Ir para conteúdo

Foto

Páginas que abrem sozinhas


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
18 respostas neste tópico

#1
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Bom dia
Quando estou usando a net páginas abrem sozinhas.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:54:50, on 29/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Clecio Lopes\AppData\Local\Lollipop\Lollipop.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PSafe\PSafeSysTray.exe
C:\Program Files (x86)\PSafe\Protege\psprotege.exe
C:\Program Files (x86)\PSafe\PSafeWDS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\Music\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files (x86)\PSafe\PSafeSysTray.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Clecio Lopes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [lollipop] "c:\users\clecio lopes\appdata\local\lollipop\lollipop.exe" lollipop
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1807234B-5489-4F1F-AA8F-D315BD9B6205}: NameServer = 200.149.55.140,200.202.193.171
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files (x86)\PSafe\PSafeWD.exe
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18319 bytes

#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
Bom dia, isabellopes.

Seja bem-vinda ao Fórum do Linha Defensiva. :legal:

Siga os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em Imagem Postada.

Clique em Delete.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Completa e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

3)

Baixe o MbrScan.exe e salve no desktop.
http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em Imagem Postada

Selecione, copie e cole o seu conteúdo na próxima resposta.
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#3
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Boa tarde
Segui a primeira e a segunda recomendação. Não consegui a terceira ("O Windows não pode acessar o dispositivo, caminho ou arquivo especificado")


# AdwCleaner v2.109 - Logfile created 01/29/2013 at 17:17:22
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Clecio Lopes - CLECIOLOPES-PC
# Boot Mode : Normal
# Running from : C:\Users\Clecio Lopes\Documents\Download\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\user.js
Folder Deleted : C:\Users\Clecio Lopes\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Clecio Lopes\AppData\Local\lollipop
Folder Deleted : C:\Users\Clecio Lopes\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Clecio Lopes\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Clecio Lopes\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Clecio Lopes\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Clecio Lopes\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\CLECIO~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\CLECIO~1\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Isabel\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Isabel\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Isabel\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\5a55dbdbe06aee42
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5a55dbdbe06aee42
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [tuto4pc_br_25]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=6857b40b-5899-464f-8908-2bd1fffdb8ea&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=6857b40b-5899-464f-8908-2bd1fffdb8ea&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=6857b40b-5899-464f-8908-2bd1fffdb8ea&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=6857b40b-5899-464f-8908-2bd1fffdb8ea&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [384 octets] - [29/01/2013 11:46:57]
AdwCleaner[S2].txt - [384 octets] - [29/01/2013 12:04:26]
AdwCleaner[S3].txt - [384 octets] - [29/01/2013 12:42:06]
AdwCleaner[S4].txt - [384 octets] - [29/01/2013 13:02:17]
AdwCleaner[S5].txt - [365 octets] - [29/01/2013 15:07:37]
AdwCleaner[S6].txt - [11712 octets] - [29/01/2013 17:17:22]

########## EOF - C:\AdwCleaner[S6].txt - [11773 octets] ##########


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados: v2013.01.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Clecio Lopes :: CLECIOLOPES-PC [administrador]

Proteção: Permitir

29/01/2013 15:17:54
mbam-log-2013-01-29 (15-17-54).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 491288
Tempo decorrido: 1 hora(s), 41 minuto(s), 45 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 2
HKLM\SOFTWARE\TUTO4PC (PUP.Tuto4PC) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\TUTO4PC (Trojan.EORezo) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 12
C:\Users\Clecio Lopes\AppData\Local\Temp\Aceleradorb_Setup.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\AppData\Local\Temp\ICReinstall_nero-disk-speed--cd-dvd-speed--41120-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\acelerador.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\burnaware-55-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\dvd-shrink-32015-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\filme.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\k-lite-codec-pack-full-955-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\nero-disk-speed--cd-dvd-speed--41120-baixaki-32-bits(1).exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\nero-disk-speed--cd-dvd-speed--41120-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\recuva-144778-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Clecio Lopes\Music\winx-video-converter-4513-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\userdata.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
Olá,

1)

Faça o download do Farbar Service Scanner, e salve na sua área de trabalho.
http://download.blee.../farbar/FSS.exe

Dê dois cliques no FSS.exe para executá-lo. Marque todas as opções e em seguida clique no botão Scan.

Imagem Postada


** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo FSS.exe, depois clique em Imagem Postada.

Um log ficará salvo na sua área de trabalho, com o nome FSS.txt.

Copie todo o conteúdo desse log e cole na sua próxima resposta.

2)

Faça o download do aswMBR.exe e salve no seu desktop.
http://public.avast....erek/aswMBR.exe

Observação: leia com atenção todo o procedimento antes de executar a ferramenta.

*** Usuários do Windows Vista ou Windows 7 Clique com o direito sobre o arquivo aswMBR.exe, depois clique em Imagem Postada.
  • Clique duas vezes no aswMBR.exe para iniciar a ferramenta.
  • Surgirá uma janela de aviso abaixo para atualizar o banco de dados, clique em Sim.

    Imagem Postada
  • Clique em Scan.

    Se aparecer entradas relacionadas a *rootkit* NÃO FAÇA NADA! queremos apenas o log.

    Imagem Postada
  • Após a conclusão Scan finished sucessfully, clique em Save log para salvá-lo em seu Desktop.
  • Clique em Exit para sair do programa.
  • Selecione, copie e cole o conteúdo do log do aswMBR na sua próxima resposta.
  • Atenção: NÃO clique no botão Fix, apenas aguarde pelos próximos procedimentos.
  • Irá notar no Desktop um outro arquivo chamado MBR.dat.
  • Não delete esse arquivo, pois é um arquivo de backup.
  • Antes de enviar seu log siga os procedimentos abaixo:
  • Clique em cima do arquivo MBR.dat com o botão direito do mouse e compacte-o (zip ou rar).
Ao postar o log anexe esse arquivo também na sua resposta!

OBS: Caso o programa não execute, clique com o botão direito no executável do programa em seguida clique em Propriedades. Na guia Compatibilidade marque a caixa Executar este programa em modo de compatibilidade e na caixa de lista suspensa selecione Windows XP (Service Pack 3), clique em OK e tente executar o programa novamente.
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#5
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Bom dia
Quando estava executando o segundo passo a tela ficou preta com uma mensagem(não deu para ler direito) e o computador foi reiniciado. Depois disto não consegui executa-lo mesmo mesmo modificando o modo de compatibilidade. Desinstalei e instalei novamente mas acontece a mesma coisa.


Farbar Service Scanner Version: 16-01-2013
Ran by Clecio Lopes (administrator) on 30-01-2013 at 09:57:19
Running from "C:\downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts

Quando estava executando o segundo passo a tela ficou preta com uma mensagem(não deu para ler direito) e o computador foi reiniciado.

Tente rodar em modo seguro.
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#7
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Boa tarde
Consegui em modo seguro.


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-30 08:31:27
-----------------------------
08:31:27.889 OS Version: Windows x64 6.1.7601 Service Pack 1
08:31:27.890 Number of processors: 2 586 0x602
08:31:27.891 ComputerName: CLECIOLOPES-PC UserName: Clecio Lopes
08:31:30.821 Initialize success
08:40:11.795 AVAST engine defs: 13013000
08:41:01.741 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:41:01.748 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
08:41:01.765 Disk 0 MBR read successfully
08:41:01.773 Disk 0 MBR scan
08:41:01.787 Disk 0 unknown MBR code
08:41:01.802 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
08:41:01.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462599 MB offset 409600
08:41:01.925 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14037 MB offset 947812352
08:41:01.999 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
08:41:02.128 Disk 0 scanning C:\Windows\system32\drivers
08:41:19.484 Service scanning
08:41:50.884 Modules scanning
08:41:50.912 Disk 0 trace - called modules:
08:41:50.931
08:41:55.408 AVAST engine scan C:\Windows
08:41:59.972 AVAST engine scan C:\Windows\system32
08:48:10.503 AVAST engine scan C:\Windows\system32\drivers
08:48:41.501 AVAST engine scan C:\Users\Clecio Lopes
08:56:30.712 Disk 0 MBR has been saved successfully to "C:\Users\Clecio Lopes\Pictures\MBR.dat"
08:56:30.732 The log file has been saved successfully to "C:\Users\Clecio Lopes\Pictures\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-30 11:22:37
-----------------------------
11:22:37.915 OS Version: Windows x64 6.1.7601 Service Pack 1
11:22:37.915 Number of processors: 2 586 0x602
11:22:37.931 ComputerName: CLECIOLOPES-PC UserName: Clecio Lopes
11:22:39.241 Initialize success
11:22:53.203 AVAST engine defs: 13013000
11:22:58.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:22:58.055 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
11:22:58.071 Disk 0 MBR read successfully
11:22:58.071 Disk 0 MBR scan
11:22:58.086 Disk 0 unknown MBR code
11:22:58.102 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:22:58.117 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462599 MB offset 409600
11:22:58.149 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14037 MB offset 947812352
11:22:58.180 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
11:22:58.227 Disk 0 scanning C:\Windows\system32\drivers
11:23:10.098 Service scanning
11:23:31.813 Modules scanning
11:23:31.813 Disk 0 trace - called modules:
11:23:31.829 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:23:31.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004330060]
11:23:31.860 3 CLASSPNP.SYS[fffff8800108a43f] -> nt!IofCallDriver -> [0xfffffa800432f040]
11:23:31.860 5 hpdskflt.sys[fffff880023b9289] -> nt!IofCallDriver -> [0xfffffa8004296310]
11:23:31.876 7 ACPI.sys[fffff88000f907a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003dd0060]
11:23:35.417 AVAST engine scan C:\Windows
11:23:38.506 AVAST engine scan C:\Windows\system32
11:28:13.951 AVAST engine scan C:\Windows\system32\drivers
11:28:42.312 AVAST engine scan C:\Users\Clecio Lopes
11:40:11.490 AVAST engine scan C:\ProgramData
11:42:29.971 Scan finished successfully
11:42:56.507 Disk 0 MBR has been saved successfully to "C:\Users\Clecio Lopes\Pictures\MBR.dat"
11:42:56.507 The log file has been saved successfully to "C:\Users\Clecio Lopes\Pictures\aswMBR.txt"

Arquivo(s) anexado(s)

  • Arquivo anexado  MBR.rar   534bytes   1 Downloads


#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
Baixe o RogueKiller e salve no desktop. e salve no desktop.
http://www.sur-la-to...RogueKiller.exe

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em Imagem Postada.

Clique no botão Verificar e aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os ítens antes de fazer isso.

Editado por CarlosTurco, 30 janeiro 2013 - 22:01.

[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#9
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Boa noite


RogueKiller V8.4.3 [Jan 31 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Site : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : Clecio Lopes [Privilegios de Admnistrador]
Modo : Verificar -- Data : 01/31/2013 19:41:47
| ARK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 9 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{1807234B-5489-4F1F-AA8F-D315BD9B6205} : NameServer (200.149.55.140,200.202.193.171) -> ENCONTRADO
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{1807234B-5489-4F1F-AA8F-D315BD9B6205} : NameServer (200.149.55.140,200.202.193.171) -> ENCONTRADO
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\Nero PhotoShow.scr) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 649f9892a012defb4905ea6386e0f036
[BSP] f795cf42cc170e5f55c77b39f943f6af : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 462599 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 947812352 | Size: 14037 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[1]_S_01312013_02d1941.txt >>
RKreport[1]_S_01312013_02d1941.txt

#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
Boa noite, isabellopes.

1)

Rode novamente o RogueKiller.

Na guia Registro deixe marcado somente.

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO


Ao final do scan, clique no botão Deletar. Aguarde o processo finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[2].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

2)

Poste um novo log do HijackThis.
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#11
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Bom dia


RogueKiller V8.4.3 [Jan 31 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Site : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : Clecio Lopes [Privilegios de Admnistrador]
Modo : Remover -- Data : 02/01/2013 08:10:11
| ARK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 8 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{1807234B-5489-4F1F-AA8F-D315BD9B6205} : NameServer (200.149.55.140,200.202.193.171) -> NÃO REMOVIDO, USE A OPÇÃO REPARAR DNS
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{1807234B-5489-4F1F-AA8F-D315BD9B6205} : NameServer (200.149.55.140,200.202.193.171) -> NÃO REMOVIDO, USE A OPÇÃO REPARAR DNS
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETADO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETADO
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETADO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÃO SELECIONADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\Nero PhotoShow.scr) -> SUBSTITUIDO (C:\Windows\system32\logon.scr)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] 649f9892a012defb4905ea6386e0f036
[BSP] f795cf42cc170e5f55c77b39f943f6af : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 462599 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 947812352 | Size: 14037 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[3]_D_02012013_02d0810.txt >>
RKreport[1]_S_01312013_02d1941.txt ; RKreport[2]_S_02012013_02d0807.txt ; RKreport[3]_D_02012013_02d0810.txt



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:12:13, on 01/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PSafe\PSafeSysTray.exe
C:\Program Files (x86)\PSafe\Protege\psprotege.exe
C:\Program Files (x86)\PSafe\PSafeWDS.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\Music\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files (x86)\PSafe\PSafeSysTray.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Clecio Lopes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1807234B-5489-4F1F-AA8F-D315BD9B6205}: NameServer = 200.149.55.140,200.202.193.171
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files (x86)\PSafe\PSafeWD.exe
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17053 bytes

#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
Olá,

1)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe Imagem Postada e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione Imagem Postada

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://www.bleepingc...combofix/dl/12/

Salve-o na sua área de trabalho.
  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.
Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:
  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#13
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Boa tarde


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Windows 7 Home Premium x64
Ran by Clecio Lopes on 01/02/2013 at 10:31:06,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4208909420-3618432746-25460420-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\baidu
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Clecio Lopes\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Clecio Lopes\appdata\locallow\conduit"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/02/2013 at 10:48:20,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ComboFix 13-02-01.04 - Clecio Lopes 01/02/2013 17:25:36.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.3836.1949 [GMT -3:00]
Executando de: c:\users\Clecio Lopes\Music\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
c:\users\Clecio Lopes\adwcleaner.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-01-01 to 2013-02-01 ))))))))))))))))))))))))))))
.
.
2013-02-01 20:36 . 2013-02-01 20:36 -------- d-----w- c:\users\Isabel\AppData\Local\temp
2013-02-01 20:36 . 2013-02-01 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-01 13:31 . 2013-02-01 13:31 -------- d-----w- c:\windows\ERUNT
2013-02-01 13:30 . 2013-02-01 13:30 -------- d-----w- C:\JRT
2013-02-01 10:52 . 2013-02-01 10:52 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-29 18:15 . 2013-01-29 18:15 -------- d-----w- c:\users\Clecio Lopes\AppData\Roaming\Malwarebytes
2013-01-29 18:15 . 2013-01-29 18:15 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 18:15 . 2013-01-29 18:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 18:15 . 2012-12-14 19:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-29 14:47 . 2013-01-29 20:18 190 ----a-w- c:\windows\DeleteOnReboot.bat
2013-01-29 13:30 . 2011-02-11 20:24 388608 ----a-w- c:\program files\HijackThis.exe
2013-01-29 13:30 . 2011-02-11 20:24 388608 ----a-w- c:\program files\HijackThis(1).exe
2013-01-27 02:43 . 2013-01-27 02:43 -------- d-----w- c:\program files\AdlmRes
2013-01-27 02:43 . 2013-01-27 02:43 -------- d-----w- c:\program files\CER
2013-01-27 02:43 . 2013-01-27 02:43 -------- d-----w- C:\UPI
2013-01-27 02:43 . 2013-01-27 02:43 -------- d-----w- c:\program files\UPI
2013-01-27 02:42 . 2013-01-27 02:42 -------- d-----w- c:\program files\Drv
2013-01-27 02:42 . 2013-01-27 02:43 -------- d-----w- c:\program files\Sample
2013-01-27 02:42 . 2013-01-27 02:42 -------- d-----w- c:\program files\Support
2013-01-27 02:42 . 2013-01-27 02:43 -------- d-----w- c:\program files\Fonts
2013-01-27 02:42 . 2013-01-27 02:43 -------- d-----w- c:\program files\Setup
2013-01-27 02:42 . 2013-01-27 02:42 -------- d-----w- c:\program files\UserDataCache
2013-01-27 02:42 . 2013-01-27 02:43 -------- d-----w- c:\program files\WebServices
2013-01-21 22:28 . 2013-02-01 19:25 -------- d-----w- c:\users\Clecio Lopes\AppData\Roaming\Skype
2013-01-21 22:28 . 2013-01-21 22:28 -------- d-----r- c:\program files (x86)\Skype
2013-01-21 22:28 . 2013-01-21 22:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-21 22:28 . 2013-01-21 22:28 -------- d-----w- c:\programdata\Skype
2013-01-12 13:52 . 2013-01-30 17:26 -------- d-----w- c:\program files\Recuva
2013-01-10 01:01 . 2013-01-10 01:04 -------- d-----w- C:\d9296787922cd1d2b0fb
2013-01-09 20:08 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 20:08 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 20:08 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 20:08 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 20:06 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 20:06 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 20:05 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 20:05 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-24 14:46 . 2012-07-23 00:41 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-10 01:01 . 2010-09-27 11:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-22 13:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 13:14 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:14 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:14 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-10 06:28 . 2012-12-10 06:28 127328 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-11-30 04:45 . 2013-01-09 20:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 16:10 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 16:10 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 16:10 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 16:10 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 16:10 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 16:10 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 16:10 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 16:10 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 16:10 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 16:10 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 16:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 16:10 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 16:10 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 16:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 16:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 16:10 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 16:10 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 16:10 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 16:10 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 16:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 16:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 16:10 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 14:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 14:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 14:29 . 2012-11-08 14:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-08 06:49 . 2012-11-08 06:49 307040 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2009-02-09 04:26 . 2009-02-09 04:26 195328 ----a-w- c:\program files\ASMOPER215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 1772800 ----a-w- c:\program files\ASMHEAL215A.DLL
2009-02-09 04:26 . 2009-02-09 04:26 73008 ----a-w- c:\program files\dcuthlm38.dll
2009-02-09 04:26 . 2009-02-09 04:26 715008 ----a-w- c:\program files\ASMIMPORT215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 790272 ----a-w- c:\program files\ASMTOPT215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 768768 ----a-w- c:\program files\ASMSHL215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 556288 ----a-w- c:\program files\ASMREM215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 493312 ----a-w- c:\program files\ASMRB215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 4099888 ----a-w- c:\program files\dcutd3e38.dll
2009-02-09 04:26 . 2009-02-09 04:26 2976000 ----a-w- c:\program files\ASMSKIN215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 217856 ----a-w- c:\program files\ASMTWK215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 191744 ----a-w- c:\program files\ASMSBOOL215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 1536256 ----a-w- c:\program files\ASMSWP215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 910592 ----a-w- c:\program files\ASMRBI215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 5806336 ----a-w- c:\program files\ASMMATRIX215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 555264 ----a-w- c:\program files\ASMLOPT215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 446720 ----a-w- c:\program files\ASMOFST215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 2514176 ----a-w- c:\program files\ASMLOP215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 97024 ----a-w- c:\program files\ASMEULR215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 4421888 ----a-w- c:\program files\ASMINTR215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 230144 ----a-w- c:\program files\ASMGA215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 12713728 ----a-w- c:\program files\ASMKERN215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 1110784 ----a-w- c:\program files\ASMFCT215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 1044224 ----a-w- c:\program files\ASMLAW215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 433408 ----a-w- c:\program files\ASMDatax215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 370432 ----a-w- c:\program files\ASMCT215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 263936 ----a-w- c:\program files\ASMCOVR215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 2220800 ----a-w- c:\program files\ASMBOOL215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 1498368 ----a-w- c:\program files\ASMCSTR215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 534272 ----a-w- c:\program files\ASMAHL215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 466176 ----a-w- c:\program files\ASMBASE215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 4276480 ----a-w- c:\program files\ASMBLND215A.dll
2009-02-09 04:26 . 2009-02-09 04:26 2657944 ----a-w- c:\program files\AdImaging.dll
2009-02-09 04:26 . 2009-02-09 04:26 137880 ----a-w- c:\program files\AdIntImgServices.dll
2009-02-09 04:26 . 2009-02-09 04:26 101528 ----a-w- c:\program files\AdSubAware.exe
2009-02-09 04:25 . 2009-02-09 04:25 236184 ----a-w- c:\program files\senddmp.exe
2009-02-09 04:25 . 2009-02-09 04:25 995480 ----a-w- c:\program files\AcSmComponents.dll
2009-02-09 04:25 . 2009-02-09 04:25 145744 ----a-w- c:\program files\AcMPolygonCom.dll
2009-02-09 04:25 . 2009-02-09 04:25 191312 ----a-w- c:\program files\AcMPolygonMGD.dll
2009-02-09 04:25 . 2009-02-09 04:25 111256 ----a-w- c:\program files\ad18asm215.dll
2009-02-09 04:25 . 2009-02-09 04:25 82072 ----a-w- c:\program files\atlst18.dll
2009-02-09 04:25 . 2009-02-09 04:25 68248 ----a-w- c:\program files\ac1st18.dll
2009-02-09 04:25 . 2009-02-09 04:25 558744 ----a-w- c:\program files\csp16.dll
2009-02-09 04:25 . 2009-02-09 04:25 15000 ----a-w- c:\program files\AcGradient18.dll
2009-02-09 04:25 . 2009-02-09 04:25 690328 ----a-w- c:\program files\modlr18.dll
2009-02-09 04:25 . 2009-02-09 04:25 6777496 ----a-w- c:\program files\axdb.dll
2009-02-09 04:25 . 2009-02-09 04:25 559768 ----a-w- c:\program files\acgex18.dll
2009-02-09 04:08 . 2009-02-09 04:08 915608 ----a-w- c:\program files\AcSceneCOM.dll
2009-02-09 04:08 . 2009-02-09 04:08 373912 ----a-w- c:\program files\AcXrefVaultUI.dll
2009-02-09 04:08 . 2009-02-09 04:08 285336 ----a-w- c:\program files\AcStDStyle.dll
2009-02-09 04:08 . 2009-02-09 04:08 205976 ----a-w- c:\program files\AcStLay.dll
2009-02-09 04:08 . 2009-02-09 04:08 193176 ----a-w- c:\program files\AcStLtype.dll
2009-02-09 04:08 . 2009-02-09 04:08 187032 ----a-w- c:\program files\AcStTStyle.dll
2009-02-09 04:08 . 2009-02-09 04:08 694424 ----a-w- c:\program files\AcStdBatch.dll
2009-02-09 04:08 . 2009-02-09 04:08 304280 ----a-w- c:\program files\AcStMgr.dll
2009-02-09 04:08 . 2009-02-09 04:08 183080 ----a-w- c:\program files\AcExportLayoutEx.dll
2009-02-09 04:08 . 2009-02-09 04:08 155800 ----a-w- c:\program files\AcProject18.dll
2009-02-09 04:08 . 2009-02-09 04:08 145560 ----a-w- c:\program files\aclbed.dll
2009-02-09 04:08 . 2009-02-09 04:08 1112216 ----a-w- c:\program files\AcSqlEng.dll
2009-02-09 04:08 . 2009-02-09 04:08 94872 ----a-w- c:\program files\AcTmpTbl.dll
2009-02-09 04:08 . 2009-02-09 04:08 544408 ----a-w- c:\program files\AcSqlData.dll
2009-02-09 04:08 . 2009-02-09 04:08 1026200 ----a-w- c:\program files\AdRefMan.exe
2009-02-09 04:07 . 2009-02-09 04:07 41624 ----a-w- c:\program files\ddelib.dll
2009-02-09 04:07 . 2009-02-09 04:07 82584 ----a-w- c:\program files\AdFTP.dll
2009-02-09 04:07 . 2009-02-09 04:07 76952 ----a-w- c:\program files\resize.dll
2009-02-09 04:07 . 2009-02-09 04:07 18584 ----a-w- c:\program files\AcWebDAV18.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]
@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]
2012-12-19 21:50 2065240 ----a-w- c:\program files (x86)\PSafe\shell\v3.4.1212.19402\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]
@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]
2012-12-19 21:50 2065240 ----a-w- c:\program files (x86)\PSafe\shell\v3.4.1212.19402\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]
@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]
2012-12-19 21:50 2065240 ----a-w- c:\program files (x86)\PSafe\shell\v3.4.1212.19402\PSafeShellExtensionx86.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-26 39408]
"PhotoShow Deluxe Media Manager"="c:\progra~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-07-17 842816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"PSafeSysTray"="c:\program files (x86)\PSafe\PSafeSysTray.exe" [2012-12-19 6606680]
.
c:\users\Clecio Lopes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-15 1436424]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2010-04-09 79360]
R3 jrdusbser;Olicard Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [2010-09-17 119680]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Olicard155net;Olicard155 USB-NDIS miniport;c:\windows\system32\DRIVERS\Olicard155Usbnet.sys [2010-09-17 138240]
R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 360FltOEM;360FltOEM mini-filter driver;c:\windows\system32\DRIVERS\360FltOEM.sys [2012-06-01 289952]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-24 37720]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-09-27 21624]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-08 323584]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
S2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files (x86)\TIM Communicator\module\devicemon.exe [2010-12-21 26528]
S2 PSafeLockBoxSvc;PSafeLockBoxSvc;c:\program files (x86)\PSafe\PSafeCategoryFinder.exe [2012-12-19 1211736]
S2 PSafeSVC;PSafeSVC;c:\program files (x86)\PSafe\PSafesvc.exe [2012-12-19 1999704]
S2 PSafeWD;PSafeWD;c:\program files (x86)\PSafe\PSafeWD.exe [2012-12-19 248664]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 721712]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-24 945328]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 70656]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 76288]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-28 140128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 16:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 22:20]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 22:20]
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208909420-3618432746-25460420-1000Core.job
- c:\users\Clecio Lopes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 16:37]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208909420-3618432746-25460420-1000UA.job
- c:\users\Clecio Lopes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 16:37]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208909420-3618432746-25460420-1001Core.job
- c:\users\Isabel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 19:06]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4208909420-3618432746-25460420-1001UA.job
- c:\users\Isabel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 19:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]
@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]
2012-12-19 21:50 2684760 ----a-w- c:\program files (x86)\PSafe\shell\v3.4.1212.19402\PSafeShellExtensionx64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]
@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]
2012-12-19 21:50 2684760 ----a-w- c:\program files (x86)\PSafe\shell\v3.4.1212.19402\PSafeShellExtensionx64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]
@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]
2012-12-19 21:50 2684760 ----a-w- c:\program files (x86)\PSafe\shell\v3.4.1212.19402\PSafeShellExtensionx64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-26 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-16 171520]
"lxbkbmgr.exe"="c:\program files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{1807234B-5489-4F1F-AA8F-D315BD9B6205}: NameServer = 200.149.55.140,200.202.193.171
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=MicroStation Resource
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-RegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-02-01 17:42:22
ComboFix-quarantined-files.txt 2013-02-01 20:42
.
Pré-execução: 392.628.076.544 bytes disponíveis
Pós execução: 391.977.250.816 bytes disponíveis
.
- - End Of File - - 9DFAC8DCAB5FE5D58B44935AB0D5F822

#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
isabellopes,

Quando estou usando a net páginas abrem sozinhas.

O problema ainda continua?

1)

Desative temporiariamente seu AntiVirus
  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site AQUI
  • Faça o scan de acordo com a imagem abaixo:

    Imagem Postada
  • Ao final da verificação marque a caixa "Delete Quarantined files" e clique em [FINISH]
    Será gerado um relatório, que estará em:
C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
Ou
C:\Arquivos de programas\Eset\EsetOnlineScanner\log.txt

Poste esse log.

2)

Poste um novo log do HijackThis.
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#15
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts
Boa tarde


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:08, on 02/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PSafe\PSafeSysTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\PSafe\Protege\psprotege.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\PSafe\PSafeWDS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Clecio Lopes\Music\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files (x86)\PSafe\PSafeSysTray.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicr...osoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1807234B-5489-4F1F-AA8F-D315BD9B6205}: NameServer = 200.149.55.140,200.202.193.171
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files (x86)\PSafe\PSafeWD.exe
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16588 bytes

#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
Bom dia, isabellopes.

isabellopes,

Quando estou usando a net páginas abrem sozinhas.

O problema ainda continua?

Faltou responder minha pergunta.
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#17
isabellopes

isabellopes

    Novato

  • Novato
  • Pip
  • 18 posts

Bom dia, isabellopes.


isabellopes,

Quando estou usando a net páginas abrem sozinhas.

O problema ainda continua?

Faltou responder minha pergunta.


Bom dia

Desculpa, não tinha lido a pergunta.

O problema desapareceu.

#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.544 posts
Ok,

Os logs estão limpos. :)

Para finalizar:
  • Vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall

    Imagem Postada

    Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.
  • Faça o Download do CCleaner
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.
  • Imagem Postada Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u13.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 29.73 MB jre-7u13-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u13-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • Imagem Postada Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • Imagem Postada Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • Imagem Postada Worms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • Imagem PostadaPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • Imagem PostadaVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão Imagem Postada e peça para fecharem seu tópico.
Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#19
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.