Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

tecnicodehardware

[Resolvido] &nbspVirus Boaxxe,Redmys,Kryptik e Generik quero saber os

Recommended Posts

Suspeito que aqui tenha sido infectado com estes virus graças a um Torrent que minha namorada baixou no link abaixo, o note é meu e dela:

 

megasoftwareparadise.blogspot.com.br/2013/12/ape-ripper-630-torrent.html

 

E depois ela ao instalar esse Ape Ripper que supostamente deveria estar normal só ficava dando erro e no final o NOD32 alertou sobre vírus Redmys.AF, Boaxxe.BH.gen e Boaxxe.BE em três processos, e como aqui no Windows 8.1 ainda não dá pra usar ComboFix usei MalwareBytes e Kaspersky Security Scan para localizar o foco do virus e ambos encontraram arquivos infectados que nem o NOD32 detectou, os que o KSS encontrou removi manualmente mas 4 dias depois o NOD32 encontrou mais arquivos infectados com Boaxxe.BE e Kryptik.BTEM/BTOF e Generik e agora já faz uns 2 dias que não é encontrado nenhum arquivo infectado mas não sei se os focos sumiram de vez daqui, segue aqui os logs do MB:

 

Citar

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Versão da Base de Dados: v2014.01.20.06
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz :: PC-CRUZ [administrador]
Proteção: Permitir
20/01/2014 16:50:48
mbam-log-2014-01-20 (16-50-48).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 501432
Tempo decorrido: 3 hora(s), 38 minuto(s), 1 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 1
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Será deletado na próxima inicialização.
Chaves de Registro Detectadas: 16
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{06E50566-0AB7-431C-841D-62794727DAF9} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AVworks (VirTool.Vbcrypt) -> Data: regsvr32.exe "C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll" -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0S1M2W1C1S1J1T1L1E1B1I -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Enviado para a Quarentena e reparado com sucesso.
Pastas Detectadas: 3
C:\Users\leticia cruz\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\eSafe (PUP.Optional.Esafe.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.
Arquivos Detectados: 13
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\fabricio.therebels.convertxtodvd.v5.1.0.2\patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager 6.18 build 2\Keygen-Patch UnREaL RCE\Keygen.and.Patch-UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\kawyn.therebels.sbousidm\IDM.v6.xx.release.3-patch-IREC\IDM.v6.xx.release.3-patch.exe (PUP.Hacktool.Patcher) -> Nenhuma ação foi feita.
C:\Windows\Office15\Activator\OfficeAcT.exe (Spyware.Banker) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Será deletado na próxima inicialização.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9982.exe (Trojan.Dorkbot.ED) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\eSafe\EDELAYINFO.EDB (PUP.Optional.Esafe.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT\uninst.exe (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.
(fim)

Citar

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Versão da Base de Dados: v2014.01.20.06
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz :: PC-CRUZ [administrador]
Proteção: Permitir
20/01/2014 16:50:48
MBAM-log-2014-01-20 (21-22-03).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 501432
Tempo decorrido: 3 hora(s), 38 minuto(s), 1 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 1
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Nenhuma ação foi feita.
Chaves de Registro Detectadas: 16
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nenhuma ação foi feita.
HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\Interface\{06E50566-0AB7-431C-841D-62794727DAF9} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Nenhuma ação foi feita.
HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Nenhuma ação foi feita.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Nenhuma ação foi feita.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nenhuma ação foi feita.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Nenhuma ação foi feita.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Nenhuma ação foi feita.
Valores de Registro Detectadas: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AVworks (VirTool.Vbcrypt) -> Data: regsvr32.exe "C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll" -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Nenhuma ação foi feita.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0S1M2W1C1S1J1T1L1E1B1I -> Nenhuma ação foi feita.
Itens de Dados no Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Nenhuma ação foi feita.
Pastas Detectadas: 3
C:\Users\leticia cruz\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Nenhuma ação foi feita.
C:\ProgramData\eSafe (PUP.Optional.Esafe.A) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT (PUP.Optional.FileScout.A) -> Nenhuma ação foi feita.
Arquivos Detectados: 13
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9982.exe (Trojan.Dorkbot.ED) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\fabricio.therebels.convertxtodvd.v5.1.0.2\patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager 6.18 build 2\Keygen-Patch UnREaL RCE\Keygen.and.Patch-UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\kawyn.therebels.sbousidm\IDM.v6.xx.release.3-patch-IREC\IDM.v6.xx.release.3-patch.exe (PUP.Hacktool.Patcher) -> Nenhuma ação foi feita.
C:\Windows\Office15\Activator\OfficeAcT.exe (Spyware.Banker) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nenhuma ação foi feita.
C:\ProgramData\eSafe\EDELAYINFO.EDB (PUP.Optional.Esafe.A) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT\uninst.exe (PUP.Optional.FileScout.A) -> Nenhuma ação foi feita.
(fim)

Citar

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Versão da Base de Dados: v2014.01.21.05
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz :: PC-CRUZ [administrador]
Proteção: Permitir
21/01/2014 14:30:47
mbam-log-2014-01-21 (14-30-47).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 496824
Tempo decorrido: 3 hora(s), 24 minuto(s), 16 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 8
C:\Users\leticia cruz\Downloads\Compressed\fabricio.therebels.convertxtodvd.v5.1.0.2\patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager 6.18 build 2\Keygen-Patch UnREaL RCE\Keygen.and.Patch-UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\kawyn.therebels.sbousidm\IDM.v6.xx.release.3-patch-IREC\IDM.v6.xx.release.3-patch.exe (PUP.Hacktool.Patcher) -> Nenhuma ação foi feita.
C:\Windows\Office15\Activator\OfficeAcT.exe (Spyware.Banker) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso.
(fim)

Citar

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Versão da Base de Dados: v2014.01.24.03
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz :: PC-CRUZ [administrador]
Proteção: Não permitir
24/01/2014 06:09:26
mbam-log-2014-01-24 (06-09-26).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 499275
Tempo decorrido: 3 hora(s), 19 minuto(s), 38 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 8
C:\Program Files (x86)\Internet Download Manager\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Local\Temp\NeroInstallFiles\NERO20131212105334547\ISSetupPrerequisites\opencandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager (IDM) 6.18 Build 12 Full Including Keygen+Patch\(IDM) Keygen + Patch Update 1\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Nero 2014\-patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\raylson.therebels.2014NEPlaT\Patch Kindly\nero.14.platinum.v15.0.02200_patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmpE22F.exe (Trojan.Ransom.ED) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000015 (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Local\Temp\rbbrapgz.exe (Trojan.Ransom.ED) -> Enviado para a Quarentena e deletado com sucesso.
(fim)

 

Citar

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Versão da Base de Dados: v2014.01.25.08
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz :: PC-CRUZ [administrador]
Proteção: Não permitir
26/01/2014 02:46:57
mbam-log-2014-01-26 (02-46-57).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 499900
Tempo decorrido: 3 hora(s), 15 minuto(s), 13 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 5
C:\Program Files (x86)\Internet Download Manager\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Local\Temp\NeroInstallFiles\NERO20131212105334547\ISSetupPrerequisites\opencandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager (IDM) 6.18 Build 12 Full Including Keygen+Patch\(IDM) Keygen + Patch Update 1\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Nero 2014\-patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\raylson.therebels.2014NEPlaT\Patch Kindly\nero.14.platinum.v15.0.02200_patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
(fim)

 

E aqui está uma print vinda da quarentena do NOD32:
14ub3v5.jpg
Modo normal:

Citar

 

GMER 2.1.19355 -
Rootkit scan 2014-01-27 01:45:38
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 ST320LM001_HN-M320MBB rev.2AR10002 298,09GB
Running: qc8e6tnb.exe; Driver: C:\Users\LETICI~1\AppData\Local\Temp\kfrdapog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[992] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff8fa191f6a 4 bytes [19, FA, F8, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[992] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff8fa191f82 4 bytes [19, FA, F8, 7F]
.text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff90f66169a 4 bytes [66, 0F, F9, 7F]
.text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff90f6616a2 4 bytes [66, 0F, F9, 7F]
.text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff90f66181a 4 bytes [66, 0F, F9, 7F]
.text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff90f661832 4 bytes [66, 0F, F9, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [688:704] fffff960009464d0
Thread C:\WINDOWS\system32\svchost.exe [1268:1672] 00007ff907a22b90
Thread C:\WINDOWS\system32\svchost.exe [1268:2728] 00007ff907a267bc
Thread C:\WINDOWS\system32\svchost.exe [1268:2996] 00007ff902562110
Thread C:\WINDOWS\system32\svchost.exe [1268:3020] 00007ff901784608
Thread C:\WINDOWS\system32\svchost.exe [1268:3032] 00007ff9016c1584
Thread C:\WINDOWS\system32\svchost.exe [1268:3056] 00007ff901101b30
Thread C:\WINDOWS\system32\svchost.exe [1296:1676] 00007ff9065d12f8
Thread C:\WINDOWS\system32\svchost.exe [1296:1664] 00007ff9065b3118
Thread [3812:1576] 00007ff9111c2764
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1932:2044] 00000000000ba9e7
---- Processes - GMER 2.1 ----
Process C:\ProgramData\DatacardService\HWDeviceService64.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [1796] 00007ff79f690000
Library C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2524] (FILE NOT FOU 00007ff8fde50000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2524] 00007ff8fcbc0000
Library C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2524](2014-01-16 03:19:07) 00007ff8fbb40000
Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2624] 0000000000400000
Process C:\Users\leticia cruz\AppData\Roaming\VIVO INTERNET\ouc.exe (*** suspicious ***) @ C:\Users\leticia cruz\AppData\Roaming\VIVO INTERNET\ouc.exe [2276] 0000000000400000
Process C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe [3860] 0000000000400000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe [3860](2014-01-03 00:45:04) 0000000003f00000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe [3860](2013-10-18 23:55:02) 000000006a600000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe [3860] 0000000069ad0000
Process C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (*** suspicious ***) @ C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3316] 0000000000d60000
Process C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Com(2013-11-20 22:48:09) 00007ff610b90000
Library C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\msvcr120_app.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Microsoft® C R(2013-10-20 00:48:57) 00007ff8fe790000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\wllog.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Window(2013-11-20 22:48:10) 00007ff900b20000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d(2013-11-20 22:48:10) 00007ff8f4420000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\bici.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Windows(2013-11-20 22:48:09) 00007ff900860000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\Li(2013-11-20 22:48:09) 00007ff8f4130000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----

Modo de segurança:

Citar

 

GMER 2.1.19355 -
Rootkit scan 2014-01-27 02:02:07
Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000033 ST320LM001_HN-M320MBB rev.2AR10002 298,09GB
Running: qc8e6tnb.exe; Driver: C:\Users\LETICI~1\AppData\Local\Temp\kfrdapog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff8038d357a00 26 bytes [80, 1F, AE, FF, 82, 28, 5E, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffa2cc8154a 4 bytes [C8, 2C, FA, 7F]
.text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffa2cc81552 4 bytes [C8, 2C, FA, 7F]
.text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffa2cc8162a 4 bytes [C8, 2C, FA, 7F]
.text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffa2cc81642 4 bytes [C8, 2C, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [460:476] fffff9600094a4d0
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [876] (FILE NOT FOUND 00007ffa2d5e0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! tecnicodehardware

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

advz4z8Y.jpg

|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! tecnicodehardware

|- Baixe: < SFTGC > ( ... de Pierre13 )
|- Salve-o no desktop!
|- Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

SFTGC_Go_zps151dad06.jpg

|- Execute-o e clique "Go".
|- Aguarde seu término,que é rápido.
|- Poste o relatório! ( SFT.txt )
|- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
|- Acesse,para essa tarefa! < Cjoint_Logo.jpg >
|- À seguir,execute e poste o relatório de adwcleaner.

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

http://cjoint.com/14fe/DBdbVwYbzR7.htm



# AdwCleaner v3.018 - Relatório criado 02/02/2014 às 22:58:16
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : leticia cruz - PC-CRUZ
# Executando de : C:\Users\leticia cruz\Desktop\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKLM\Software\Conduit
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Google Chrome v32.0.1700.102
[ Arquivo : C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [930 octets] - [02/02/2014 22:54:00]
AdwCleaner[s0].txt - [793 octets] - [02/02/2014 22:58:16]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [852 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! tecnicodehardware

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chromelook;
firefoxlook;
shortcutfix;
autoclean;
emptytemp;


|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.
|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

Abs!

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by leticia cruz on 03/02/2014 at 19:03:54,79.

Microsoft Windows 8.1 Single Language 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\leticia cruz\Desktop\zoek\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


03/02/2014 19:11:20 Zoek.exe System Restore Point Created Succesfully.


==== Deleting CLSID Registry Keys ======================



==== Deleting CLSID Registry Values ======================



==== Deleting Services ======================



==== Deleting Files \ Folders ======================


C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager deleted

"C:\PROGRA~2\Internet Download Manager\IDMan.exe" deleted

"C:\PROGRA~2\Internet Download Manager\idmmkb.dll" deleted

"C:\PROGRA~2\Internet Download Manager\IDMNetMon64.dll" deleted

"C:\PROGRA~2\Internet Download Manager\IDMShellExt64.dll" deleted

"C:\PROGRA~2\Internet Download Manager\IEMonitor.exe" deleted

"C:\PROGRA~2\Internet Download Manager" not deleted


==== Firefox Extensions Registry ======================


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [22/01/2014 20:11]


==== Chrome Look ======================


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[23/09/2012 20:43]

jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[]


Google Docs - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Last updated at time on date - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Adobe Acrobat - Create PDF - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj

IDM Integration Module - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn

ThemeBeta.com - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehofnfnainbidonokangafhogakodoi

Stop Autoplay for YouTube. - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh

Google Wallet - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia


==== Chrome Fix ======================


C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully

C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully


==== Set IE to Default ======================


Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU


New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"



==== Deleting CLSID Registry Keys ======================


HKEY_USERS\S-1-5-21-3276470861-1064914068-939901412-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully

HKEY_USERS\S-1-5-21-3276470861-1064914068-939901412-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully


==== Deleting CLSID Registry Values ======================



==== shortcuts in Users Start Menu ======================


C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Songr.lnk - C:\Users\leticia cruz\AppData\Local\Songr\Songr.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\GT-B5722.lnk - C:\Program Files (x86)\Bluetooth Suite\Win7UI.exe bc:47:60:55:56:28

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HaZaRD Screensavers\SAO OP1 Screensaver\SAO OP1 Screensaver.lnk - C:\windows\System32\SAO OP1.scr

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HaZaRD Screensavers\SAO OP1 Screensaver\Uninstall SAO OP1 Screensaver.lnk - C:\Program Files (x86)\HaZaRD Screensavers\SAO OP1\Uninstall.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe After Effects CS6.lnk - C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Audition CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Audition CS6\Adobe Audition CS6.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6 (64bit).lnk - C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Dreamweaver CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Encore CS6.lnk - C:\Program Files\Adobe\Adobe Encore CS6\Adobe Encore.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Extension Manager CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Fireworks CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Fireworks CS6\Fireworks.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Flash Professional CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Flash CS6\Flash.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Illustrator CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe InDesign CS6.lnk - C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Media Encoder CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Prelude CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Prelude CS6\Adobe Prelude.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Premiere Pro CS6.lnk - C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe SpeedGrade CS6.lnk - C:\Program Files\Adobe\Adobe SpeedGrade CS6\bin\SpeedGrade.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Uninstall.lnk - C:\Program Files (x86)\Glary Utilities 4\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Website.lnk - C:\Program Files (x86)\Glary Utilities 4\Glary Utilities 4.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk - C:\Program Files (x86)\Internet Download Manager\grabber.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk - C:\Program Files (x86)\Internet Download Manager\idman.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk - C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk - C:\Program Files (x86)\Internet Download Manager\license.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk - C:\Program Files (x86)\Internet Download Manager\tutor.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk - C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Blu-ray Player.lnk - C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter.lnk - C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaBrowser.lnk - C:\Program Files (x86)\Nero\KM\MediaBrowser.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaHome.lnk - C:\Program Files (x86)\Nero\KM\MediaHome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero 2014.lnk - C:\WINDOWS\Installer\{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}\NeroLauncher.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Burning ROM.lnk - C:\WINDOWS\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Disc To Device.lnk - C:\WINDOWS\Installer\{3AD3C0C2-65A2-45AE-BFAF-7879CFFF7DA8}\ScDisc2DeviceStart_31C5D7D15DA846FBB6553A0819A0C381.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Express.lnk - C:\WINDOWS\Installer\{ED7943A4-2FF0-4096-BBEA-DE3CC206E3D4}\ARPPRODUCTICON.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Recode.lnk - C:\WINDOWS\Installer\{5B1886C1-6EFA-4D07-95D3-8B84C743CC71}\ScRecodeStartMenu_563A75F05683422E8C558ED3B6DA617D.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero RescueAgent.lnk - C:\WINDOWS\Installer\{581DCE84-1948-4891-A4A7-A1222CC137C5}\NeroRescueAgent.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Video.lnk - C:\WINDOWS\Installer\{C2A4BAE3-A4E9-4B01-B33D-EF68B976CA70}\ScVisionStartMenu_88036A9DCD1D412A84701A23A35FB37B.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Desinstalar ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\l glp license.lnk - C:\Program Files (x86)\VSO\ConvertX\5\lgpl-2.1.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Translate ConvertXToDVD 5.lnk - C:\ProgramData\VSO\ConvertXToDVD\5\Lang\EditLoc_online.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Drivers\ Instalar.lnk - C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe /install /deletecpl "Install and please reboot once finished..."

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Drivers\ Remover Driver (Modo de Compatibilidade).lnk - C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe /remove /removeatip "Uninstalling... Please reboot aftwerwards"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Drivers\ Verificar.lnk - C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe


==== shortcuts in Quick Launch ======================


C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk - C:\Program Files (x86)\Samsung\Story Album Viewer\HTML5Viewer.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Settings.lnk - C:\Program Files (x86)\Samsung\Settings\sSettings.exe

C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Songr.lnk - C:\Users\leticia cruz\AppData\Local\Songr\Songr.exe

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -


==== Deleting Registry Keys ======================


HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager deleted successfully


==== HijackThis Entries ======================


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\Microsoft Office\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"

O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities 4\memdefrag.exe /autostart

O4 - HKCU\..\Run: [AVworks] regsvr32.exe "C:\Users\leticia cruz\AppData\Local\AVworks\GoogleUpdate.dll"

O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

O4 - Startup: Dropbox.lnk = C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Enviar para o OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - Invalid registry found

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe


==== Empty IE Cache ======================


C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully


==== Empty FireFox Cache ======================


No FireFox Profiles found


==== Empty Chrome Cache ======================


C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=173 folders=17 23932905 bytes)


==== Empty Temp Folders ======================


C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\leticia cruz\AppData\Local\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\WINDOWS\Temp successfully emptied

C:\Users\LETICI~1\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== Deleting Files / Folders ======================


"C:\PROGRA~2\Internet Download Manager" not found


==== EOF on 03/02/2014 at 19:50:55,10 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! tecnicodehardware

|- Seus logs estão limpos! :yes:
|- Remova as ferramentas que foram empregadas,com o DelFix.

-/-

|- Baixe: |DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

aciCkcnc.jpg

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".
|- Tudo Ok?

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o que pediu mas o Bing Desktop não para de criar arquivos temporários infectados com Boaxxe.BE (hoje mesmo o NOD32 detectou mais um) e pra piorar não consigo desinstalá-lo, ele nem aparece em algum desinstalador e o Killbox não o desinstala, aliás nem estando em modo de segurança consigo deletar a pasta dele.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o que pediu mas o Bing Desktop não para de criar arquivos temporários infectados com Boaxxe.BE (hoje mesmo o NOD32 detectou mais um) e pra piorar não consigo desinstalá-lo, ele nem aparece em algum desinstalador e o Killbox não o desinstala, aliás nem estando em modo de segurança consigo deletar a pasta dele.

Boa Tarde! tecnicodehardware

 

|- Baixe,novamente,a ferramenta Zoek.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}=-;r

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.br"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

iedefaults;http://www.google.com.br

C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll;f

C:\ProgramData\Microsoft\BingDesktop\BingCore;fs

C:\ProgramData\Microsoft\BingDesktop;fs

{0633EE93-D776-472f-A0FF-E1416B8B2E3A};c

emptyalltemp;

emptyclsid;

 

|- Cole estas informações que estão em vermelho,no campo da ferramenta.

|- Clique "Run Script".

|- Ao concluir,poste o relatório!

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by leticia cruz on 06/02/2014 at 0:47:12,60.

Microsoft Windows 8.1 Single Language 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\leticia cruz\Desktop\zoek\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


06/02/2014 00:50:59 Zoek.exe System Restore Point Created Succesfully.


==== Deleting CLSID Registry Keys ======================


HKEY_USERS\S-1-5-21-3276470861-1064914068-939901412-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully


==== Deleting CLSID Registry Values ======================



==== Registry Fix Code ======================


Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}=-


==== Deleting Files \ Folders ======================


"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not deleted

"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll" deleted

"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not deleted

"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll" deleted

"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not deleted

"C:\ProgramData\Microsoft\BingDesktop\BingCore" not deleted

"C:\ProgramData\Microsoft\BingDesktop" not deleted

"C:\ProgramData\Microsoft\BingDesktop\BingCore" not deleted


==== Set IE to Default ======================


Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"


New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"



==== Empty IE Cache ======================


C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully


==== Empty FireFox Cache ======================


No FireFox Profiles found


==== Empty Chrome Cache ======================


C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=185 folders=28 28511164 bytes)


==== Empty Temp Folders ======================


C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\leticia cruz\AppData\Local\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\WINDOWS\Temp successfully emptied

C:\Users\LETICI~1\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== Deleting Files / Folders ======================


"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not found

"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not found

"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not found

"C:\ProgramData\Microsoft\BingDesktop\BingCore" not found

"C:\ProgramData\Microsoft\BingDesktop" not found


==== EOF on 06/02/2014 at 1:03:22,83 ======================






Agora deletou.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! tecnicodehardware

Agora deletou.

|- Se o problema foi resolvido,execute a ferramenta DelFix,conforme instruções anteriores.
|- Tudo Ok?

Abs!

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
# DelFix v10.6 - Logfile created 06/02/2014 at 20:58:25

# Updated 11/11/2013 by Xplode

# Username : leticia cruz - PC-CRUZ

# Operating System : Windows 8.1 Single Language (64 bits)


~ Removing disinfection tools ...


Deleted : C:\zoek-results.log

Deleted : C:\Users\leticia cruz\Downloads\RogueKiller.exe


~ Cleaning system restore ...


Deleted : RP #32 [End of disinfection | 02/04/2014 16:46:11]

Deleted : RP #33 [zoek.exe restore point | 02/06/2014 02:49:49]


New restore point created !


########## - EOF - ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! tecnicodehardware

 

Tudo Ok? :thumbsup:

Foi resolvido?

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.