:25 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3175704452-3321941460-2113021798-1000Core.job2013-11-09 09:08 - 2013-07-07 14:25 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3175704452-3321941460-2113021798-1000UA.job2013-11-09 09:08 - 2013-07-02 02:09 - 00000820 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2013-10-29 10:31 - 2011-04-12 02:47 - 00654470 _____ C:\Windows\system32\prfh0416.dat2013-10-29 10:31 - 2011-04-12 02:47 - 00124922 _____ C:\Windows\system32\prfc0416.dat2013-10-29 10:31 - 2010-11-20 19:01 - 01491932 _____ C:\Windows\system32\PerfStringBackup.INI2013-10-22 14:40 - 2013-10-22 14:40 - 00003352 ____N C:\bootsqm.dat2013-10-22 11:39 - 2013-07-02 02:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype2013-10-18 14:58 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\rescache2013-10-18 00:21 - 2013-07-02 03:36 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-10-13 00:27 - 2013-10-13 00:27 - 00000000 ____D C:\Windows\system32\searchplugins2013-10-13 00:27 - 2013-10-13 00:27 - 00000000 ____D C:\Windows\system32\ExtensionsSome content of TEMP:====================C:\Users\User\AppData\Local\Temp\180713_d.exeC:\Users\User\AppData\Local\Temp\180713_y.exeC:\Users\User\AppData\Local\Temp\ose00000.exeC:\Users\User\AppData\Local\Temp\Quarantine.exeC:\Users\User\AppData\Local\Temp\setup_fsu_cid.exeC:\Users\User\AppData\Local\Temp\System.Data.SQLite.dll==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll[2010-11-20 19:29] - [2010-11-20 19:29] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1C:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-10-26 14:25==================== End Of Log ============================ Addiction.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013Ran by User at 2013-11-09 11:35:26Running from C:\Remoção de MalwareBoot Mode: Normal============================================================================== Security Center ========================AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)Adobe Flash Player 11 Plugin (Version: 11.9.900.117)Adobe Reader XI (11.0.05) - Português (Version: 11.0.05)Atheros Client Installation Program (Version: 9.0)aTube Catcher (Version: 2.9.1477)avast! Free Antivirus (Version: 8.0.1497.0)CCleaner (Version: 4.03)Curso HJ de DatilografiaFacebook Video Calling 1.2.0.287 (Version: 1.2.287)FoodBuzz (Version: 9.0)Google Chrome (Version: 30.0.1599.101)Google Update Helper (Version: 1.3.21.165)HiJackThis (Version: 1.0.0)Intel® Manageability Engine Firmware Recovery Agent (Version: 1.0.0.35342)Intel® Management Engine Components (Version: 8.0.2.1410)Intel® OpenCL CPU RuntimeIntel® Processor Graphics (Version: 8.15.10.2712)Intel® Rapid Storage Technology (Version: 11.0.0.1032)Intel® Trusted Connect Service Client (Version: 1.23.605.1)Java 7 Update 25 (Version: 7.0.250)Java Auto Updater (Version: 2.1.9.5)K-Lite Mega Codec Pack 9.7.0 (Version: 9.7.0)Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)Mozilla Firefox 24.0 (x86 pt-BR) (Version: 24.0)Mozilla Maintenance Service (Version: 24.0)My Scrap Nook Firefox ToolbarMy Scrap Nook Internet Explorer ToolbarNero 8 Lite 8.2.8.0 (Version: 8.2.8.0)Realtek Ethernet Controller Driver (Version: 7.50.1123.2011)Skype™ 6.1 (Version: 6.1.129)Vivo - Guia Vivo Internet versão 1.0 (Version: 1.0)VIVO INTERNET (Version: 16.002.10.02.149)VuuPC PackagesWinRAR 4.20 (32-bit) (Version: 4.20.0)==================== Restore Points =========================08-08-2013 13:52:00 Instalador de Módulos do Windows18-10-2013 16:57:18 Ponto de Verificação Agendado09-11-2013 12:40:21 Installed HiJackThis==================== Hosts content: ==========================2009-07-14 00:04 - 2013-07-02 01:45 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 genuine.microsoft.com127.0.0.1 mpa.one.microsoft.com127.0.0.1 sls.microsoft.com==================== Scheduled Tasks (whitelisted) =============Task: {0056FBE7-89C2-409E-9854-650386763B9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)Task: {0AE50406-6F0D-4FE6-9A86-7417B8963EBB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3175704452-3321941460-2113021798-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07] (Facebook Inc.)Task: {5DBDA7A5-FF58-42CE-B1F6-54ADB21AF0E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)Task: {70EA5A69-21A9-4AD9-A921-A37916B7F621} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-02] (Google Inc.)Task: {8413E34B-443B-4B89-9C86-DB89CE252DC3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3175704452-3321941460-2113021798-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07] (Facebook Inc.)Task: {92D06FA8-0DCF-4103-9A61-D1C4B7962A4B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)Task: {B9A8B669-A433-45A2-A31B-9AF5AEC960FB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)Task: {E729368E-8735-4637-A2FC-7AEE0AF59271} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)Task: {EBAFD443-81B6-4AEC-A1C5-2B6ABBE224D1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3175704452-3321941460-2113021798-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3175704452-3321941460-2113021798-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exeTask: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe==================== Loaded Modules (whitelisted) =============2013-10-18 00:21 - 2013-10-08 22:01 - 00698832 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll2013-10-18 00:21 - 2013-10-08 22:01 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll2013-10-18 00:21 - 2013-10-08 22:02 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll2013-10-18 00:21 - 2013-10-08 22:02 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll2013-10-18 00:21 - 2013-10-08 22:01 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll2013-10-18 00:21 - 2013-10-08 22:02 - 13584336 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ======================================= Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================System errors:=============Microsoft Office Sessions:============================================= Memory info =========================== Percentage of memory in use: 54%Total physical RAM: 1741.54 MBAvailable physical RAM: 789.41 MBTotal Pagefile: 3483.08 MBAvailable Pagefile: 2262.38 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1900.8 MB==================== Drives ================================Drive c: () (Fixed) (Total:78.03 GB) (Free:57 GB) NTFSDrive d: (Arquivos) (Fixed) (Total:219.96 GB) (Free:219.83 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 19F31E73)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)==================== End Of Log ============================ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 9, 2013 Boa Tarde! Spyder.RVstartMountPoints2: {27ff37fa-0f34-11e3-ae1a-50b7c3c3b6f2} - F:\AutoRun.exeMountPoints2: {27ff380f-0f34-11e3-ae1a-50b7c3c3b6f2} - F:\AutoRun.exeMountPoints2: {df6fc232-1319-11e3-bddf-50b7c3c3b6f2} - F:\iLinker.exeSearchScopes: HKLM - DefaultScope value is missing.BHO: FoodBuzz - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll ()S2 MyScrapNook_12Service; C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe [x]FF Plugin: @MyScrapNook_12.com/Plugin - C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll No FileFF HKLM\...\Firefox\Extensions: [12ffxtbr@MyScrapNook_12.com] - C:\Program Files\MyScrapNook_12\bar\1.binFF HKCU\...\Firefox\Extensions: [lyrmix@lyrmix.net] - C:\Program Files\Lyrmix\FF\CHR HKLM\...\Chrome\Extension: [jofdlbdmefjogcipddjnblinigmpagoj] - C:\Program Files\Lyrmix\Chrome.crxC:\Program Files\Lyrmix\Chrome.crxC:\Program Files\LyrmixC:\Users\User\AppData\Local\Temp\180713_d.exeC:\Users\User\AppData\Local\Temp\180713_y.exeC:\Users\User\AppData\Local\Temp\ose00000.exeC:\Users\User\AppData\Local\Temp\Quarantine.exeC:\Users\User\AppData\Local\Temp\setup_fsu_cid.exeC:\Users\User\AppData\Local\Temp\System.Data.SQLite.dllend|- Copie estas informações que estão em vermelho,para o Bloco de Notas.|- Salve-o no desktop com o nome fixlist. << Texto!|- Execute FRST/FRST64 >> Clique "Fix".|- Aguarde e,à seguir,poste o relatório! (Fixlog.txt)A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 9, 2013 Segue relatório Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013 Ran by User at 2013-11-09 12:46:12 Run:1 Running from C:\Remoção de Malware Boot Mode: Normal ============================================== Content of fixlist: ***************** start MountPoints2: {27ff37fa-0f34-11e3-ae1a-50b7c3c3b6f2} - F:\AutoRun.exe MountPoints2: {27ff380f-0f34-11e3-ae1a-50b7c3c3b6f2} - F:\AutoRun.exe MountPoints2: {df6fc232-1319-11e3-bddf-50b7c3c3b6f2} - F:\iLinker.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: FoodBuzz - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll () S2 MyScrapNook_12Service; C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe [x] FF Plugin: @MyScrapNook_12.com/Plugin - C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll No File FF HKLM\...\Firefox\Extensions: [12ffxtbr@MyScrapNook_12.com] - C:\Program Files\MyScrapNook_12\bar\1.bin FF HKCU\...\Firefox\Extensions: [lyrmix@lyrmix.net] - C:\Program Files\Lyrmix\FF\ CHR HKLM\...\Chrome\Extension: [jofdlbdmefjogcipddjnblinigmpagoj] - C:\Program Files\Lyrmix\Chrome.crx C:\Program Files\Lyrmix\Chrome.crx C:\Program Files\Lyrmix C:\Users\User\AppData\Local\Temp\180713_d.exe C:\Users\User\AppData\Local\Temp\180713_y.exe C:\Users\User\AppData\Local\Temp\ose00000.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\setup_fsu_cid.exe C:\Users\User\AppData\Local\Temp\System.Data.SQLite.dll end ***************** HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27ff37fa-0f34-11e3-ae1a-50b7c3c3b6f2} => Key deleted successfully. HKCR\CLSID\{27ff37fa-0f34-11e3-ae1a-50b7c3c3b6f2} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27ff380f-0f34-11e3-ae1a-50b7c3c3b6f2} => Key deleted successfully. HKCR\CLSID\{27ff380f-0f34-11e3-ae1a-50b7c3c3b6f2} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df6fc232-1319-11e3-bddf-50b7c3c3b6f2} => Key deleted successfully. HKCR\CLSID\{df6fc232-1319-11e3-bddf-50b7c3c3b6f2} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195} => Key deleted successfully. HKCR\CLSID\{1C6E034D-B4B6-4D96-94B5-4163A5EB2195} => Key deleted successfully. MyScrapNook_12Service => Service deleted successfully. HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin => Key deleted successfully. C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll not found. HKLM\Software\Mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com => Value deleted successfully. HKCU\Software\Mozilla\Firefox\Extensions\\lyrmix@lyrmix.net => Value deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\jofdlbdmefjogcipddjnblinigmpagoj => Key deleted successfully. "C:\Program Files\Lyrmix\Chrome.crx" => File/Directory not found. "C:\Program Files\Lyrmix\Chrome.crx" => File/Directory not found. "C:\Program Files\Lyrmix" => File/Directory not found. C:\Users\User\AppData\Local\Temp\180713_d.exe => Moved successfully. C:\Users\User\AppData\Local\Temp\180713_y.exe => Moved successfully. C:\Users\User\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\User\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\User\AppData\Local\Temp\setup_fsu_cid.exe => Moved successfully. C:\Users\User\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully. ==== End of Fixlog ==== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 9, 2013 Boa Tarde! Spyder.RV|- Baixe: < zoek > ( ... by Smeenk )|- Ou aqui! < zoek.exe >|- Salve-o no desktop!|- Desabilite seu antivírus!|- Para Windows 7,execute zoek.exe como administrador.hijackthis;iedefaults;CHRdefaults;chromelook;autoclean;emptyalltemp;|- Copie e cole estas informações,em vermelho,no campo da ferramenta.|- Clique "Run Script". Zoek.exe is running now.Do not start any browser windows, they will be closed automatically.Please wait! This window will close when finished.A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.|- Aceite e/ou confirme o reboot! zoek.hta failed by unknown error.Restart computer, and try again. |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.|- Poste o relatório,que estará em C:\zoek-results.txt <<A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 9, 2013 Boa tarde. Segue log do zoek: Zoek.exe Version 4.0.0.5 Updated 09-November-2013 Tool run by User on 09/11/2013 at 13:17:17,92. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Remoção de Malware\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 09/11/2013 13:18:14 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default user.js not found ---- Lines delta modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So ---- FireFox user.js and prefs.js backups ---- prefs_112013_1323_.backup ==== Deleting Files \ Folders ====================== C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\extensions\ffxtlbr@delta.com not found C:\Users\User\AppData\Local\funmoods_2.3.1.crx deleted C:\Users\User\AppData\Local\funmoods_speedial_v9.0.10.crx deleted C:\Users\User\AppData\Local\avgchrome deleted C:\Users\User\Downloads\DownloadManagerSetup (1).exe deleted C:\Users\User\Downloads\DownloadManagerSetup.exe deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default\extensions\12ffxtbr@MyScrapNook_12.com deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [23/09/2013 19:09] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default - Undetermined - C:\Program Files\Lyrmix\FF - avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - FoodBuzz - %ProfilePath%\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25} AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xu3iho3p.default CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash 69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25 D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== Google Wallet - User - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.yhs.delta-search.com_0.localstorage deleted successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.yhs.delta-search.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe ==== Empty IE Cache ====================== C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\xu3iho3p.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on 09/11/2013 at 13:25:46,24 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 9, 2013 Boa Tarde! Spyder.RV|- Abra o HijackThis|- Clique: "Do a system scan only"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKCU\..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exeO4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"|- Marque estas entradas que estão em vermelho! ( Assinale as caixinhas! )|- Ps: Marque as que encontrar!|- Clique,para finalizá-las,em Fix checked >> Sim!|- Poste o relatório!A+ Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 9, 2013 Segue novo log do hijackthis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:44:59, on 09/11/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Windows\system32\notepad.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\User\AppData\Roaming\VIVO INTERNET\ouc.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Remoção de Malware\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- End of file - 5226 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 9, 2013 Boa Tarde! Spyder.RV|- Remova as ferramentas que foram empregadas na desinfecção.-/-|- Baixe: |DelFix| ( ... de Xplode )|- Estando na página,clique na seta verde para o download.|- Salve-a em um local conveniente! ( desktop! )|- Feche aplicativos que estejam abertos.|- Execute-a!|- Com as 3 checkbox marcadas!|- Clique "Run".|- Tudo Ok?Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Novembro 9, 2013 Deu tudo certo... muito obrigado! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 9, 2013 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
