Ir para conteúdo

  • Entrar usando o Facebook Entrar usando o Twitter Entrar usando o Windows Live Login com Steam Login com Google      Entrar   
  • Cadastre-se

Ícone Classificados

Adicionar um Anúncio

Redes Sociais

Membros mais bem avaliados

Membros VIP mais recentes


Foto
- - - - -

[RESOLVIDO] remoçao de malwares


  • Este tópico está fechado Este tópico está fechado
14 respostas neste tópico

#1 cauê

cauê
  • Membros Juniores
  • 7 posts
  • Membro desde 21/01/2014
0
Neutra
  • salvador

Postado 21 de janeiro de 2014 - 20h19min

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Caue at 20:27:18 on 2014-01-21
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6009.2728 [GMT -2:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Mobogenie\MgAssist.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\mesmo\McSmtFwk.exe
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.198\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.68\deploy\LolClient.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files (x86)\plus-hd-5.0\plus-hd-5.0-bg.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:newtab
uSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
uSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
uDefault_Page_URL = hxxp://dell13.msn.com
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mWinlogon: Userinit = userinit.exe
BHO: Plus-HD-5.0: {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll
BHO: BonanzaDeals: {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Caue\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
mPolicies-System: DisableCAD = dword:1
TCP: NameServer = 192.168.25.1
TCP: Interfaces\{413AC885-83F0-409A-8CE7-7F0FAB0C4782} : DHCPNameServer = 10.42.0.251 10.42.0.252
TCP: Interfaces\{FE69A7ED-7D6B-4B58-B90B-ED1240045A44} : DHCPNameServer = 192.168.25.1
TCP: Interfaces\{FE69A7ED-7D6B-4B58-B90B-ED1240045A44}\746545D244443453 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FE69A7ED-7D6B-4B58-B90B-ED1240045A44}\746545D263131323 : DHCPNameServer = 192.168.25.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
x64-BHO: Plus-HD-5.0: {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Run: [DellWPF] <no file>
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-3-28 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-3-28 30496]
R0 rtcrfilt64;Realtek Turbo Mode Filter Driver;C:\Windows\System32\Drivers\rtcrfilt64.sys [2013-3-28 19600]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-3-28 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-3-28 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-8-31 216192]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-28 7168]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-3-28 2464400]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-28 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-19 701512]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-10-3 178048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 311120]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-10-3 1025232]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-3-28 219272]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 782360]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-3-28 182752]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 343696]
R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-1-19 63168]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-3-28 1914728]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-28 365376]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-3-28 77824]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-8-31 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-8-31 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-8-31 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-8-31 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-8-31 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-8-31 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-8-31 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-31 575128]
R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\Drivers\IntcDAud.sys [2013-3-28 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-1-19 25928]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2013-11-26 411944]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-28 690832]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-3-28 43832]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69344]
S2 bonanzadealslive;Serviço do BonanzaDealsLive (bonanzadealslive);C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-9-23 148976]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-6-19 173056]
S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-4-30 201304]
S3 bonanzadealslivem;Serviço do BonanzaDealsLive (bonanzadealslivem);C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-9-23 148976]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-3-28 10752]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-3-28 332080]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2013-11-26 96112]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\Drivers\nvstusb.sys [2013-3-28 447928]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-3-28 317584]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-3-28 41272]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
.
=============== Created Last 30 ================
.
2014-01-21 18:41:54 -------- d-----w- C:\Users\Caue\AppData\Local\ElevatedDiagnostics
2014-01-19 19:37:15 -------- d-----w- C:\Program Files (x86)\Mobogenie
2014-01-19 19:23:57 -------- d-----w- C:\Users\Caue\AppData\Roaming\Malwarebytes
2014-01-19 19:23:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-19 19:23:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-19 19:23:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 15:17:10 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10230.bin
2014-01-15 23:10:06 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2014-01-15 17:21:15 915968 ----a-w- C:\Windows\System32\MPSSVC.dll
2014-01-15 17:21:15 758784 ----a-w- C:\Windows\System32\FirewallAPI.dll
2014-01-15 17:21:15 588288 ----a-w- C:\Windows\System32\SHCore.dll
2014-01-15 17:21:15 550400 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll
2014-01-15 17:21:15 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2014-01-15 17:21:14 86016 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-01-15 17:21:14 227840 ----a-w- C:\Windows\System32\WebClnt.dll
2014-01-15 17:21:14 199168 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-01-15 17:21:14 104448 ----a-w- C:\Windows\System32\davclnt.dll
2014-01-15 17:21:14 100696 ----a-w- C:\Windows\System32\drivers\disk.sys
2014-01-15 17:21:13 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys
2014-01-15 17:19:38 688640 ----a-w- C:\Windows\System32\WSShared.dll
2014-01-15 17:19:38 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-01-15 17:19:37 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 17:19:37 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-10 20:36:54 -------- d-----w- C:\Users\Caue\AppData\Roaming\Baidu Security
2014-01-10 20:36:37 -------- d-----w- C:\ProgramData\Log
2014-01-10 20:35:31 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-01-10 20:35:26 -------- d-----w- C:\ProgramData\Baidu Security
2014-01-10 20:35:26 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-10 20:22:52 -------- d-----w- C:\Users\Caue\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2014-01-10 20:22:06 -------- d-----w- C:\Program Files (x86)\Plus-HD-5.0
2014-01-10 20:21:02 18816 ----a-w- C:\Windows\System32\roboot64.exe
2014-01-10 20:20:46 -------- d-----w- C:\Users\Caue\AppData\Roaming\systweak
2014-01-10 20:20:32 -------- d-----w- C:\Program Files (x86)\SquirrelWeb
2014-01-10 20:19:19 824400 ----a-w- C:\Users\Caue\AppData\Local\AnyProtectScannerSetup.exe
2014-01-10 20:19:12 -------- d-----w- C:\Program Files (x86)\AnyProtectEx
2014-01-10 20:17:21 -------- d-----w- C:\Users\Caue\.android
2014-01-10 20:17:19 -------- d-----w- C:\Users\Caue\AppData\Roaming\newnext.me
2014-01-10 20:17:19 -------- d-----w- C:\Users\Caue\AppData\Local\cache
2014-01-10 20:17:18 -------- d-----w- C:\Users\Caue\AppData\Local\Mobogenie
2014-01-10 20:17:18 -------- d-----w- C:\Users\Caue\AppData\Local\genienext
.
==================== Find3M  ====================
.
2014-01-09 08:02:07 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-09 08:02:07 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-27 00:07:44 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-11-27 00:07:22 96112 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-11-27 00:07:02 411944 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-11-04 18:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-11-04 18:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-11-04 18:46:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-11-04 18:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-11-04 18:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-11-04 18:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-11-04 18:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-11-04 18:28:52 69344 ----a-w- C:\Windows\System32\drivers\mfeelamk.sys
2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
.
============= FINISH: 20:28:00,19 ===============



#2 diego_moicano

diego_moicano
  • Analistas de Segurança
  • 9.235 posts
  • Membro desde 08/09/2007
207
Excepcional
  • São Sebastião - SP

Postado 22 de janeiro de 2014 - 18h48min

Caro cauê
 
Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!
  • # Etapa nº 1 #
     
    Faça o download Junkware Removal Tool e salve em seu Desktop.
    • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
    • Clique duas vezes JRT.exe
      • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.
    • Seja paciente e aguarde o scan terminar.
    • Abra o log JRT.txt que está em seu Desktop.
    • Copie todo conteúdo e cole em sua próximo mensagem.
     
    # Etapa nº 2 #
     
    • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.
  •  
    # Etapa nº 3 #
     
    Leia as instruções contidas neste link:
     
     
     
     
    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
  • Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:
  • Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Duplo clique no icone desktopicon.png que está no desktop.
  • Leia e aceite as condições, digitando 1 e enter.
  • Computadores com Windows XP deverão instalar o Console de Recuperação:
  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
  • O ComboFix será executado, por favor seja paciente e aguarde.
  • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  • Poderá surgir o aviso que é necessário reiniciar o computador.
  • NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

  • NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.
  • Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #3 cauê

    cauê
    • Membros Juniores
    • 7 posts
    • Membro desde 21/01/2014
    0
    Neutra
    • salvador

    Postado 01 de fevereiro de 2014 - 23h18min

    # AdwCleaner v3.018 - Relatório criado 01/02/2014 às 23:37:55
    # Atualizado 28/01/2014 por Xplode
    # Sistema Operacional : Windows 8 Single Language  (64 bits)
    # Usuário : Caue - PC
    # Executando de : C:\Users\Caue\Downloads\AdwCleaner.exe
    # Opção : Examinar
     
    ***** [ Serviços ] *****
     
    Serviço Encontrado : bonanzadealslive
    Serviço Encontrado : bonanzadealslivem
     
    ***** [ Arquivos / Pastas ] *****
     
    Arquivo Encontrado : C:\Windows\System32\roboot64.exe
    Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsUpdate
    Arquivo Encontrado : C:\Windows\System32\Tasks\RegClean Pro
    Arquivo Encontrado : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
    Arquivo Encontrado : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
    Pasta Encontrado C:\Program Files (x86)\Plus-HD-5.0
    Pasta Encontrado C:\Users\Caue\AppData\LocalLow\Plus-HD-5.0
    Pasta Encontrado C:\Windows\SysWOW64\Searchprotect
     
    ***** [ Atalhos ] *****
     
     
    ***** [ Registro ] *****
     
    Chave Encontrada : HKCU\Software\AppDataLow\Software\Plus-HD-5.0
    Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
    Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
    Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
    Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
    Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-5.0
    Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
    Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
    Chave Encontrada : HKLM\Software\Plus-HD-5.0
    Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
     
    ***** [ Navegadores ] *****
     
    -\\ Internet Explorer v10.0.9200.16537
     
    Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s
    Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s
     
    -\\ Google Chrome v32.0.1700.102
     
    [ Arquivo : C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [5824 octets] - [01/02/2014 23:37:55]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5884 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 8 Single Language x64
    Ran by Caue on 01/02/2014 at 23:16:56,40
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
     
        Value Name          Type                             Value Data                     
    ========================================================================================
        NextLive    REG_SZ    C:\Windows\SysWOW64\rundll32.exe "C:\Users\Caue\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
     
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bonanzadealslive.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickctrl.9
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickprocesslaunchermachine
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickprocesslaunchermachine.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.update3webcontrol.3
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.cocreateasync
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.cocreateasync.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coreclass
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coreclass.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coremachineclass
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coremachineclass.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.credentialdialogmachine
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.credentialdialogmachine.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachine
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachine.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachinefallback
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachinefallback.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclasssvc
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclasssvc.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.processlauncher
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.processlauncher.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3comclassservice
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3comclassservice.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachine
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachine.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachinefallback
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachinefallback.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3websvc
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3websvc.1.0
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bonanza deals
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\regclean pro_is1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.BHO
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.BHO.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.Sandbox
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.Sandbox.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411771118}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422772218}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455775518}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466776618}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444774418}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411771118}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422772218}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455775518}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466776618}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444774418}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.BHO
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.BHO.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.Sandbox
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.Sandbox.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455775518}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466776618}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444774418}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411771118}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455775518}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466776618}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444774418}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{821C0E81-3B91-448D-AB7C-B44E7912C900}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
    Successfully deleted: [File] C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
    Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
    Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
    Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-enabler.job
    Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
    Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-updater.job
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\bonanzadealslive"
    Successfully deleted: [Folder] "C:\Program Files (x86)\allin1convert_8hei"
    Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadeals"
    Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadealslive"
    Successfully deleted: [Folder] "C:\Program Files (x86)\squirrelweb"
     
     
     
    ~~~ Chrome
     
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01/02/2014 at 23:25:42,29
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    #4 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.235 posts
    • Membro desde 08/09/2007
    207
    Excepcional
    • São Sebastião - SP

    Postado 03 de fevereiro de 2014 - 11h19min

    Falta o log do ComboFix.


    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #5 cauê

    cauê
    • Membros Juniores
    • 7 posts
    • Membro desde 21/01/2014
    0
    Neutra
    • salvador

    Postado 03 de fevereiro de 2014 - 21h39min

    ComboFix 14-02-03.01 - Caue 03/02/2014  21:29:13.1.4 - x64
    Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6009.2634 [GMT -2:00]
    Executando de: c:\users\Caue\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Criado um novo ponto de restauração
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll
    c:\users\Caue\AppData\Local\AnyProtectScannerSetup.exe
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-03 to 2014-02-03  ))))))))))))))))))))))))))))
    .
    .
    2014-02-03 23:45 . 2014-02-03 23:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-02-03 23:45 . 2014-02-03 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-02 01:33 . 2014-02-02 01:38 -------- d-----w- C:\AdwCleaner
    2014-01-24 00:09 . 2014-01-24 00:09 246960 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin
    2014-01-21 18:41 . 2014-01-21 18:41 -------- d-----w- c:\users\Caue\AppData\Local\ElevatedDiagnostics
    2014-01-20 02:23 . 2014-01-20 02:23 -------- d-----w- c:\users\Public\Nova pasta
    2014-01-19 19:37 . 2014-01-27 12:06 -------- d-----w- c:\program files (x86)\Mobogenie
    2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\users\Caue\AppData\Roaming\Malwarebytes
    2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\programdata\Malwarebytes
    2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-01-19 19:23 . 2013-04-04 16:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-01-15 23:10 . 2014-01-15 23:10 -------- d-----w- c:\windows\SysWow64\SearchProtect
    2014-01-15 17:21 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll
    2014-01-15 17:21 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll
    2014-01-15 17:21 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll
    2014-01-15 17:21 . 2013-10-28 05:50 588288 ----a-w- c:\windows\system32\SHCore.dll
    2014-01-15 17:21 . 2013-10-28 04:05 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
    2014-01-15 17:21 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys
    2014-01-15 17:21 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll
    2014-01-15 17:21 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll
    2014-01-15 17:21 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll
    2014-01-15 17:21 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
    2014-01-15 17:21 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
    2014-01-15 17:19 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll
    2014-01-15 17:19 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
    2014-01-15 17:19 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-01-15 17:19 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-01-10 20:36 . 2014-01-10 20:36 -------- d-----w- c:\users\Caue\AppData\Roaming\Baidu Security
    2014-01-10 20:36 . 2014-01-10 20:55 -------- d-----w- c:\programdata\Log
    2014-01-10 20:35 . 2014-01-10 20:46 -------- d-----w- c:\program files (x86)\VideoLAN
    2014-01-10 20:35 . 2014-01-10 20:36 -------- d-----w- c:\programdata\Baidu Security
    2014-01-10 20:35 . 2014-01-10 20:35 -------- d-----w- c:\program files (x86)\Baidu Security
    2014-01-10 20:22 . 2014-01-10 20:22 -------- d-----w- c:\users\Caue\AppData\Roaming\0C1I1L1R1J0M1P0I1G
    2014-01-10 20:22 . 2014-01-10 20:22 -------- d-----w- c:\program files (x86)\Plus-HD-5.0
    2014-01-10 20:21 . 2012-01-20 16:14 18816 ----a-w- c:\windows\system32\roboot64.exe
    2014-01-10 20:19 . 2014-01-10 20:55 -------- d-----w- c:\program files (x86)\AnyProtectEx
    2014-01-10 20:17 . 2014-01-10 20:17 -------- d-----w- c:\users\Caue\.android
    2014-01-10 20:17 . 2014-01-27 12:05 -------- d-----w- c:\users\Caue\AppData\Local\cache
    2014-01-10 20:17 . 2014-01-20 03:29 -------- d-----w- c:\users\Caue\AppData\Roaming\newnext.me
    2014-01-10 20:17 . 2014-01-19 19:52 -------- d-----w- c:\users\Caue\AppData\Local\Mobogenie
    2014-01-10 20:17 . 2014-01-19 19:49 -------- d-----w- c:\users\Caue\AppData\Local\genienext
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-15 17:27 . 2013-05-01 16:13 86054176 ----a-w- c:\windows\system32\MRT.exe
    2014-01-09 08:02 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-09 08:02 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-05 18:51 . 2012-06-22 10:40 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2013-12-05 18:45 . 2012-06-22 10:38 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2013-12-05 18:44 . 2013-03-28 05:44 184800 ----a-w- c:\windows\system32\mfevtps.exe
    2013-12-05 18:41 . 2012-06-22 10:36 782616 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2013-12-05 18:39 . 2012-06-22 10:35 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2013-12-05 18:37 . 2012-06-22 10:34 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2013-12-05 18:36 . 2012-06-22 10:34 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2013-12-05 18:25 . 2012-06-18 15:29 69344 ----a-w- c:\windows\system32\drivers\mfeelamk.sys
    2013-11-27 00:07 . 2013-11-27 00:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2013-11-27 00:07 . 2013-11-27 00:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2013-11-27 00:07 . 2013-11-27 00:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2013-11-23 06:43 . 2013-12-12 15:56 420864 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-11-23 05:05 . 2013-12-12 15:56 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-11-06 23:18 . 2013-12-12 15:56 4036608 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NextLive"="c:\users\Caue\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
    "mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-27 775872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableCursorSuppression"= 1 (0x1)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AutoUpdateDisableNotify"=dword:00000001
    .
    R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
    R2 0242881390759792mcinstcleanup;McAfee Application Installer Cleanup (0242881390759792);c:\windows\TEMP\024288~1.EXE;c:\windows\TEMP\024288~1.EXE [x]
    R2 bonanzadealslive;Serviço do BonanzaDealsLive (bonanzadealslive);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
    R3 bonanzadealslivem;Serviço do BonanzaDealsLive (bonanzadealslivem);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]
    R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\System32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
    R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
    R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\System32\drivers\rtcrfilt64.sys;c:\windows\SYSNATIVE\drivers\rtcrfilt64.sys [x]
    S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S2 MgAssistService;MgAssist Service;c:\program files (x86)\Mobogenie\MgAssist.exe;c:\program files (x86)\Mobogenie\MgAssist.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
    S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
    S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
    S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
    S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-01-29 14:45 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]
    .
    2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}]
    2014-01-10 20:22 973672 ----a-w- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-09-01 6839952]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-17 1215632]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
    "BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-08-31 764544]
    "BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-08-31 127616]
    "IntelTBRunOnce"="wscript.exe" [2012-07-26 160256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:newtab
    uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    TCP: DhcpNameServer = 192.168.25.1
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    BHO-{fe063412-bea4-4d76-8ed3-183be6220d17} - c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
    Toolbar-Locked - (no file)
    HKLM-Run-DellWPF - (no file)
    .
    .
    .
    Tempo para conclusão: 2014-02-03  22:08:09
    ComboFix-quarantined-files.txt  2014-02-04 00:08
    .
    Pré-execução: 894.232.543.232 bytes disponíveis
    Pós execução: 894.768.365.568 bytes disponíveis
    .
    - - End Of File - - AA4F3B418AE171B3511DDAD667E92BF8


    #6 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.235 posts
    • Membro desde 08/09/2007
    207
    Excepcional
    • São Sebastião - SP

    Postado 06 de fevereiro de 2014 - 09h02min

    Caro cauê

     

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
    File::
    c:\windows\TEMP\024288~1.EXE
    c:\windows\System32\drivers\BprotectEx.sys
     
    Folder::
    c:\windows\SysWow64\SearchProtect
    c:\users\Caue\AppData\Roaming\newnext.me
    c:\program files (x86)\BonanzaDealsLive
    C:\Users\Caue\AppData\Roaming\Baidu Security
    C:\ProgramData\Baidu Security
    C:\Program Files (x86)\Baidu Security
    c:\program files (x86)\Plus-HD-5.0
     
    DDS::
    uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
    mSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
     
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NextLive"=-
     
    Driver::
    0242881390759792mcinstcleanup
    bonanzadealslive
    bonanzadealslivem
    BprotectEx
    PCFApiUtil
    • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • 2872959479_997d4500c4_o.gif
     
    Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #7 cauê

    cauê
    • Membros Juniores
    • 7 posts
    • Membro desde 21/01/2014
    0
    Neutra
    • salvador

    Postado 06 de fevereiro de 2014 - 13h21min

    ComboFix 14-02-05.02 - Caue 06/02/2014  13:27:20.3.4 - x64
    Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6009.2821 [GMT -2:00]
    Executando de: c:\users\Caue\Downloads\ComboFix.exe
    Comandos utilizados :: c:\users\Caue\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Criado um novo ponto de restauração
    .
    FILE ::
    "c:\windows\System32\drivers\BprotectEx.sys"
    "c:\windows\TEMP\024288~1.EXE"
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Baidu Security
    c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\t3.db
    c:\program files (x86)\Plus-HD-5.0
    c:\program files (x86)\Plus-HD-5.0\47718.crx
    c:\program files (x86)\Plus-HD-5.0\47718.xpi
    c:\program files (x86)\Plus-HD-5.0\background.html
    c:\program files (x86)\Plus-HD-5.0\Installer.log
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bg.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil.dll
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil64.dll
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil64.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-chromeinstaller.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-codedownloader.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-enabler.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-firefoxinstaller.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-helper.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-updater.exe
    c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0.ico
    c:\program files (x86)\Plus-HD-5.0\Uninstall.exe
    c:\program files (x86)\Plus-HD-5.0\utils.exe
    c:\programdata\Baidu Security
    c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\optbt.dat
    c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\opthis.dat
    c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\optignore.dat
    c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\snopthis.dat
    c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-03-54-0168-[0498].dat
    c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-46-53-0673-[29932].dat
    c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-47-00-0299-[29955].dat
    c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-48-20-0552-[30216].dat
    c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-48-54-0567-[30327].dat
    c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-50-30-0326-[30641].dat
    c:\programdata\Baidu Security\RpData\rpFile-PCFaster-2014-01-10 01-47-05-0718-[29971].dat
    c:\programdata\Baidu Security\RpData\rpFile-PCFasterSvc-2014-01-10 01-56-58-0709-[31908].dat
    c:\programdata\Baidu Security\RpData\rpFile-PCFPopups-2014-01-10 01-46-01-0762-[29762].dat
    c:\programdata\Baidu Security\RpData\rpFile-PCFPopups-2014-01-10 01-58-38-0247-[32234].dat
    c:\programdata\Baidu Security\RpData\rpFile-PcfTray-2014-01-10 01-59-05-0051-[32323].dat
    c:\programdata\Baidu Security\RpData\rpFile-Updater-2014-01-10 01-56-24-0942-[31797].dat
    c:\programdata\Baidu Security\RpData\rpFile-Updater-2014-01-10 01-58-38-0107-[32234].dat
    c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\b1cd2350-1a70-4fd2-9b75-98208aace99a.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll
    c:\programdata\PCDr\6422\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll
    c:\users\Caue\AppData\Roaming\Baidu Security
    c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\FasterNow\FasterNow.db
    c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\Communication.dll
    c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\InstallUtility.dll
    c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\log.dll
    c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall\0\Communication.dll
    c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall\0\InstallUtility.dll
    c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall\0\log.dll
    c:\users\Caue\AppData\Roaming\newnext.me
    c:\users\Caue\AppData\Roaming\newnext.me\cache\spark.bin
    c:\users\Caue\AppData\Roaming\newnext.me\nengine.cookie
    c:\users\Caue\AppData\Roaming\newnext.me\nengine.dll
    c:\windows\SysWow64\SearchProtect
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_0242881390759792mcinstcleanup
    -------\Service_bonanzadealslive
    -------\Service_bonanzadealslivem
    -------\Service_BprotectEx
    -------\Service_PCFApiUtil
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-06 to 2014-02-06  ))))))))))))))))))))))))))))
    .
    .
    2014-02-06 15:48 . 2014-02-06 15:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-02-06 15:48 . 2014-02-06 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-04 21:32 . 2014-02-04 21:32 240816 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10232.bin
    2014-02-02 01:33 . 2014-02-02 01:38 -------- d-----w- C:\AdwCleaner
    2014-01-21 18:41 . 2014-01-21 18:41 -------- d-----w- c:\users\Caue\AppData\Local\ElevatedDiagnostics
    2014-01-20 02:23 . 2014-01-20 02:23 -------- d-----w- c:\users\Public\Nova pasta
    2014-01-19 19:37 . 2014-01-27 12:06 -------- d-----w- c:\program files (x86)\Mobogenie
    2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\users\Caue\AppData\Roaming\Malwarebytes
    2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\programdata\Malwarebytes
    2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-01-19 19:23 . 2013-04-04 16:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-01-15 17:21 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll
    2014-01-15 17:21 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll
    2014-01-15 17:21 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll
    2014-01-15 17:21 . 2013-10-28 05:50 588288 ----a-w- c:\windows\system32\SHCore.dll
    2014-01-15 17:21 . 2013-10-28 04:05 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
    2014-01-15 17:21 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys
    2014-01-15 17:21 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll
    2014-01-15 17:21 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll
    2014-01-15 17:21 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll
    2014-01-15 17:21 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
    2014-01-15 17:21 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
    2014-01-15 17:19 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll
    2014-01-15 17:19 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
    2014-01-15 17:19 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-01-15 17:19 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-01-10 20:36 . 2014-01-10 20:55 -------- d-----w- c:\programdata\Log
    2014-01-10 20:35 . 2014-01-10 20:46 -------- d-----w- c:\program files (x86)\VideoLAN
    2014-01-10 20:22 . 2014-01-10 20:22 -------- d-----w- c:\users\Caue\AppData\Roaming\0C1I1L1R1J0M1P0I1G
    2014-01-10 20:21 . 2012-01-20 16:14 18816 ----a-w- c:\windows\system32\roboot64.exe
    2014-01-10 20:19 . 2014-01-10 20:55 -------- d-----w- c:\program files (x86)\AnyProtectEx
    2014-01-10 20:17 . 2014-01-10 20:17 -------- d-----w- c:\users\Caue\.android
    2014-01-10 20:17 . 2014-01-27 12:05 -------- d-----w- c:\users\Caue\AppData\Local\cache
    2014-01-10 20:17 . 2014-01-19 19:52 -------- d-----w- c:\users\Caue\AppData\Local\Mobogenie
    2014-01-10 20:17 . 2014-01-19 19:49 -------- d-----w- c:\users\Caue\AppData\Local\genienext
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-15 17:27 . 2013-05-01 16:13 86054176 ----a-w- c:\windows\system32\MRT.exe
    2014-01-09 08:02 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-09 08:02 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-05 18:51 . 2012-06-22 10:40 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2013-12-05 18:45 . 2012-06-22 10:38 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2013-12-05 18:44 . 2013-03-28 05:44 184800 ----a-w- c:\windows\system32\mfevtps.exe
    2013-12-05 18:41 . 2012-06-22 10:36 782616 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2013-12-05 18:39 . 2012-06-22 10:35 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2013-12-05 18:37 . 2012-06-22 10:34 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2013-12-05 18:36 . 2012-06-22 10:34 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2013-12-05 18:25 . 2012-06-18 15:29 69344 ----a-w- c:\windows\system32\drivers\mfeelamk.sys
    2013-11-27 00:07 . 2013-11-27 00:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2013-11-27 00:07 . 2013-11-27 00:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2013-11-27 00:07 . 2013-11-27 00:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    2013-11-23 06:43 . 2013-12-12 15:56 420864 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-11-23 05:05 . 2013-12-12 15:56 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}]
    c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
    "mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-27 775872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableCursorSuppression"= 1 (0x1)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AutoUpdateDisableNotify"=dword:00000001
    .
    R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
    R2 0227081391702538mcinstcleanup;McAfee Application Installer Cleanup (0227081391702538);c:\windows\TEMP\022708~1.EXE;c:\windows\TEMP\022708~1.EXE [x]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\System32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
    R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\System32\drivers\rtcrfilt64.sys;c:\windows\SYSNATIVE\drivers\rtcrfilt64.sys [x]
    S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S2 MgAssistService;MgAssist Service;c:\program files (x86)\Mobogenie\MgAssist.exe;c:\program files (x86)\Mobogenie\MgAssist.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
    S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
    S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
    S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
    S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-02-04 02:45 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]
    .
    2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellWPF"="" [BU]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-09-01 6839952]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-17 1215632]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
    "BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-08-31 764544]
    "BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-08-31 127616]
    "IntelTBRunOnce"="wscript.exe" [2012-07-26 160256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:newtab
    mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
    TCP: DhcpNameServer = 192.168.25.1
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-Plus-HD-5.0 - c:\program files (x86)\Plus-HD-5.0\Uninstall.exe
    .
    .
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Dell Backup and Recovery\TOASTER.EXE
    .
    **************************************************************************
    .
    Tempo para conclusão: 2014-02-06  14:16:44 - Máquina reiniciou
    ComboFix-quarantined-files.txt  2014-02-06 16:16
    ComboFix2.txt  2014-02-04 00:08
    .
    Pré-execução: 894.376.828.928 bytes disponíveis
    Pós execução: 898.199.003.136 bytes disponíveis
    .
    - - End Of File - - 21296675402CD2D78E52ABE653CB8B08


    #8 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.235 posts
    • Membro desde 08/09/2007
    207
    Excepcional
    • São Sebastião - SP

    Postado 09 de fevereiro de 2014 - 19h40min

    Caro cauê
     
    Note: você somente pode ter um antivírus funcionado ;)

    AV: McAfee Anti-Virus and Anti-Spyware
    AV: Windows Defender

     

     

    Faça o download do Malwarebytes Anti-Malware:
    • Link1
    • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.
    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.
     
    Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #9 cauê

    cauê
    • Membros Juniores
    • 7 posts
    • Membro desde 21/01/2014
    0
    Neutra
    • salvador

    Postado 10 de fevereiro de 2014 - 18h57min

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Versão da Base de Dados:  v2014.02.10.07
     
    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16750
    Caue :: PC [administrador]
     
    10/02/2014 19:48:33
    mbam-log-2014-02-10 (19-48-33).txt
     
    Tipo de Verificação:  Verificação Rápida 
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados:  236265
    Tempo decorrido: 6 minuto(s), 46 segundo(s)
     
    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Chaves de Registro Detectadas: 12
    HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 
    HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 
    HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 
    HKCR\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
    HKCR\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\Plus-HD-5.0 (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 
     
    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Itens de Dados no Registro Detectadas: 6
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchURL|(Default) (PUP.Optional.SearchCertifiedTB.A) -> Ruim: (http://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s) Bom: (http://www.google.com/) -> Nenhuma ação foi feita. 
    HKCU\Software\Microsoft\Internet Explorer\SearchURI|(Default) (PUP.Optional.SearchCertifiedTB.A) -> Ruim: (http://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s) Bom: (http://www.google.com) -> Nenhuma ação foi feita. 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso.
     
    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Arquivos Detectados: 5
    C:\Users\Caue\Downloads\478-Mobogenie_Setup_2.1.37_21.exe (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita. 
    C:\Users\Caue\Downloads\ZipSetup (1).exe (PUP.Optional.JumpyApps) -> Nenhuma ação foi feita. 
    C:\Users\Caue\Downloads\ZipSetup.exe (PUP.Optional.JumpyApps) -> Nenhuma ação foi feita. 
    C:\Users\Caue\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita. 
    C:\Users\Caue\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 
     
    (fim)


    #10 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.235 posts
    • Membro desde 08/09/2007
    207
    Excepcional
    • São Sebastião - SP

    Postado 13 de fevereiro de 2014 - 09h11min

    Amigo, você precisa remover as infecções encontradas acima, veja você optou por Nenhuma ação foi feita. Faça um novo scan e peça para remover. ;)


    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #11 cauê

    cauê
    • Membros Juniores
    • 7 posts
    • Membro desde 21/01/2014
    0
    Neutra
    • salvador

    Postado 13 de fevereiro de 2014 - 12h52min

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Versão da Base de Dados:  v2014.02.10.07
     
    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16798
    Caue :: PC [administrador]
     
    13/02/2014 13:46:27
    mbam-log-2014-02-13 (13-46-27).txt
     
    Tipo de Verificação:  Verificação Rápida 
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados:  235854
    Tempo decorrido: 3 minuto(s), 6 segundo(s)
     
    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Chaves de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Itens de Dados no Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Arquivos Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    (fim)


    #12 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.235 posts
    • Membro desde 08/09/2007
    207
    Excepcional
    • São Sebastião - SP

    Postado 16 de fevereiro de 2014 - 09h36min

    Caro cauê

     

    # Etapa nº 1 #
     
    Faça o download do Kaspersky AVP Tool de um desses links:
     
  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
  • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador
    • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:
  •  
    KRT_settings.png
     
    Nesta tela, marque a caixa ao lado de:
  • Meu Computador; 
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.
  •  
    KRT_install2_.png
     
  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).
  •  
    KRT_detection_.png
     
    Uma vez finalizado o scan, proceda da seguinte forma:
  • Na tela principal, caso tenha sido detectado algo, então salve o log
  • Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  • Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
  • Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  • Escolha um local de fácil acesso e salve como log.txt
  • Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  • Se nada for detectado, então não precisa salvar o log, apenas avise.
  • Para sair do programa, basta clicar no X no canto superior direito.
  •  

    Observações: Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado; e na cor vermelha, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

     
    # Etapa nº 2 #
     
    Faça o download do SecurityCheck e salve em seu Desktop
  • Clique duas vezes no SecurityCheck.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta
  • Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #13 cauê

    cauê
    • Membros Juniores
    • 7 posts
    • Membro desde 21/01/2014
    0
    Neutra
    • salvador

    Postado 18 de fevereiro de 2014 - 00h26min

     Results of screen317's Security Check version 0.99.79  
       x64 (UAC is enabled)  
     Internet Explorer 10 Out of date! 
    ``````````````Antivirus/Firewall Check:`````````````` 
    McAfee Anti-Virus and Anti-Spyware   
    Windows Defender                     
     WMI entry may not exist for antivirus; attempting automatic update. 
    `````````Anti-malware/Other Utilities Check:````````` 
     Google Chrome 32.0.1700.102  
     Google Chrome 32.0.1700.107  
    ````````Process Check: objlist.exe by Laurent````````  
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbamgui.exe  
     Caue Desktop Virus Removal Tool setup_9.0.1.722_17.02.2014_06-38\setup_9.0.1.722_17.02.2014_06-38.exe 
     Malwarebytes' Anti-Malware mbamscheduler.exe   
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C:  % 
    ````````````````````End of Log`````````````````````` 
    Verificação automática: interrompido 14 horas atrás   (eventos: 11, objetos: 215778, hora: 09:09:53)
    17/02/2014 10:07:24 Tarefa interrompida Ação padrão selecionada
    17/02/2014 10:07:17 Erro de processamento C:\Documents and Settings\Todos os Usuários\Overwolf\Setup\213\OverwolfSetup.msi/_6684ECD76685B9F84B7AAA2A563D9D2E Erro de leitura
    17/02/2014 10:05:33 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
    17/02/2014 10:05:01 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
    17/02/2014 01:43:26 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 01:43:26 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 01:41:36 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
    17/02/2014 01:38:56 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 01:38:56 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 01:36:53 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
    17/02/2014 00:57:31 Tarefa iniciada Ação padrão selecionada
    Verificação automática: concluído 1 minuto atrás   (eventos: 22, objetos: 959940, hora: 05:16:45)
    17/02/2014 19:00:54 Tarefa iniciada Ação padrão selecionada
    17/02/2014 19:19:41 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 19:19:41 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 19:27:51 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 19:27:51 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 20:25:29 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
    17/02/2014 20:26:54 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
    17/02/2014 20:35:19 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 20:35:19 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 20:37:53 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
    17/02/2014 20:39:45 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 20:39:45 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 20:40:29 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
    17/02/2014 22:10:11 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 22:10:11 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 22:22:01 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 22:22:01 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 23:13:29 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 23:13:29 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    17/02/2014 23:18:16 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
    17/02/2014 23:18:16 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
    18/02/2014 00:17:39 Tarefa concluída Ação padrão selecionada


    #14 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.235 posts
    • Membro desde 08/09/2007
    207
    Excepcional
    • São Sebastião - SP

    Postado 19 de fevereiro de 2014 - 09h51min

    Caro cauê

     

    Desinstale o programa Mobogenie

     

    >>>> Como está o computador?
     
    # Etapa nº 1 #
     
    Vamos desinstalar o ComboFix:
     
    Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido. 
     
    Ou se preferir vá em,
     
    iniciar > executar e digite  Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.
     
    # Etapa nº 2 #
     
    Faça download do OTC by OldTimer e salve em seu desktop.
    • Clique duas vezes no ícone 4142006426_4719050954_o.gif
    • Clique em executar;
    • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.
  •  
    # Etapa nº 3 #
     
    • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Clique em Desinstalar
    • Clique em Sim, aguarde.
     
    # Etapa nº 4 #
     
    <<@>> Instale o CCleaner
     
    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
    IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  •  
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!
    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
     
    Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #15 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.235 posts
    • Membro desde 08/09/2007
    207
    Excepcional
    • São Sebastião - SP

    Postado 21 de abril de 2014 - 07h46min

    Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD




    0 usuário(s) está(ão) lendo este tópico

    0 membros, 0 visitantes, 0 membros anônimos