[Resolvido] &nbspInvasão de Pop ups!

[LFABER 0]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:51:26, on 20/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BHO - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files (x86)\Internet Explorer\IEAddon.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: IEHelper Class - {C6EA5A8D-8B01-4498-8B9A-B40AA281035F} - C:\Program Files (x86)\Retsina Software\IEJet\popkiller.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IEJet - {44F4B2D4-ED9F-4c9c-9D54-725FE9895554} - C:\Program Files (x86)\Retsina Software\IEJet\popkiller.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10529 bytes

[DigRam 144]

Boa Noite! LFaber

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como



|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Ao concluir,clique "Clean" >> Aguarde! >> Clique "Report".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

A+

[LFABER 0]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\prefs.js ]

Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "2058a665000000000000001e64757680");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15883");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2058a665000000000000001e64757680&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1013:32:05");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=122793&tsp=4926");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21,webbooster%40iminent.com:7.47.2.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1");
Line Deleted : user_pref("iminent.LayoutId", "1");
Line Deleted : user_pref("iminent.ShowThankyouPixel", "0");
Line Deleted : user_pref("iminent.adapters", "{\"google\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1384990557478259083\"},\"tim\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":2,\"e[...]
Line Deleted : user_pref("iminent.registerToolbarEvent100", "1384977077496");
Line Deleted : user_pref("iminent.registerToolbarEvent101", "1384972042031");
Line Deleted : user_pref("iminent.registerToolbarEvent102", "1384984715292");
Line Deleted : user_pref("iminent.registerToolbarEvent105", "1384911022602");
Line Deleted : user_pref("iminent.registerToolbarEvent109", "1384991167455");
Line Deleted : user_pref("iminent.registerToolbarEvent110", "1384991708660");
Line Deleted : user_pref("iminent.registerToolbarEvent111", "1384991167461");
Line Deleted : user_pref("iminent.registerToolbarEvent112", "1384991184908");
Line Deleted : user_pref("iminent.registerToolbarEvent122", "1384991167467");
Line Deleted : user_pref("iminent.registerToolbarEvent136", "1383650690666");
Line Deleted : user_pref("iminent.registerToolbarEvent140", "1384984707823");
Line Deleted : user_pref("iminent.version", "7.47.2.1");
Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.41.2.1\",\"InstallEventCTime\":1382046475704,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1385061328123}");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9055 octets] - [21/11/2013 17:26:15]
AdwCleaner[s0].txt - [8876 octets] - [21/11/2013 17:27:07]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8936 octets] ##########

Postei certo?! Se não, me desculpe!!

LFABER

[DigRam 144]

Boa Noite! LFABER

 

|- Baixe: < > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ...
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

[LFABER 0]

Bom dia Dig Ram!!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Leila on 22/11/2013 at 7:59:17,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-855506272-3775289842-286538128-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_130001_1001_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_130001_1001_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Leila\AppData\Roaming\mozilla\firefox\profiles\mgfcnw26.default-1371434733694\minidumps [44 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/11/2013 at 8:05:57,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

Bom Dia! LFABER

 

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chromelook;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

 

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento relatório.
|- Ps: Essas informações podem permanecer estáticas na tela,por 20 minutos ou mais.



|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

 

Abs!

[LFABER 0]

Olá Dig Ram, aqui está:

 

Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by Leila on 28/11/2013 at 18:44:32,28.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leila\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe [Quick Scan] [Auto Clean]

==== System Restore Info ======================

28/11/2013 18:45:49 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apostila Escriturário - Banco do Brasil not found
C:\Users\Leila\AppData\LocalLow\store-pp.jbs deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Leila\AppData\Local\Temp ====
2013-11-22 09:58:47 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-11-18 20:16:49 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys
2013-11-18 20:16:49 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2013-11-18 20:16:49 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys
2013-11-18 20:16:49 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2013-11-18 20:16:48 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2013-11-18 20:16:48 9406D801042FAF859CF81B2C886413DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2013-11-18 20:16:48 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2013-11-13 11:27:27 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2013-11-13 11:27:20 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-11-13 11:27:20 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2013-11-13 11:27:20 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-11-21 00:31:08 -------- d-----w- C:\PROGRA~2\Trend Micro
2013-11-21 00:25:00 -------- d-----w- C:\PROGRA~2\Retsina Software
======= C: =====
====== C:\Users\Leila\AppData\Roaming ======
2013-11-21 00:25:01 -------- d-----w- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IEJet
====== C:\Users\Leila ======
2013-11-22 09:58:01 86FB5E8D5D1E3E405C46CCBF991E6FD4 1034531 ----a-w- C:\Users\Leila\Downloads\JRT.exe
2013-11-21 19:25:02 9812917FE2FCDEA2FD800573D7842E5D 1085542 ----a-w- C:\Users\Leila\Downloads\adwcleaner.exe
2013-11-21 00:25:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IEJet

====== C: exe-files ==
2013-11-22 09:58:47 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2013-11-22 09:58:01 86FB5E8D5D1E3E405C46CCBF991E6FD4 1034531 ----a-w- C:\Users\Leila\Downloads\JRT.exe
=== C: other files ==
2013-11-28 20:45:04 90A594537C3731C9A3AB3B540868B60B 346 ----a-w- C:\Users\Leila\AppData\Local\Temp\drives.vbs
2013-11-22 09:58:45 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\modules.bat
2013-11-22 09:58:45 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\chrome.bat
2013-11-22 09:58:45 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\firefox.bat
2013-11-22 09:58:45 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\FWPolicy.bat
2013-11-22 09:58:45 B8AF52799C6359D40228B006C1432C57 16063 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\get.bat
2013-11-22 09:58:45 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\ask.bat
2013-11-22 09:58:45 87458834C37183459AA6F19EF5E06533 9099 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\runvalues.bat
2013-11-22 09:58:45 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\ev_clear.bat
2013-11-22 09:58:45 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\iexplore.bat
2013-11-22 09:58:45 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\delorphans.bat
2013-11-22 09:58:45 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\prelim.bat
2013-11-22 09:58:45 504CA0FC8BE3A47ECE89CEC2E5B21E67 10261 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\JRT.bat
2013-11-22 09:58:45 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\searchlnk.bat
2013-11-22 09:58:45 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\TDL4.bat
2013-11-22 09:58:45 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\medfos.bat
2013-11-22 09:58:45 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\delfolders.bat
2013-11-22 09:58:45 006F09DF7EB9E9E61935F16AF2B6DC71 150291 ----a-w- C:\Users\Leila\AppData\Local\Temp\jrt\misc.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-855506272-3775289842-286538128-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe MAGICJACK"
"Facebook Update"="C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-21-855506272-3775289842-286538128-1000\Software\Microsoft\Windows\CurrentVersion\runonce]
"FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe MAGICJACK"
"Facebook Update"="C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QlbCtrl.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"


==== Startup Folders ======================

2013-03-12 22:33:23 1315 ----a-w- C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/10/2013 19:27]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-855506272-3775289842-286538128-1000Core.job --a------ C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe [23/05/2013 00:59]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-855506272-3775289842-286538128-1000UA.job --a------ C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe [23/05/2013 00:59]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/12/2012 22:51]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\bho_update" ["C:\Program Files (x86)\Internet Explorer\Updater.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-855506272-3775289842-286538128-1000Core" [C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-855506272-3775289842-286538128-1000UA" [C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{66000E11-84A8-462D-95CB-E0C2144A1FA0}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.0.60.126/pt/abandoninstall?page=tsMain]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{203FB6B2-2E1E-4474-863B-4C483ECCE78E}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Leila\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 11:59]

Skype for Chromium - Leila - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Leila - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-855506272-3775289842-286538128-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-855506272-3775289842-286538128-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{203FB6B2-2E1E-4474-863B-4C483ECCE78E} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Leila\AppData\Local\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Leila\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 28/11/2013 at 19:03:04,63 ======================
Abraços LFABER.

[DigRam 144]

Bom Dia! LFABER

|- Seus logs estão limpos. :natalsmile:

|- Tudo Ok?

-/-

|- Baixe: < DelFix > ( ... de Xplode )

|- Estando na página,clique na seta verde para o download.

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

|- Execute-a!

|- Com as 3 checkbox marcadas!

|- Clique "Run".

Abs!

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.