Como excluir o jRAT do meu PC?

Por favor alguém me ajude não consigo excluir este vírus do meu pc...fica aparecendo um ratinho no canto inferior e não consigo desinstalar, já tentei de tudo e não consigo. me ajudem por favor!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:04, on 28/10/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\GLOBAL\GNCambio.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\wuonsite\WUOnSite.exe
C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [java] C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/renova/AppData/Local/Temp/java6241618478718813097.jar"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\renova\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\renova\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [File] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar"
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A69C93CD-2E5A-48A4-8A50-04AD0E277B7D}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\contin~1\sprote~1.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WUOnSiteUpdate (WUOnSiteUpdateSvc) - Western Union - C:\wuonsite\WUOnSiteUpdate.exe

--
End of file - 10966 bytes

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de tigzy) e salve-o no Desktop (Área de Trabalho)

*Clique com o botão direito do mouse no RogueKiller e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Aguarde o término do carregamento e aceite o contrato

*Clique [Verificar]

*Clique [Report] e cole o relatório [RKreport[0].txt criado no Desktop

Não feche o RogueKiller

RogueKiller V8.7.6 _x64_ [Oct 28 2013] Por Tigzy
mail : tigzyRKgmailcom
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : renova [Privilegios de Admnistrador]
Modo : Verificar -- Data : 10/28/2013 13:10:46
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : java (C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/renova/AppData/Local/Temp/java6241618478718813097.jar" [7][x]) -> ENCONTRADO
[RUN][SUSP PATH] HKCU\[...]\Run : File ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar" [7][-]) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-21-1485655722-2464963912-1202057387-1000\[...]\Run : java (C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/renova/AppData/Local/Temp/java6241618478718813097.jar" [7][x]) -> ENCONTRADO
[RUN][SUSP PATH] HKUS\S-1-5-21-1485655722-2464963912-1202057387-1000\[...]\Run : File ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar" [7][-]) -> ENCONTRADO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ENCONTRADO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 2 ¤¤¤
[V2][SUSP PATH] Dealply : C:\Users\renova\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> ENCONTRADO
[V2][SUSP PATH] {ABAAEE89-7CFF-431D-825C-A4401B66A7E2} : C:\Users\renova\Desktop\GNCambio.exe [x] -> ENCONTRADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção :  ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-753CA1 ATA Device +++++
--- User ---
[MBR] 7868e469f10cc820958a6ac57818196c
[BSP] 60ef57d7a8986bd4721ddd5743e6dbc0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13466 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27660288 | Size: 463433 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE2 @ USB) LGE Android USB Device +++++
--- User ---
[MBR] 0eab5443adecf096927faca7ddc24548
[BSP] 6003d993cc17b4019937d98be0e386c8 : Empty MBR Code
Partition table:
User = LL1 ... OK!
Error reading LL2 MBR!

Concluido : << RKreport[0]_S_10282013_131046.txt >>

No RogueKiller, deixe selecionadas apenas as caixas dos seguintes achados:

[RUN][SUSP PATH] HKCU\[...]\Run : java (C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/renova/AppData/Local/Temp/java6241618478718813097.jar" [7][x]) -> ENCONTRADO

[RUN][SUSP PATH] HKCU\[...]\Run : File ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar" [7][-]) -> ENCONTRADO

[RUN][SUSP PATH] HKUS\S-1-5-21-1485655722-2464963912-1202057387-1000\[...]\Run : java (C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/renova/AppData/Local/Temp/java6241618478718813097.jar" [7][x]) -> ENCONTRADO

[RUN][SUSP PATH] HKUS\S-1-5-21-1485655722-2464963912-1202057387-1000\[...]\Run : File ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar" [7][-]) -> ENCONTRADO

[V2][SUSP PATH] Dealply : C:\Users\renova\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> ENCONTRADO


*Clique [Deletar] e cole o relatório RKreport[1].txt localizado no desktop

RogueKiller V8.7.6 _x64_ [Oct 28 2013] Por Tigzy
mail : tigzyRKgmailcom
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : renova [Privilegios de Admnistrador]
Modo : Remover -- Data : 10/28/2013 13:26:46
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : java (C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/renova/AppData/Local/Temp/java6241618478718813097.jar" [7][x]) -> DELETADO
[RUN][SUSP PATH] HKCU\[...]\Run : File ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar" [7][-]) -> DELETADO
[RUN][SUSP PATH] HKUS\S-1-5-21-1485655722-2464963912-1202057387-1000\[...]\Run : java (C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar "/C:/Users/renova/AppData/Local/Temp/java6241618478718813097.jar" [7][x]) -> [0x2] O sistema não pode encontrar o arquivo especificado.
[RUN][SUSP PATH] HKUS\S-1-5-21-1485655722-2464963912-1202057387-1000\[...]\Run : File ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar" [7][-]) -> [0x2] O sistema não pode encontrar o arquivo especificado.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NÃO SELECIONADO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÃO SELECIONADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÃO SELECIONADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÃO SELECIONADO

¤¤¤ As tarefas agendadas : 2 ¤¤¤
[V2][SUSP PATH] Dealply : C:\Users\renova\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETADO
[V2][SUSP PATH] {ABAAEE89-7CFF-431D-825C-A4401B66A7E2} : C:\Users\renova\Desktop\GNCambio.exe [x] -> NÃO SELECIONADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-753CA1 ATA Device +++++
--- User ---
[MBR] 7868e469f10cc820958a6ac57818196c
[BSP] 60ef57d7a8986bd4721ddd5743e6dbc0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13466 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27660288 | Size: 463433 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE2 @ USB) LGE Android USB Device +++++
--- User ---
[MBR] 0eab5443adecf096927faca7ddc24548
[BSP] 6003d993cc17b4019937d98be0e386c8 : Empty MBR Code
Partition table:
User = LL1 ... OK!
Error reading LL2 MBR!

Concluido : << RKreport[0]_D_10282013_132646.txt >>
RKreport[0]_S_10282013_131046.txt

Feche o RogueKiller


Execute o Malwarebytes.

*Clique [Atualização] > [Baixar Atualizações]

*Ao término, clique [Verificação], selecione Verificação Rápida

*Clique [Verificar]

*Ao término, clique [OK] > [Ver Resultados]

*Selecione todos os resultados e clique [Remover Selecionados]

*Cole o relatório apresentado

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2013.10.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
renova :: RENOVA03 [administrador]

28/10/2013 14:13:32
mbam-log-2013-10-28 (14-13-32).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 206336
Tempo decorrido: 7 minuto(s), 8 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 27
HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\WebCakeIEClient.Api.1 (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\WebCakeIEClient.Api (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1010B3B3-C031-2866-53D5-97F856AFD66B} (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Updater By Sweetpacks (PUP.Optional.SweetPacks.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Wow6432Node\Updater By Sweetpacks (PUP.Optional.SweetPacks.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} (PUP.Optional.SweetPacks.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} (PUP.Optional.SweetPacks.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.SearchNewTab) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.SearchNewTab) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A1M1S1N1H2Q1H0B1O1O -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {E14622A6-E98E-11E2-8F79-782BCBC199E5} -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {E14622A6-E98E-11E2-8F79-782BCBC199E5} -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0

Vc conhece este arquivo?

GNCambio.exe

Sim programa que utilizo para fazer minha operaçoes pq?

Katezinha escreveu:Sim programa que utilizo para fazer minha operaçoes pq?

OK..sem problemas...


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt


Informe se foi resolvido

Lindão...eu fiz tudinho que pediu e o jRAT da firme e forte no canto inferior do mesmo jeito....rsrsrsrs

# AdwCleaner v3.010 - Relatório criado 28/10/2013 às 14:34:36
# Atualizado 20/10/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : renova - RENOVA03
# Executando de : C:\Users\renova\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\AVG Security Toolbar
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\StarApp
Pasta Deletada : C:\ProgramData\cyontinueotyoSavie
Pasta Deletada : C:\Program Files (x86)\BonanzaDeals
Pasta Deletada : C:\Program Files (x86)\Claro
Pasta Deletada : C:\Program Files (x86)\continuetosave
Pasta Deletada : C:\Program Files (x86)\TornTV.com
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\Users\renova\AppData\Roaming\Betcat
Pasta Deletada : C:\Users\renova\AppData\Roaming\Claro
Pasta Deletada : C:\Users\renova\AppData\Roaming\Web Cake

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\findlyrics
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\SP Global
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v

[ Arquivo : C:\Users\renova\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\renova\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5870 octets] - [28/10/2013 14:32:37]
AdwCleaner[S0].txt - [5427 octets] - [28/10/2013 14:34:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5487 octets] ##########

Vc reiniciou o PC para saber?

Sim Reiniciei o pc e essa peste continua no mesmo lugar  

Execute o AdwCleaner, clique [Desinstalar] > [Sim]


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Smeenk)

*Extraia o arquivo Zoek.exe para o Desktop (Área de Trabalho)

*Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Copie e cole as linhas em marrom no espaço do Zoek

startupall;
standardsearch;

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Cole ou anexe o relatório C:\zoek-results.txt

Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by renova on 28/10/2013 at 14:54:31,88.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\renova\Desktop\zoek.exe [Script inserted]

==== System Restore Info ======================

28/10/2013 14:57:32 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
C:\Program Files (x86)\Scpad\scpVista.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\wuonsite\WUOnSiteUpdate.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\GLOBAL\GNCambio.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\renova\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\renova\AppData\Local\Google\Chrome\Application\chrome.exe

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 2985 MB
CPU Info: Intel(R) Pentium(R) CPU G630 @ 2.70GHz
CPU Speed: 2692,8 MHz
Sound Card: Alto-falantes (Conexant HD Audi |

Acho que seu relatório está incompleto.

Copie e cole-o na íntegra.

Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by renova on 28/10/2013 at 15:17:03,72.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\renova\Desktop\zoek.exe [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2013-10-28-170243.log 29329 bytes

==== Creating Sample_102013_1522.zip ======================

Process chrome.exe killed
Copied file C:\Users\renova\AppData\Roaming\unins000.exe to sample\unins000.exe
Copied file C:\Users\renova\AppData\Roaming\unins001.exe to sample\unins001.exe
sample\unins000.exe renamed to 45D18DC0CA53BFFAA11F992BEF63280D
sample\unins001.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6

C:\Users\Public\Desktop\sample_102013_1522.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\extensions.sqlite deleted
C:\Users\renova\AppData\Roaming\renovav3.5.0.0.vbs deleted
C:\ProgramData\APN deleted
C:\ProgramData\InstallMate deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\Users\renova\AppData\Roaming\unins000.exe deleted
C:\Users\renova\AppData\Roaming\unins001.exe deleted
"C:\Users\renova\AppData\Local\{B66BA944-2147-44A6-8EAA-9D27A8BB87B6}" deleted
"C:\Users\renova\AppData\Roaming\install" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\renova\AppData\Local\Temp ====
2013-10-28 16:37:22 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_7147848265735463465.dll
2013-10-28 15:10:11 CF95B85FF8D128385ABD411C8CA74DED 1731920 ----a-w- C:\Users\renova\AppData\Local\Temp\ntdll_dump.dll
2013-10-28 13:17:13 067D8DDFBF8B8F0EAE9FBC719FD45E8D 224840 ------w- C:\Users\renova\AppData\Local\Temp\jna-renova\jna3084436676387202884.dll
2013-10-28 13:17:08 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_576149742214970496.dll
2013-10-28 10:15:28 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_1809857015159738138.dll
2013-10-26 10:54:51 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_8459091025617550314.dll
2013-10-25 17:35:35 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_5205194732223847716.dll
2013-10-25 10:48:56 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_2944220673683278795.dll
2013-10-24 10:35:23 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_7339270851045078142.dll
2013-10-23 10:50:24 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_5859308685380242059.dll
2013-10-22 12:14:30 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_1438090977940977168.dll
2013-10-22 10:31:40 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_4110586608907884517.dll
2013-10-21 10:48:20 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_2590939282417794286.dll
2013-10-19 11:06:51 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_8658107255831147657.dll
2013-10-18 12:00:08 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_4204982963627166558.dll
2013-10-17 19:49:53 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_8533251256341985360.dll
2013-10-17 14:21:49 FD7E35D891DDDE77C218D6B6C32BC28E 56510 ----a-w- C:\Users\renova\AppData\Local\Temp\JNativeHook_2263192629521698560.dll
2013-10-17 07:07:38 47025DD5CBA8B43E9D26C960FF5B32A7 344355 ----a-w- C:\Users\renova\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-10-25 11:13:50 F572B7467B5CB4FA8FB6319575902E41 32768 ----a-w- C:\Windows\Sysnative\drivers\ewdcsc.sys
2013-10-25 11:13:50 CE93B8AF848FE2AA44455A4769C1BC8A 223232 ----a-w- C:\Windows\Sysnative\drivers\ewusbmdm.sys
2013-10-25 11:13:50 CCE3DB0BA3C615CAA321EB1301532688 87040 ----a-w- C:\Windows\Sysnative\drivers\ew_jubusenum.sys
2013-10-25 11:13:50 CACBDF30051DFB383E24B3E731D82BDE 22016 ----a-w- C:\Windows\Sysnative\drivers\ew_hwupgrade.sys
2013-10-25 11:13:50 C4BC37B9E5E54A50B2AA458F1FCA428C 28672 ----a-w- C:\Windows\Sysnative\drivers\ew_juextctrl.sys
2013-10-25 11:13:50 B3D171E4ED0B89AD49049556541F1DC3 218624 ----a-w- C:\Windows\Sysnative\drivers\ew_juwwanecm.sys
2013-10-25 11:13:50 91971BCD780D6063DF90DE4F1DF10C2F 98304 ----a-w- C:\Windows\Sysnative\drivers\ew_jucdcacm.sys
2013-10-25 11:13:50 86F7951BBCEE4A86E79A97306BD14318 117248 ----a-w- C:\Windows\Sysnative\drivers\ew_hwusbdev.sys
2013-10-25 11:13:50 55E0EDA185869F7EA67EA97FD0655B39 13952 ----a-w- C:\Windows\Sysnative\drivers\ew_usbenumfilter.sys
2013-10-25 11:13:50 53D3E56CB36C9DDE9B7CDB5447DA0E80 72192 ----a-w- C:\Windows\Sysnative\drivers\ew_jucdcecm.sys
2013-10-25 11:13:50 404EC152190E79DCF757AEBD9B166EA3 422400 ----a-w- C:\Windows\Sysnative\drivers\ewusbwwan.sys
2013-10-25 11:13:50 15E399875C850B54FC253A2323AD8021 1001472 ----a-w- C:\Windows\Sysnative\drivers\mod7700.sys
2013-10-17 20:47:26 9ADCCCDE502874F5F079D873B7A3E221 81112 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys
2013-10-17 20:43:48 E26B3C8E9C3DDE047B32C5719955D715 132088 ----a-w- C:\Windows\Sysnative\drivers\avipbb.sys
2013-10-17 20:43:48 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\Sysnative\drivers\avkmgr.sys
2013-10-17 20:43:48 0D5C96FD25D6455D97A5C4D7706DFAB1 105344 ----a-w- C:\Windows\Sysnative\drivers\avgntflt.sys
2013-10-16 13:06:35 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-10-08 14:27:33 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2013-10-08 14:27:31 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2013-10-08 14:26:44 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-08 14:26:23 0E9AD2D3784A0996A5131512939C09C0 1490656 ----a-w- C:\Windows\Sysnative\drivers\WdfCoInstaller01007.dll
====== C:\Windows\Tasks ======
2013-10-28 16:55:30 E21916103729DBA58ABB569A3609140E 3126 ----a-w- C:\Windows\Sysnative\Tasks\{11B3E599-23BA-47A1-A63A-7BA87EE434C2}
2013-10-17 13:52:14 73432D855BEAA34FAFBCEA3CBAE894A7 3144 ----a-w- C:\Windows\Sysnative\Tasks\{70760096-A39B-4856-8362-C481105C7F9C}
2013-10-17 13:47:10 5AAF343F4563481D56F9536E7D2647C7 1082 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000UA.job
2013-10-17 13:47:10 0146035C724253764A8B7D3F730E43FF 4054 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000UA
2013-10-17 13:47:09 8AAE7C7701927604497D2885D5F316BB 3658 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000Core
2013-10-17 13:47:09 67E1389134AA7F1ADE85887F909E1022 1030 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000Core.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-10-25 11:13:21 -------- d-----w- C:\PROGRA~2\TIM Communicator
2013-10-17 20:43:47 -------- d-----w- C:\PROGRA~2\Avira
2013-10-16 13:52:08 -------- d-----w- C:\PROGRA~2\Special Uninstaller
======= C: =====
2013-10-02 18:01:28 2863CBB34855B4CC978109A354A357A0 230432 ----a-w- C:\PA7302.DAT
====== C:\Users\renova\AppData\Roaming ======
2013-10-17 20:46:52 -------- d-----w- C:\Users\renova\AppData\Roaming\Avira
2013-10-17 20:05:25 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013
2013-10-17 20:05:25 -------- d-----w- C:\Users\renova\AppData\Local\Avg2013
2013-10-17 13:51:39 -------- d-----w- C:\Users\renova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
====== C:\Users\renova ======
2013-10-28 15:04:06 DB582FB6AA1CD52DD0C2B91D01F7FF6F 4012032 ----a-w- C:\Users\renova\Desktop\RogueKillerX64.exe
2013-10-25 11:14:13 -------- d-----w- C:\Users\TODOSO~1\OrolixCommunicator
2013-10-25 11:14:13 -------- d-----w- C:\ProgramData\OrolixCommunicator
2013-10-25 11:14:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator
2013-10-17 20:44:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2013-10-17 20:43:47 -------- d-----w- C:\Users\TODOSO~1\Avira
2013-10-17 20:43:47 -------- d-----w- C:\ProgramData\Avira
2013-10-17 20:00:51 0C69FE9AF6C6B0D84AAED06BAFB24E60 2296952 ----a-w- C:\Users\renova\Downloads\avira_free_antivirus.exe
2013-10-17 14:35:07 07C9A50DC30EF32E282B98E104649040 434 --sha-r- C:\Users\TODOSO~1\ntuser.pol
2013-10-17 14:35:07 07C9A50DC30EF32E282B98E104649040 434 --sha-r- C:\ProgramData\ntuser.pol
2013-10-08 14:25:44 -------- d-----w- C:\Users\TODOSO~1\DatacardService
2013-10-08 14:25:44 -------- d-----w- C:\ProgramData\DatacardService
2013-10-04 20:23:20 D771A4B3B87C6DD53218AA835DAD3C61 330000123 ----a-w- C:\Users\Public\Renova BH.rar

====== C: exe-files ==
2013-10-28 15:04:06 DB582FB6AA1CD52DD0C2B91D01F7FF6F 4012032 ----a-w- C:\Users\renova\Desktop\RogueKillerX64.exe
2013-10-25 11:14:13 7E76A5FDC063DF850AA6FFF4AEF182DD 395075 ----a-w- C:\Program Files (x86)\TIM Communicator\Uninstall.exe
=== C: other files ==
2013-10-28 17:22:18 D06B468F55FE8F9A1F9081B17498B4E1 654522 ----a-w- C:\Users\Public\Desktop\sample_102013_1522.zip
2013-10-25 11:13:50 F572B7467B5CB4FA8FB6319575902E41 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2013-10-25 11:13:50 CE93B8AF848FE2AA44455A4769C1BC8A 223232 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2013-10-25 11:13:50 CCE3DB0BA3C615CAA321EB1301532688 87040 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2013-10-25 11:13:50 CACBDF30051DFB383E24B3E731D82BDE 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
2013-10-25 11:13:50 C4BC37B9E5E54A50B2AA458F1FCA428C 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2013-10-25 11:13:50 B3D171E4ED0B89AD49049556541F1DC3 218624 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2013-10-25 11:13:50 91971BCD780D6063DF90DE4F1DF10C2F 98304 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2013-10-25 11:13:50 86F7951BBCEE4A86E79A97306BD14318 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2013-10-25 11:13:50 55E0EDA185869F7EA67EA97FD0655B39 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2013-10-25 11:13:50 53D3E56CB36C9DDE9B7CDB5447DA0E80 72192 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2013-10-25 11:13:50 404EC152190E79DCF757AEBD9B166EA3 422400 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
2013-10-25 11:13:50 15E399875C850B54FC253A2323AD8021 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1485655722-2464963912-1202057387-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\renova\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\renova\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"File"="C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\renova\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\renova\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"File"="C:\Program Files (x86)\Java\jre7\bin\javaw.exe -jar C:\Users\renova\AppData\Local\Temp\File2390411868292485669.jar"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\contin~1\\sprote~1.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"DBRMTray"="C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000Core.job --a------ C:\Users\renova\AppData\Local\FC:ebook\Update\FC:ebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000UA.job --a------ C:\Users\renova\AppData\Local\FC:ebook\Update\FC:ebookUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000Core.job --a------ C:\Users\renova\AppData\LoC:al\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000UA.job --a------ C:\Users\renova\AppData\Local\Google\Update\GoogleUpdate.exe [17/10/2013 11:47]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000Core" [C:\Users\renova\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000UA" [C:\Users\renova\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000Core" [C:\Users\renova\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1485655722-2464963912-1202057387-1000UA" [C:\Users\renova\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RunAsStdUser" [C:\Program Files (x86)\Desk 365\desk365.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{47E95272-DAD5-4A1F-9683-4B7B59EBDE29}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{80DCDB5A-C9DF-48C6-B3F6-FE340A5E4DAC}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{ABAAEE89-7CFF-431D-825C-A4401B66A7E2}" [C:\Users\renova\Desktop\GNCambio.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{DEDAF650-12B8-48f5-A843-BBA100716106}"="C:\Program Files\Updater By Sweetpacks\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension" []

==== Firefox Extensions ======================

ExtDir: C:\Users\renova\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi

==== Firefox Plugins ======================


==== Deleted Firefox Extensions ======================

C:\Users\renova\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted

==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\renova\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[26/10/2013 09:01]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\renova\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[09/09/2013 14:35]

GBBD Banco Santander (Brasil) S.A. - renova - Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Google Search - renova - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome In-App Payments service - renova - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - renova - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - renova - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1485655722-2464963912-1202057387-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfully
HKEY_USERS\S-1-5-21-1485655722-2464963912-1202057387-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1485655722-2464963912-1202057387-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{DEDAF650-12B8-48f5-A843-BBA100716106} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{DEDAF650-12B8-48f5-A843-BBA100716106} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\renova\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB3XWIKE will be deleted at reboot
C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUXFL2ZX will be deleted at reboot
C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H46K2LKO will be deleted at reboot
C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\renova\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\renova\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB3XWIKE" not found
"C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUXFL2ZX" not found
"C:\Users\renova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H46K2LKO" not found

==== EOF on 28/10/2013 at 15:29:01,52 ======================

Baixe o arquivo zoekscript.txt e salve-o no Desktop

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

*Cole o relatório C:\zoek-results.txt

Apesar de nao entender agora q vc ta dizendo mas parece q sumiu o maldito do jRAT..qualquer coisa volto a informar vc..Obrigada lindão por perde seu tempo comigo e me ajudar...vc merece mil bjos...

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Run] e cole o relatório apresentado


Delete o DelFix e o arquivo C:\DelFix.txt


Delete o arquivo sample_102013_1522.zip criado no Desktop


Um abraço...

CASO RESOLVIDO

Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.