• Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   08-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
cauê

remoçao de malwares

15 posts neste tópico

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Caue at 20:27:18 on 2014-01-21
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6009.2728 [GMT -2:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Mobogenie\MgAssist.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\mesmo\McSmtFwk.exe
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.198\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.68\deploy\LolClient.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files (x86)\plus-hd-5.0\plus-hd-5.0-bg.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:newtab
uSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
uSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
uDefault_Page_URL = hxxp://dell13.msn.com
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
mWinlogon: Userinit = userinit.exe
BHO: Plus-HD-5.0: {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll
BHO: BonanzaDeals: {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Caue\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRunOnce: [spUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
mPolicies-System: DisableCAD = dword:1
TCP: NameServer = 192.168.25.1
TCP: Interfaces\{413AC885-83F0-409A-8CE7-7F0FAB0C4782} : DHCPNameServer = 10.42.0.251 10.42.0.252
TCP: Interfaces\{FE69A7ED-7D6B-4B58-B90B-ED1240045A44} : DHCPNameServer = 192.168.25.1
TCP: Interfaces\{FE69A7ED-7D6B-4B58-B90B-ED1240045A44}\746545D244443453 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FE69A7ED-7D6B-4B58-B90B-ED1240045A44}\746545D263131323 : DHCPNameServer = 192.168.25.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
x64-BHO: Plus-HD-5.0: {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Run: [DellWPF] <no file>
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-3-28 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-3-28 30496]
R0 rtcrfilt64;Realtek Turbo Mode Filter Driver;C:\Windows\System32\Drivers\rtcrfilt64.sys [2013-3-28 19600]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-3-28 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-3-28 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-8-31 216192]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-28 7168]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-3-28 2464400]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-28 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-19 701512]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\msc\McAPExe.exe [2013-10-3 178048]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2013-10-3 328928]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 311120]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2013-10-3 1025232]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2013-3-28 219272]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 782360]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-3-28 182752]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 343696]
R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-1-19 63168]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-3-28 1914728]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-28 365376]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-3-28 77824]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-8-31 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-8-31 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-8-31 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-8-31 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-8-31 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-8-31 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-8-31 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-31 575128]
R3 BthLEEnum;Driver de Baixa Energia do Bluetooth;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\Drivers\IntcDAud.sys [2013-3-28 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-1-19 25928]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2013-11-26 411944]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-28 690832]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-3-28 43832]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69344]
S2 bonanzadealslive;Serviço do BonanzaDealsLive (bonanzadealslive);C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-9-23 148976]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-6-19 173056]
S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-4-30 201304]
S3 bonanzadealslivem;Serviço do BonanzaDealsLive (bonanzadealslivem);C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-9-23 148976]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-3-28 10752]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2013-3-28 332080]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2013-11-26 96112]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\Drivers\nvstusb.sys [2013-3-28 447928]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2013-3-28 317584]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-3-28 41272]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
.
=============== Created Last 30 ================
.
2014-01-21 18:41:54 -------- d-----w- C:\Users\Caue\AppData\Local\ElevatedDiagnostics
2014-01-19 19:37:15 -------- d-----w- C:\Program Files (x86)\Mobogenie
2014-01-19 19:23:57 -------- d-----w- C:\Users\Caue\AppData\Roaming\Malwarebytes
2014-01-19 19:23:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-19 19:23:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-19 19:23:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 15:17:10 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10230.bin
2014-01-15 23:10:06 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2014-01-15 17:21:15 915968 ----a-w- C:\Windows\System32\MPSSVC.dll
2014-01-15 17:21:15 758784 ----a-w- C:\Windows\System32\FirewallAPI.dll
2014-01-15 17:21:15 588288 ----a-w- C:\Windows\System32\SHCore.dll
2014-01-15 17:21:15 550400 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll
2014-01-15 17:21:15 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2014-01-15 17:21:14 86016 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-01-15 17:21:14 227840 ----a-w- C:\Windows\System32\WebClnt.dll
2014-01-15 17:21:14 199168 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-01-15 17:21:14 104448 ----a-w- C:\Windows\System32\davclnt.dll
2014-01-15 17:21:14 100696 ----a-w- C:\Windows\System32\drivers\disk.sys
2014-01-15 17:21:13 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys
2014-01-15 17:19:38 688640 ----a-w- C:\Windows\System32\WSShared.dll
2014-01-15 17:19:38 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-01-15 17:19:37 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 17:19:37 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-10 20:36:54 -------- d-----w- C:\Users\Caue\AppData\Roaming\Baidu Security
2014-01-10 20:36:37 -------- d-----w- C:\ProgramData\Log
2014-01-10 20:35:31 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-01-10 20:35:26 -------- d-----w- C:\ProgramData\Baidu Security
2014-01-10 20:35:26 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-10 20:22:52 -------- d-----w- C:\Users\Caue\AppData\Roaming\0C1I1L1R1J0M1P0I1G
2014-01-10 20:22:06 -------- d-----w- C:\Program Files (x86)\Plus-HD-5.0
2014-01-10 20:21:02 18816 ----a-w- C:\Windows\System32\roboot64.exe
2014-01-10 20:20:46 -------- d-----w- C:\Users\Caue\AppData\Roaming\systweak
2014-01-10 20:20:32 -------- d-----w- C:\Program Files (x86)\SquirrelWeb
2014-01-10 20:19:19 824400 ----a-w- C:\Users\Caue\AppData\Local\AnyProtectScannerSetup.exe
2014-01-10 20:19:12 -------- d-----w- C:\Program Files (x86)\AnyProtectEx
2014-01-10 20:17:21 -------- d-----w- C:\Users\Caue\.android
2014-01-10 20:17:19 -------- d-----w- C:\Users\Caue\AppData\Roaming\newnext.me
2014-01-10 20:17:19 -------- d-----w- C:\Users\Caue\AppData\Local\cache
2014-01-10 20:17:18 -------- d-----w- C:\Users\Caue\AppData\Local\Mobogenie
2014-01-10 20:17:18 -------- d-----w- C:\Users\Caue\AppData\Local\genienext
.
==================== Find3M  ====================
.
2014-01-09 08:02:07 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-09 08:02:07 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-27 00:07:44 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-11-27 00:07:22 96112 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-11-27 00:07:02 411944 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-11-04 18:51:44 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-11-04 18:46:34 343696 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-11-04 18:46:16 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-11-04 18:43:04 782360 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-11-04 18:41:22 519576 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-11-04 18:40:00 311120 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-11-04 18:39:20 179792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-11-04 18:28:52 69344 ----a-w- C:\Windows\System32\drivers\mfeelamk.sys
2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
.
============= FINISH: 20:28:00,19 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites
Caro cauê
 
Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v3.018 - Relatório criado 01/02/2014 às 23:37:55
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : Caue - PC
# Executando de : C:\Users\Caue\Downloads\AdwCleaner.exe
# Opção : Examinar
 
***** [ Serviços ] *****
 
Serviço Encontrado : bonanzadealslive
Serviço Encontrado : bonanzadealslivem
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Encontrado : C:\Windows\System32\roboot64.exe
Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Arquivo Encontrado : C:\Windows\System32\Tasks\RegClean Pro
Arquivo Encontrado : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
Arquivo Encontrado : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
Pasta Encontrado C:\Program Files (x86)\Plus-HD-5.0
Pasta Encontrado C:\Users\Caue\AppData\LocalLow\Plus-HD-5.0
Pasta Encontrado C:\Windows\SysWOW64\Searchprotect
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Encontrada : HKCU\Software\AppDataLow\Software\Plus-HD-5.0
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-5.0
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Chave Encontrada : HKLM\Software\Plus-HD-5.0
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Bar] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [search Bar] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [search Page] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [search Bar] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [search Page] - hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s
 
-\\ Google Chrome v32.0.1700.102
 
[ Arquivo : C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5824 octets] - [01/02/2014 23:37:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5884 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 Single Language x64
Ran by Caue on 01/02/2014 at 23:16:56,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
    Value Name          Type                             Value Data                     
========================================================================================
    NextLive    REG_SZ    C:\Windows\SysWOW64\rundll32.exe "C:\Users\Caue\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bonanzadealslive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickprocesslaunchermachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickprocesslaunchermachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.cocreateasync
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.cocreateasync.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coreclass
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coreclass.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coremachineclass
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coremachineclass.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.credentialdialogmachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.credentialdialogmachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachinefallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclasssvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclasssvc.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.processlauncher
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.processlauncher.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3comclassservice
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3comclassservice.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachinefallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3websvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3websvc.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bonanza deals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\regclean pro_is1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0047718.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411771118}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422772218}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455775518}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466776618}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444774418}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411771118}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422772218}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455775518}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466776618}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444774418}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0047718.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455775518}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466776618}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444774418}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411771118}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455775518}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466776618}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444774418}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{821C0E81-3B91-448D-AB7C-B44E7912C900}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Successfully deleted: [File] C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-5.0-updater.job
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\bonanzadealslive"
Successfully deleted: [Folder] "C:\Program Files (x86)\allin1convert_8hei"
Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadeals"
Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadealslive"
Successfully deleted: [Folder] "C:\Program Files (x86)\squirrelweb"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/02/2014 at 23:25:42,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

Falta o log do ComboFix.

Compartilhar este post


Link para o post
Compartilhar em outros sites
ComboFix 14-02-03.01 - Caue 03/02/2014  21:29:13.1.4 - x64

Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6009.2634 [GMT -2:00]

Executando de: c:\users\Caue\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Criado um novo ponto de restauração

.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll

c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll

c:\programdata\PCDr\6422\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll

c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll

c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll

c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll

c:\programdata\PCDr\6422\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll

c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll

c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll

c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll

c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll

c:\programdata\PCDr\6422\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll

c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll

c:\users\Caue\AppData\Local\AnyProtectScannerSetup.exe

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-03 to 2014-02-03  ))))))))))))))))))))))))))))

.

.

2014-02-03 23:45 . 2014-02-03 23:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-02-03 23:45 . 2014-02-03 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-02 01:33 . 2014-02-02 01:38 -------- d-----w- C:\AdwCleaner

2014-01-24 00:09 . 2014-01-24 00:09 246960 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin

2014-01-21 18:41 . 2014-01-21 18:41 -------- d-----w- c:\users\Caue\AppData\Local\ElevatedDiagnostics

2014-01-20 02:23 . 2014-01-20 02:23 -------- d-----w- c:\users\Public\Nova pasta

2014-01-19 19:37 . 2014-01-27 12:06 -------- d-----w- c:\program files (x86)\Mobogenie

2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\users\Caue\AppData\Roaming\Malwarebytes

2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\programdata\Malwarebytes

2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-19 19:23 . 2013-04-04 16:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-15 23:10 . 2014-01-15 23:10 -------- d-----w- c:\windows\SysWow64\SearchProtect

2014-01-15 17:21 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll

2014-01-15 17:21 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll

2014-01-15 17:21 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll

2014-01-15 17:21 . 2013-10-28 05:50 588288 ----a-w- c:\windows\system32\SHCore.dll

2014-01-15 17:21 . 2013-10-28 04:05 452608 ----a-w- c:\windows\SysWow64\SHCore.dll

2014-01-15 17:21 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys

2014-01-15 17:21 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll

2014-01-15 17:21 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll

2014-01-15 17:21 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll

2014-01-15 17:21 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll

2014-01-15 17:21 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2014-01-15 17:19 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll

2014-01-15 17:19 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll

2014-01-15 17:19 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 17:19 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-10 20:36 . 2014-01-10 20:36 -------- d-----w- c:\users\Caue\AppData\Roaming\Baidu Security

2014-01-10 20:36 . 2014-01-10 20:55 -------- d-----w- c:\programdata\Log

2014-01-10 20:35 . 2014-01-10 20:46 -------- d-----w- c:\program files (x86)\VideoLAN

2014-01-10 20:35 . 2014-01-10 20:36 -------- d-----w- c:\programdata\Baidu Security

2014-01-10 20:35 . 2014-01-10 20:35 -------- d-----w- c:\program files (x86)\Baidu Security

2014-01-10 20:22 . 2014-01-10 20:22 -------- d-----w- c:\users\Caue\AppData\Roaming\0C1I1L1R1J0M1P0I1G

2014-01-10 20:22 . 2014-01-10 20:22 -------- d-----w- c:\program files (x86)\Plus-HD-5.0

2014-01-10 20:21 . 2012-01-20 16:14 18816 ----a-w- c:\windows\system32\roboot64.exe

2014-01-10 20:19 . 2014-01-10 20:55 -------- d-----w- c:\program files (x86)\AnyProtectEx

2014-01-10 20:17 . 2014-01-10 20:17 -------- d-----w- c:\users\Caue\.android

2014-01-10 20:17 . 2014-01-27 12:05 -------- d-----w- c:\users\Caue\AppData\Local\cache

2014-01-10 20:17 . 2014-01-20 03:29 -------- d-----w- c:\users\Caue\AppData\Roaming\newnext.me

2014-01-10 20:17 . 2014-01-19 19:52 -------- d-----w- c:\users\Caue\AppData\Local\Mobogenie

2014-01-10 20:17 . 2014-01-19 19:49 -------- d-----w- c:\users\Caue\AppData\Local\genienext

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-15 17:27 . 2013-05-01 16:13 86054176 ----a-w- c:\windows\system32\MRT.exe

2014-01-09 08:02 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-09 08:02 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-05 18:51 . 2012-06-22 10:40 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys

2013-12-05 18:45 . 2012-06-22 10:38 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2013-12-05 18:44 . 2013-03-28 05:44 184800 ----a-w- c:\windows\system32\mfevtps.exe

2013-12-05 18:41 . 2012-06-22 10:36 782616 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2013-12-05 18:39 . 2012-06-22 10:35 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2013-12-05 18:37 . 2012-06-22 10:34 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2013-12-05 18:36 . 2012-06-22 10:34 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2013-12-05 18:25 . 2012-06-18 15:29 69344 ----a-w- c:\windows\system32\drivers\mfeelamk.sys

2013-11-27 00:07 . 2013-11-27 00:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2013-11-27 00:07 . 2013-11-27 00:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2013-11-27 00:07 . 2013-11-27 00:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2013-11-23 06:43 . 2013-12-12 15:56 420864 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-23 05:05 . 2013-12-12 15:56 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-06 23:18 . 2013-12-12 15:56 4036608 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NextLive"="c:\users\Caue\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-27 775872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]

R2 0242881390759792mcinstcleanup;McAfee Application Installer Cleanup (0242881390759792);c:\windows\TEMP\024288~1.EXE;c:\windows\TEMP\024288~1.EXE [x]

R2 bonanzadealslive;Serviço do BonanzaDealsLive (bonanzadealslive);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

R3 bonanzadealslivem;Serviço do BonanzaDealsLive (bonanzadealslivem);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\System32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]

R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\System32\drivers\rtcrfilt64.sys;c:\windows\SYSNATIVE\drivers\rtcrfilt64.sys [x]

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]

S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S2 MgAssistService;MgAssist Service;c:\program files (x86)\Mobogenie\MgAssist.exe;c:\program files (x86)\Mobogenie\MgAssist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-29 14:45 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]

.

2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}]

2014-01-10 20:22 973672 ----a-w- c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-09-01 6839952]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-17 1215632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]

"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-08-31 764544]

"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-08-31 127616]

"IntelTBRunOnce"="wscript.exe" [2012-07-26 160256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:newtab

uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=

mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=

mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=

TCP: DhcpNameServer = 192.168.25.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{fe063412-bea4-4d76-8ed3-183be6220d17} - c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe

Toolbar-Locked - (no file)

HKLM-Run-DellWPF - (no file)

.

.

.

Tempo para conclusão: 2014-02-03  22:08:09

ComboFix-quarantined-files.txt  2014-02-04 00:08

.

Pré-execução: 894.232.543.232 bytes disponíveis

Pós execução: 894.768.365.568 bytes disponíveis

.

- - End Of File - - AA4F3B418AE171B3511DDAD667E92BF8

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro cauê

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
File::c:\windows\TEMP\024288~1.EXEc:\windows\System32\drivers\BprotectEx.sys Folder::c:\windows\SysWow64\SearchProtectc:\users\Caue\AppData\Roaming\newnext.mec:\program files (x86)\BonanzaDealsLiveC:\Users\Caue\AppData\Roaming\Baidu SecurityC:\ProgramData\Baidu SecurityC:\Program Files (x86)\Baidu Securityc:\program files (x86)\Plus-HD-5.0 DDS::uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portalmSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q= Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NextLive"=- Driver::0242881390759792mcinstcleanupbonanzadealslivebonanzadealslivemBprotectExPCFApiUtil
  • Salve este arquivo como: CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
ComboFix 14-02-05.02 - Caue 06/02/2014  13:27:20.3.4 - x64

Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6009.2821 [GMT -2:00]

Executando de: c:\users\Caue\Downloads\ComboFix.exe

Comandos utilizados :: c:\users\Caue\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Criado um novo ponto de restauração

.

FILE ::

"c:\windows\System32\drivers\BprotectEx.sys"

"c:\windows\TEMP\024288~1.EXE"

.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Baidu Security

c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\Plugins\Plugin.SystemCleaner\t3.db

c:\program files (x86)\Plus-HD-5.0

c:\program files (x86)\Plus-HD-5.0\47718.crx

c:\program files (x86)\Plus-HD-5.0\47718.xpi

c:\program files (x86)\Plus-HD-5.0\background.html

c:\program files (x86)\Plus-HD-5.0\Installer.log

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bg.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil.dll

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil64.dll

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-buttonutil64.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-chromeinstaller.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-codedownloader.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-enabler.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-firefoxinstaller.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-helper.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0-updater.exe

c:\program files (x86)\Plus-HD-5.0\Plus-HD-5.0.ico

c:\program files (x86)\Plus-HD-5.0\Uninstall.exe

c:\program files (x86)\Plus-HD-5.0\utils.exe

c:\programdata\Baidu Security

c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\optbt.dat

c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\opthis.dat

c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\optignore.dat

c:\programdata\Baidu Security\PC Faster\4.0.0.0\sysopt\snopthis.dat

c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-03-54-0168-[0498].dat

c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-46-53-0673-[29932].dat

c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-47-00-0299-[29955].dat

c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-48-20-0552-[30216].dat

c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-48-54-0567-[30327].dat

c:\programdata\Baidu Security\RpData\rpFile-NSISInstall-2014-01-10 01-50-30-0326-[30641].dat

c:\programdata\Baidu Security\RpData\rpFile-PCFaster-2014-01-10 01-47-05-0718-[29971].dat

c:\programdata\Baidu Security\RpData\rpFile-PCFasterSvc-2014-01-10 01-56-58-0709-[31908].dat

c:\programdata\Baidu Security\RpData\rpFile-PCFPopups-2014-01-10 01-46-01-0762-[29762].dat

c:\programdata\Baidu Security\RpData\rpFile-PCFPopups-2014-01-10 01-58-38-0247-[32234].dat

c:\programdata\Baidu Security\RpData\rpFile-PcfTray-2014-01-10 01-59-05-0051-[32323].dat

c:\programdata\Baidu Security\RpData\rpFile-Updater-2014-01-10 01-56-24-0942-[31797].dat

c:\programdata\Baidu Security\RpData\rpFile-Updater-2014-01-10 01-58-38-0107-[32234].dat

c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll

c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll

c:\programdata\PCDr\6422\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll

c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll

c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll

c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll

c:\programdata\PCDr\6422\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll

c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll

c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll

c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll

c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll

c:\programdata\PCDr\6422\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll

c:\programdata\PCDr\6422\AddOnDownloaded\b1cd2350-1a70-4fd2-9b75-98208aace99a.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll

c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll

c:\programdata\PCDr\6422\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll

c:\users\Caue\AppData\Roaming\Baidu Security

c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\FasterNow\FasterNow.db

c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\Communication.dll

c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\InstallUtility.dll

c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\log.dll

c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall\0\Communication.dll

c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall\0\InstallUtility.dll

c:\users\Caue\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall\0\log.dll

c:\users\Caue\AppData\Roaming\newnext.me

c:\users\Caue\AppData\Roaming\newnext.me\cache\spark.bin

c:\users\Caue\AppData\Roaming\newnext.me\nengine.cookie

c:\users\Caue\AppData\Roaming\newnext.me\nengine.dll

c:\windows\SysWow64\SearchProtect

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_0242881390759792mcinstcleanup

-------\Service_bonanzadealslive

-------\Service_bonanzadealslivem

-------\Service_BprotectEx

-------\Service_PCFApiUtil

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-06 to 2014-02-06  ))))))))))))))))))))))))))))

.

.

2014-02-06 15:48 . 2014-02-06 15:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-02-06 15:48 . 2014-02-06 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-04 21:32 . 2014-02-04 21:32 240816 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10232.bin

2014-02-02 01:33 . 2014-02-02 01:38 -------- d-----w- C:\AdwCleaner

2014-01-21 18:41 . 2014-01-21 18:41 -------- d-----w- c:\users\Caue\AppData\Local\ElevatedDiagnostics

2014-01-20 02:23 . 2014-01-20 02:23 -------- d-----w- c:\users\Public\Nova pasta

2014-01-19 19:37 . 2014-01-27 12:06 -------- d-----w- c:\program files (x86)\Mobogenie

2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\users\Caue\AppData\Roaming\Malwarebytes

2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\programdata\Malwarebytes

2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-01-19 19:23 . 2013-04-04 16:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-15 17:21 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll

2014-01-15 17:21 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll

2014-01-15 17:21 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll

2014-01-15 17:21 . 2013-10-28 05:50 588288 ----a-w- c:\windows\system32\SHCore.dll

2014-01-15 17:21 . 2013-10-28 04:05 452608 ----a-w- c:\windows\SysWow64\SHCore.dll

2014-01-15 17:21 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys

2014-01-15 17:21 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll

2014-01-15 17:21 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll

2014-01-15 17:21 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll

2014-01-15 17:21 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll

2014-01-15 17:21 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2014-01-15 17:19 . 2013-12-07 06:37 688640 ----a-w- c:\windows\system32\WSShared.dll

2014-01-15 17:19 . 2013-12-07 05:15 562688 ----a-w- c:\windows\SysWow64\WSShared.dll

2014-01-15 17:19 . 2013-12-07 06:37 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 17:19 . 2013-12-07 05:15 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-10 20:36 . 2014-01-10 20:55 -------- d-----w- c:\programdata\Log

2014-01-10 20:35 . 2014-01-10 20:46 -------- d-----w- c:\program files (x86)\VideoLAN

2014-01-10 20:22 . 2014-01-10 20:22 -------- d-----w- c:\users\Caue\AppData\Roaming\0C1I1L1R1J0M1P0I1G

2014-01-10 20:21 . 2012-01-20 16:14 18816 ----a-w- c:\windows\system32\roboot64.exe

2014-01-10 20:19 . 2014-01-10 20:55 -------- d-----w- c:\program files (x86)\AnyProtectEx

2014-01-10 20:17 . 2014-01-10 20:17 -------- d-----w- c:\users\Caue\.android

2014-01-10 20:17 . 2014-01-27 12:05 -------- d-----w- c:\users\Caue\AppData\Local\cache

2014-01-10 20:17 . 2014-01-19 19:52 -------- d-----w- c:\users\Caue\AppData\Local\Mobogenie

2014-01-10 20:17 . 2014-01-19 19:49 -------- d-----w- c:\users\Caue\AppData\Local\genienext

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-15 17:27 . 2013-05-01 16:13 86054176 ----a-w- c:\windows\system32\MRT.exe

2014-01-09 08:02 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-09 08:02 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-05 18:51 . 2012-06-22 10:40 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys

2013-12-05 18:45 . 2012-06-22 10:38 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2013-12-05 18:44 . 2013-03-28 05:44 184800 ----a-w- c:\windows\system32\mfevtps.exe

2013-12-05 18:41 . 2012-06-22 10:36 782616 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2013-12-05 18:39 . 2012-06-22 10:35 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2013-12-05 18:37 . 2012-06-22 10:34 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2013-12-05 18:36 . 2012-06-22 10:34 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2013-12-05 18:25 . 2012-06-18 15:29 69344 ----a-w- c:\windows\system32\drivers\mfeelamk.sys

2013-11-27 00:07 . 2013-11-27 00:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2013-11-27 00:07 . 2013-11-27 00:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2013-11-27 00:07 . 2013-11-27 00:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2013-11-23 06:43 . 2013-12-12 15:56 420864 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-23 05:05 . 2013-12-12 15:56 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}]

c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]

"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-27 775872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]

R2 0227081391702538mcinstcleanup;McAfee Application Installer Cleanup (0227081391702538);c:\windows\TEMP\022708~1.EXE;c:\windows\TEMP\022708~1.EXE [x]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\System32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\System32\drivers\rtcrfilt64.sys;c:\windows\SYSNATIVE\drivers\rtcrfilt64.sys [x]

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]

S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]

S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S2 MgAssistService;MgAssist Service;c:\program files (x86)\Mobogenie\MgAssist.exe;c:\program files (x86)\Mobogenie\MgAssist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]

S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-04 02:45 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]

.

2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 02:33]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellWPF"="" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-09-01 6839952]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-17 1215632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]

"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-08-31 764544]

"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-08-31 127616]

"IntelTBRunOnce"="wscript.exe" [2012-07-26 160256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:newtab

mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=

mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=

mSearch Bar = hxxp://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=

TCP: DhcpNameServer = 192.168.25.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

AddRemove-Plus-HD-5.0 - c:\program files (x86)\Plus-HD-5.0\Uninstall.exe

.

.

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Dell Backup and Recovery\TOASTER.EXE

.

**************************************************************************

.

Tempo para conclusão: 2014-02-06  14:16:44 - Máquina reiniciou

ComboFix-quarantined-files.txt  2014-02-06 16:16

ComboFix2.txt  2014-02-04 00:08

.

Pré-execução: 894.376.828.928 bytes disponíveis

Pós execução: 898.199.003.136 bytes disponíveis

.

- - End Of File - - 21296675402CD2D78E52ABE653CB8B08

Compartilhar este post


Link para o post
Compartilhar em outros sites
Caro cauê
 
Note: você somente pode ter um antivírus funcionado ;)

AV: McAfee Anti-Virus and Anti-Spyware
AV: Windows Defender

 

 

Faça o download do Malwarebytes Anti-Malware:
  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Versão da Base de Dados:  v2014.02.10.07

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

Caue :: PC [administrador]

 

10/02/2014 19:48:33

mbam-log-2014-02-10 (19-48-33).txt

 

Tipo de Verificação:  Verificação Rápida 

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados:  236265

Tempo decorrido: 6 minuto(s), 46 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 12

HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 

HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 

HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 

HKCR\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

HKCR\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\Plus-HD-5.0 (PUP.Optional.PlusHD.A) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 (PUP.Optional.BonanzaDeals.A) -> Nenhuma ação foi feita. 

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 6

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchURL|(Default) (PUP.Optional.SearchCertifiedTB.A) -> Ruim: (http://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s) Bom: (http://www.google.com/) -> Nenhuma ação foi feita. 

HKCU\Software\Microsoft\Internet Explorer\SearchURI|(Default) (PUP.Optional.SearchCertifiedTB.A) -> Ruim: (http://search.certified-toolbar.com?si=65578&st=bs&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&q=%s) Bom: (http://www.google.com) -> Nenhuma ação foi feita. 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Ruim: (http://search.certified-toolbar.com?si=65578&tid=6635&ver=5.6&ts=1389386128115&tguid=65578-6635-1389386128115-AC4438AAB1232C7CA5DDC200BCA7069D&st=chrome&q=) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 5

C:\Users\Caue\Downloads\478-Mobogenie_Setup_2.1.37_21.exe (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita. 

C:\Users\Caue\Downloads\ZipSetup (1).exe (PUP.Optional.JumpyApps) -> Nenhuma ação foi feita. 

C:\Users\Caue\Downloads\ZipSetup.exe (PUP.Optional.JumpyApps) -> Nenhuma ação foi feita. 

C:\Users\Caue\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Nenhuma ação foi feita. 

C:\Users\Caue\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Nenhuma ação foi feita. 

 

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo, você precisa remover as infecções encontradas acima, veja você optou por Nenhuma ação foi feita. Faça um novo scan e peça para remover. ;)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Versão da Base de Dados:  v2014.02.10.07

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16798

Caue :: PC [administrador]

 

13/02/2014 13:46:27

mbam-log-2014-02-13 (13-46-27).txt

 

Tipo de Verificação:  Verificação Rápida 

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados:  235854

Tempo decorrido: 3 minuto(s), 6 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro cauê

 

# Etapa nº 1 #
 
Faça o download do Kaspersky AVP Tool de um desses links:
 
Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
Somente o campo "email" é obrigatório.
Informe seu email depois clique no botão Submit Form.
A página será recarregada. Clique no botão Download
Salve-o em sua área de trabalho (Desktop).
Execute o arquivo e aguarde a instalação.
  • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

 
KRT_settings.png
 
Nesta tela, marque a caixa ao lado de:
Meu Computador; 
Disco local (C:);
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
Depois clique na aba Automatic Scan.

 
KRT_install2_.png
 
De volta à tela inicial do programa, clique no botão Start scanning;
Tenha paciência, é um pouco demorado;
Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

 
KRT_detection_.png
 
Uma vez finalizado o scan, proceda da seguinte forma:
Na tela principal, caso tenha sido detectado algo, então salve o log
Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
Escolha um local de fácil acesso e salve como log.txt
Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
Se nada for detectado, então não precisa salvar o log, apenas avise.
Para sair do programa, basta clicar no X no canto superior direito.

 

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

 
# Etapa nº 2 #
 
Faça o download do SecurityCheck e salve em seu Desktop
Clique duas vezes no SecurityCheck.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Pressione qualquer tecla para continuar... será aberto um relatório
Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Caue Desktop Virus Removal Tool setup_9.0.1.722_17.02.2014_06-38\setup_9.0.1.722_17.02.2014_06-38.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

Verificação automática: interrompido 14 horas atrás   (eventos: 11, objetos: 215778, hora: 09:09:53)
17/02/2014 10:07:24 Tarefa interrompida Ação padrão selecionada
17/02/2014 10:07:17 Erro de processamento C:\Documents and Settings\Todos os Usuários\Overwolf\Setup\213\OverwolfSetup.msi/_6684ECD76685B9F84B7AAA2A563D9D2E Erro de leitura
17/02/2014 10:05:33 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
17/02/2014 10:05:01 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
17/02/2014 01:43:26 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 01:43:26 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 01:41:36 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
17/02/2014 01:38:56 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 01:38:56 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 01:36:53 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Documents and Settings\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
17/02/2014 00:57:31 Tarefa iniciada Ação padrão selecionada
Verificação automática: concluído 1 minuto atrás   (eventos: 22, objetos: 959940, hora: 05:16:45)
17/02/2014 19:00:54 Tarefa iniciada Ação padrão selecionada
17/02/2014 19:19:41 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 19:19:41 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 19:27:51 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 19:27:51 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 20:25:29 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
17/02/2014 20:26:54 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
17/02/2014 20:35:19 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 20:35:19 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 20:37:53 Detectados: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ação padrão selecionada
17/02/2014 20:39:45 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 20:39:45 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 20:40:29 Não neutralizado: not-a-virus:AdWare.Win32.Agent.ahgx C:\Users\Caue\Configurações Locais\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip/Mobogenie/nengine.dll Ignorado pelo usuário
17/02/2014 22:10:11 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 22:10:11 Erro de processamento C:\Documents and Settings\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 22:22:01 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 22:22:01 Erro de processamento C:\Documents and Settings\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 23:13:29 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 23:13:29 Erro de processamento C:\Users\Caue\AppData\Roaming\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
17/02/2014 23:18:16 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.bin Erro de leitura
17/02/2014 23:18:16 Erro de processamento C:\Users\Caue\Dados de Aplicativos\NVIDIA\GLCache\b12c72983040a917df73f527daddc35f\9dc7a6c4da6acd25\dbb5e872936c685c.toc Erro de leitura
18/02/2014 00:17:39 Tarefa concluída Ação padrão selecionada

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro cauê

 

Desinstale o programa Mobogenie

 

>>>> Como está o computador?
 
# Etapa nº 1 #
 
Vamos desinstalar o ComboFix:
 
Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido. 
 
Ou se preferir vá em,
 
iniciar > executar e digite  Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.
 
# Etapa nº 2 #
 
Faça download do OTC by OldTimer e salve em seu desktop.
  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
4141259853_5a542d5908_o.jpgPermita que seu computador seja reiniciado.

 
# Etapa nº 3 #
 
  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.
 
# Etapa nº 4 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
Abra o programa e clique em Executar Limpeza;
clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
 
Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.