Ir para conteúdo

Foto

Propagandas durante a navegação - remoção de malware


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
11 respostas neste tópico

#1
V.Schmusz

V.Schmusz

    Novato

  • Novato
  • Pip
  • 6 posts

Olá, enquanto estou navegando na internet sempre aparecem propagandas que não são dos sites, e meu computador está com lentidão.

 

Em anexo estão os logs do HijackThis e do Farbar Service Scanner, e o do MbrScan está a seguir, pois os arquivos estavam muito pesados para envio.

Log do MbrScan:

 

 


MBRScan v1.1.1
 
OS             : Windows 8  (64 bit)
PROCESSOR      : Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/07/02 (ISO 8601) at 20:04:11
________________________________________________________________________________
 
Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> Unknown MBR Code... ==> PARTITION TABLE FAKED !!
 
MBR_MD5   : 0011FCE8913B2A47D0BE9ABE0922779C
MBR_SHA1  : 6EC8A7E429444E49EE68ADF8125AB059053B8B6D
 
Device\Harddisk0\Partition1 2.00 To   0xEE EFI GPT[1] 
________________________________________________________________________________
 
############################### Additional scan ################################
 
DRIVER  : C:\windows\system32\ntoskrnl.exe => Invisible on the disk
ADDRESS : 0x9F480000
SIZE    : 7.30 Mo
 
DRIVER  : C:\windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x9F414000
SIZE    : 432.0 Ko
 
DRIVER  : C:\windows\system32\kd.dll => Invisible on the disk
ADDRESS : 0x9E512000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CDD000
SIZE    : 380.0 Ko
 
DRIVER  : C:\windows\System32\drivers\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D3C000
SIZE    : 368.0 Ko
 
DRIVER  : C:\windows\System32\drivers\tm.sys => Invisible on the disk
ADDRESS : 0x00D98000
SIZE    : 140.0 Ko
 
DRIVER  : C:\windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 508.0 Ko
 
DRIVER  : C:\windows\System32\drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x010C0000
SIZE    : 396.0 Ko
 
DRIVER  : C:\windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x01123000
SIZE    : 776.0 Ko
 
DRIVER  : C:\windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x011E5000
SIZE    : 64.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\acpiex.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 92.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\WppRecorder.sys => Invisible on the disk
ADDRESS : 0x01017000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x01022000
SIZE    : 436.0 Ko
 
DRIVER  : C:\windows\System32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x0108F000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x00E0C000
SIZE    : 560.0 Ko
 
DRIVER  : C:\windows\System32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00E98000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\System32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00EA2000
SIZE    : 244.0 Ko
 
DRIVER  : C:\windows\System32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00EDF000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\system32\drivers\pdc.sys => Invisible on the disk
ADDRESS : 0x00EEC000
SIZE    : 92.0 Ko
 
DRIVER  : C:\windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00F03000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\System32\drivers\spaceport.sys => Invisible on the disk
ADDRESS : 0x00F1D000
SIZE    : 292.0 Ko
 
DRIVER  : C:\windows\System32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00F66000
SIZE    : 96.0 Ko
 
DRIVER  : C:\windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00F7E000
SIZE    : 384.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00FDE000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\System32\drivers\iaStorA.sys => Invisible on the disk
ADDRESS : 0x014C8000
SIZE    : 2.79 Mo
 
DRIVER  : C:\windows\System32\drivers\storport.sys => Invisible on the disk
ADDRESS : 0x01792000
SIZE    : 340.0 Ko
 
DRIVER  : C:\windows\System32\drivers\EhStorClass.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x0141A000
SIZE    : 384.0 Ko
 
DRIVER  : C:\windows\System32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x0147A000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01860000
SIZE    : 1.89 Mo
 
DRIVER  : C:\windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01A43000
SIZE    : 108.0 Ko
 
DRIVER  : C:\windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01A5E000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01A6F000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01A79000
SIZE    : 996.0 Ko
 
DRIVER  : C:\windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01B72000
SIZE    : 444.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 188.0 Ko
 
DRIVER  : C:\windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01C00000
SIZE    : 2.22 Mo
 
DRIVER  : C:\windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01E39000
SIZE    : 416.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\wfplwfs.sys => Invisible on the disk
ADDRESS : 0x01EA1000
SIZE    : 108.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01EBC000
SIZE    : 472.0 Ko
 
DRIVER  : C:\windows\System32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01F32000
SIZE    : 340.0 Ko
 
DRIVER  : C:\windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01F87000
SIZE    : 236.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01FC2000
SIZE    : 92.0 Ko
 
DRIVER  : C:\windows\System32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x0182F000
SIZE    : 112.0 Ko
 
DRIVER  : C:\windows\System32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x0200B000
SIZE    : 336.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x0205F000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\System32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0x03F9B000
SIZE    : 196.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x03FCC000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03FD5000
SIZE    : 32.0 Ko
 
DRIVER  : C:\windows\System32\drivers\BasicRender.sys => Invisible on the disk
ADDRESS : 0x03FDD000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x02080000
SIZE    : 1.41 Mo
 
DRIVER  : C:\windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03FEA000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 312.0 Ko
 
DRIVER  : C:\windows\System32\drivers\BasicDisplay.sys => Invisible on the disk
ADDRESS : 0x03C4E000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03C5F000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x03C71000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x03C7D000
SIZE    : 136.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03C9F000
SIZE    : 56.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x00C7F000
SIZE    : 352.0 Ko
 
DRIVER  : C:\windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x036F5000
SIZE    : 584.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x03787000
SIZE    : 168.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x037B1000
SIZE    : 88.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x037C7000
SIZE    : 64.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\avkmgr.sys => Invisible on the disk
ADDRESS : 0x037D7000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\avipbb.sys => Invisible on the disk
ADDRESS : 0x03600000
SIZE    : 144.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x03624000
SIZE    : 460.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x03697000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x036B1000
SIZE    : 56.0 Ko
 
DRIVER  : C:\windows\System32\drivers\npsvctrig.sys => Invisible on the disk
ADDRESS : 0x036BF000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x036CB000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x036D7000
SIZE    : 68.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x01FD9000
SIZE    : 132.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\CLVirtualDrive.sys => Invisible on the disk
ADDRESS : 0x037E1000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x036E8000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x0148E000
SIZE    : 188.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x01BE1000
SIZE    : 120.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x017E7000
SIZE    : 96.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x04290000
SIZE    : 176.0 Ko
 
DRIVER  : C:\windows\System32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x042BC000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\kdnic.sys => Invisible on the disk
ADDRESS : 0x042CB000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x042D6000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x048E4000
SIZE    : 8.57 Mo
 
DRIVER  : C:\windows\System32\drivers\HECIx64.sys => Invisible on the disk
ADDRESS : 0x05177000
SIZE    : 76.0 Ko
 
DRIVER  : C:\windows\System32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x0518A000
SIZE    : 88.0 Ko
 
DRIVER  : C:\windows\System32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04800000
SIZE    : 492.0 Ko
 
DRIVER  : C:\windows\System32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x0487B000
SIZE    : 88.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\athw8x.sys => Invisible on the disk
ADDRESS : 0x052CE000
SIZE    : 3.48 Mo
 
DRIVER  : C:\windows\System32\drivers\vwifibus.sys => Invisible on the disk
ADDRESS : 0x05648000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\Rt630x64.sys => Invisible on the disk
ADDRESS : 0x05655000
SIZE    : 676.0 Ko
 
DRIVER  : C:\windows\System32\drivers\CmBatt.sys => Invisible on the disk
ADDRESS : 0x056FE000
SIZE    : 28.0 Ko
 
DRIVER  : C:\windows\System32\drivers\BATTC.SYS => Invisible on the disk
ADDRESS : 0x05705000
SIZE    : 48.0 Ko
 
DRIVER  : C:\windows\System32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x05711000
SIZE    : 128.0 Ko
 
DRIVER  : C:\windows\System32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x05731000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\ETD.sys => Invisible on the disk
ADDRESS : 0x05740000
SIZE    : 316.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mouclass.sys => Invisible on the disk
ADDRESS : 0x0578F000
SIZE    : 60.0 Ko
 
DRIVER  : C:\windows\System32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x0579E000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\System32\drivers\RadioHIDMini.sys => Invisible on the disk
ADDRESS : 0x057A8000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mshidkmdf.sys => Invisible on the disk
ADDRESS : 0x057B3000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x057BC000
SIZE    : 108.0 Ko
 
DRIVER  : C:\windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x057D7000
SIZE    : 32.0 Ko
 
DRIVER  : C:\windows\System32\drivers\intelppm.sys => Invisible on the disk
ADDRESS : 0x057DF000
SIZE    : 112.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x05200000
SIZE    : 132.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x05221000
SIZE    : 148.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x05246000
SIZE    : 104.0 Ko
 
DRIVER  : C:\windows\System32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x05260000
SIZE    : 8.0 Ko
 
DRIVER  : C:\windows\System32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x05262000
SIZE    : 316.0 Ko
 
DRIVER  : C:\windows\System32\drivers\btath_bus.sys => Invisible on the disk
ADDRESS : 0x052B1000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\System32\drivers\rdpbus.sys => Invisible on the disk
ADDRESS : 0x052BE000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x04891000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\System32\drivers\usbhub.sys => Invisible on the disk
ADDRESS : 0x042E8000
SIZE    : 504.0 Ko
 
DRIVER  : C:\windows\System32\drivers\USBD.SYS => Invisible on the disk
ADDRESS : 0x048A5000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x05ED4000
SIZE    : 3.91 Mo
 
DRIVER  : C:\windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x062BD000
SIZE    : 300.0 Ko
 
DRIVER  : C:\windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x06308000
SIZE    : 136.0 Ko
 
DRIVER  : C:\windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0632A000
SIZE    : 24.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x06330000
SIZE    : 352.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x06388000
SIZE    : 220.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\cdfs.sys => Invisible on the disk
ADDRESS : 0x063BF000
SIZE    : 128.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\btfilter.sys => Invisible on the disk
ADDRESS : 0x05E00000
SIZE    : 644.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\BTHUSB.sys => Invisible on the disk
ADDRESS : 0x05EA1000
SIZE    : 92.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\bthport.sys => Invisible on the disk
ADDRESS : 0x03CAD000
SIZE    : 1.14 Mo
 
DRIVER  : C:\windows\System32\drivers\usbccgp.sys => Invisible on the disk
ADDRESS : 0x048B0000
SIZE    : 140.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x051A0000
SIZE    : 208.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk
ADDRESS : 0x05EB8000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\dump_iaStorA.sys => Invisible on the disk
ADDRESS : 0x068BB000
SIZE    : 2.79 Mo
 
DRIVER  : C:\windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x06B85000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\BthLEEnum.sys => Invisible on the disk
ADDRESS : 0x06B99000
SIZE    : 220.0 Ko
 
DRIVER  : C:\windows\System32\drivers\rfcomm.sys => Invisible on the disk
ADDRESS : 0x06BD0000
SIZE    : 172.0 Ko
 
DRIVER  : C:\windows\System32\drivers\BthEnum.sys => Invisible on the disk
ADDRESS : 0x06800000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\bthpan.sys => Invisible on the disk
ADDRESS : 0x06812000
SIZE    : 136.0 Ko
 
DRIVER  : C:\windows\System32\drivers\btath_rcp.sys => Invisible on the disk
ADDRESS : 0x06834000
SIZE    : 304.0 Ko
 
DRIVER  : C:\windows\system32\drivers\btath_avdt.sys => Invisible on the disk
ADDRESS : 0x06880000
SIZE    : 172.0 Ko
 
DRIVER  : C:\windows\system32\drivers\btath_a2dp.sys => Invisible on the disk
ADDRESS : 0x04366000
SIZE    : 420.0 Ko
 
DRIVER  : C:\windows\System32\drivers\btath_hcrp.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE    : 304.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\btath_flt.sys => Invisible on the disk
ADDRESS : 0x063DF000
SIZE    : 112.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\btath_lwflt.sys => Invisible on the disk
ADDRESS : 0x051D4000
SIZE    : 96.0 Ko
 
DRIVER  : C:\windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00170000
SIZE    : 3.94 Mo
 
DRIVER  : C:\windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00727000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00882000
SIZE    : 216.0 Ko
 
DRIVER  : C:\windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x0424C000
SIZE    : 160.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\avgntflt.sys => Invisible on the disk
ADDRESS : 0x043CF000
SIZE    : 128.0 Ko
 
DRIVER  : C:\windows\system32\drivers\mbam.sys => Invisible on the disk
ADDRESS : 0x05EC5000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x051EC000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x03DD2000
SIZE    : 440.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x04274000
SIZE    : 80.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x03E40000
SIZE    : 96.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x048D3000
SIZE    : 40.0 Ko
 
DRIVER  : C:\windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03E58000
SIZE    : 892.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03F37000
SIZE    : 128.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03F57000
SIZE    : 92.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x17AC6000
SIZE    : 396.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x17B29000
SIZE    : 300.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x17B74000
SIZE    : 236.0 Ko
 
DRIVER  : C:\windows\system32\drivers\Ndu.sys => Invisible on the disk
ADDRESS : 0x17BAF000
SIZE    : 112.0 Ko
 
DRIVER  : C:\windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x17EFD000
SIZE    : 816.0 Ko
 
DRIVER  : C:\windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x17FC9000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x17E00000
SIZE    : 272.0 Ko
 
DRIVER  : C:\windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x17E44000
SIZE    : 72.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x17E56000
SIZE    : 644.0 Ko
 
DRIVER  : C:\windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x17A00000
SIZE    : 564.0 Ko
 
DRIVER  : C:\windows\System32\drivers\condrv.sys => Invisible on the disk
ADDRESS : 0x17FD4000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\System32\drivers\rdpvideominiport.sys => Invisible on the disk
ADDRESS : 0x1A70B000
SIZE    : 44.0 Ko
 
DRIVER  : C:\windows\System32\WORKERDD.dll => Invisible on the disk
ADDRESS : 0x00A43000
SIZE    : 36.0 Ko
 
DRIVER  : C:\windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x1A74C000
SIZE    : 100.0 Ko
 
DRIVER  : C:\windows\system32\DRIVERS\udfs.sys => Invisible on the disk
ADDRESS : 0x1A46B000
SIZE    : 336.0 Ko
 
DRIVER  : C:\windows\System32\drivers\monitor.sys => Invisible on the disk
ADDRESS : 0x1CD2E000
SIZE    : 56.0 Ko
 
DRIVER  : C:\windows\System32\drivers\hidusb.sys => Invisible on the disk
ADDRESS : 0x1CD55000
SIZE    : 52.0 Ko
 
DRIVER  : C:\windows\System32\drivers\mouhid.sys => Invisible on the disk
ADDRESS : 0x1CD62000
SIZE    : 48.0 Ko
 
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
 
SystemStartOptions :  NOEXECUTE=OPTIN  NOVGA
 
________________________________________________________________________________
 
_______MBR   \Device\Harddisk0\DR0  
 
0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 44 4D 49 4F 00 00 00 00   ........DMIO....
0x000001C0   02 00 EE FF FF FF 01 00 00 00 FF FF FF FF 00 00   ..î.............
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

 

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.463 posts

V.Schmusz,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Execute os procedimentos abaixo:

 

1)

  • Configure seu windows para mostrar todos os Arquivos Ocultos <-link
  • Por favor, clique neste link -> Virustotal
  • Quando a página VirusTotal terminar de carregar, clique no botão 2e19e8h.png
    Na janela para escolher o arquivo, vá ate a sua Area de Trabalho/Desktop e procure pelo arquivo abaixo:
    Dump_Hdd0_DR0.mbr
    Atente para o nome correto do arquivo
  • Após ter carregado o arquivo na caixa de dialogo, clique em 25a43h1.png
  • Note, se o VirusTotal informar que esses arquivos já foram analisados, certifique-se de clicar em z4xn4.png
  • Após o término da análise, copie o link/URL e/ou o Endereço da barra de endereços do Navegador, e cole no Próximo Post.

2)
 

Baixe o RogueKiller e salve no desktop. e salve no desktop.
http://www.sur-la-to...RogueKiller.exe

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique no botão Verificar e aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os ítens antes de fazer isso.


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#3
V.Schmusz

V.Schmusz

    Novato

  • Novato
  • Pip
  • 6 posts

Boa noite, segue o solicitado:

 

Scan do VirusTotal:

https://www.virustot...sis/1372899375/

 

Log do RogueKiller:

RogueKiller V8.6.2 [Jul  3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Site : hxxp://www.adlice.com/softwares/roguekiller/
 
Sistema Operacional : Windows 8 (6.2.9200 ) 64 bits version
Iniciado em : Modo Normal
Usuario : rudimar [Privilegios de Admnistrador]
Modo : Verificar -- Data : 07/03/2013 22:01:40
| ARK || FAK || MBR |
 
¤¤¤ Entradas ruins : 0 ¤¤¤
 
¤¤¤ Entradas do Registro : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
 
¤¤¤ As tarefas agendadas : 3 ¤¤¤
[V1][ROGUE ST] Plus-HD-2.3-chromeinstaller.job : C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-2.3' /extensionfilepath='C:\Program Files (x86)\Plus-HD-2.3\33426.crx' /appid=33426 /srcid='000047' /subid='0' /zdata='0' /bic=7E9B8612ECE24711BB857ED75110BA00IE /verifier=e162ede0c4d493b721af67794ebe5a19 /installerversion=1_27_153 /installerfullversion=1.27.153.5 /installationtime=1372116893 /statsdomain=hxxp://stats.myserverstat.com /errorsdomain=hxxp://errors.myserverstat.com /waitforbrowser=300 /extensionid=omfoidjpeklpjhlhabhcomekbkclkbec /extensionversion=1.23.9 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ISbqxJwyMhm5pgIoRpzBVwFnAOSc+HsTEOpRNjd/dCJp6UThqmkObQsHv9aN+pXeCaY3ZoaV1vOR7Rh7KnyOi8zUEq5n4am+x7gqd+ZvEaaKNhL6CuNPkZJGwZcRdcpH+EcjaPkcDv4q3l3IBf8Fg8U0oDZAZCG0Arbc84SukQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x] -> ENCONTRADO
[V2][SUSP PATH] DealPly : C:\Users\rudimar\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe - /Check [x] -> ENCONTRADO
[V2][ROGUE ST] Plus-HD-2.3-chromeinstaller : C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-2.3' /extensionfilepath='C:\Program Files (x86)\Plus-HD-2.3\33426.crx' /appid=33426 /srcid='000047' /subid='0' /zdata='0' /bic=7E9B8612ECE24711BB857ED75110BA00IE /verifier=e162ede0c4d493b721af67794ebe5a19 /installerversion=1_27_153 /installerfullversion=1.27.153.5 /installationtime=1372116893 /statsdomain=hxxp://stats.myserverstat.com /errorsdomain=hxxp://errors.myserverstat.com /waitforbrowser=300 /extensionid=omfoidjpeklpjhlhabhcomekbkclkbec /extensionversion=1.23.9 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ISbqxJwyMhm5pgIoRpzBVwFnAOSc+HsTEOpRNjd/dCJp6UThqmkObQsHv9aN+pXeCaY3ZoaV1vOR7Rh7KnyOi8zUEq5n4am+x7gqd+ZvEaaKNhL6CuNPkZJGwZcRdcpH+EcjaPkcDv4q3l3IBf8Fg8U0oDZAZCG0Arbc84SukQIDAQAB /allusers /allprofiles /externallog='' [x][x][x][x][x][x][x] -> ENCONTRADO
 
¤¤¤ entradas de inicialização : 0 ¤¤¤
 
¤¤¤ Os navegadores da Web : 0 ¤¤¤
 
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
 
¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤
 
¤¤¤ Hives externas: ¤¤¤
 
¤¤¤ Infecção :  ¤¤¤
 
¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ Verificaçao do MBR: ¤¤¤
 
+++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++
--- User ---
[MBR] 0011fce8913b2a47d0be9abe0922779c
[BSP] 9a384efd8597366a6ffccff359c25ad4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Concluido : << RKreport[0]_S_07032013_220140.txt >>


#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.463 posts

Ok,

 

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#5
V.Schmusz

V.Schmusz

    Novato

  • Novato
  • Pip
  • 6 posts
# AdwCleaner v2.304 - Relatório criado em 04/07/2013 às 19:05:44
# Atualizado em 03/07/2013 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : rudimar - VANESSA
# Modo de Boot : Normal
# Executado de : C:\Users\rudimar\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Arquivo Removido : C:\Users\Public\Desktop\Babylon.lnk
Pasta Removido : C:\Program Files (x86)\Babylon
Pasta Removido : C:\Program Files\Babylon
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\ProgramData\boost_interprocess
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Pasta Removido : C:\Users\rudimar\AppData\Local\Babylon
Pasta Removido : C:\Users\rudimar\AppData\LocalLow\Delta
Pasta Removido : C:\Users\rudimar\AppData\Roaming\Babylon
Pasta Removido : C:\Users\rudimar\AppData\Roaming\DealPly
Pasta Removido : C:\Users\rudimar\AppData\Roaming\DSite
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\AppDataLow\Software\Crossrider
Chave Removida : HKCU\Software\AppDataLow\Software\findlyrics
Chave Removida : HKCU\Software\BabSolution
Chave Removida : HKCU\Software\Babylon
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\InstalledBrowserExtensions
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Chave Removida : HKLM\SOFTWARE\Classes\BabyDict
Chave Removida : HKLM\SOFTWARE\Classes\BabyGloss
Chave Removida : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Chave Removida : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Chave Removida : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Chave Removida : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Chave Removida : HKLM\SOFTWARE\Classes\BabyOptFile
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Chave Removida : HKLM\Software\PIP
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
 
***** [Navegadores] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss_gin2g&mntrId=003D52B7C3C01031&affID=119352&tsp=4923 --> hxxp://www.google.com
 
-\\ Google Chrome v27.0.1453.116
 
Arquivo : C:\Users\rudimar\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Removida [l.2752] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/home?affID=10588&tl=gkn15825&tt=gc_[...]
 
*************************
 
AdwCleaner[S1].txt - [11707 octets] - [04/07/2013 19:05:44]
 
########## EOF - C:\AdwCleaner[S1].txt - [11768 octets] ##########
 
 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Single Language x64
Ran by rudimar on 04/07/2013 at 19:16:07,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\word\addins\babylonofficeaddin.officeaddin
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\rudimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\Users\rudimar\AppData\Roaming\baidu"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/07/2013 at 19:18:01,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.07.04.09
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
rudimar :: VANESSA [limitado]
 
04/07/2013 19:20:51
mbam-log-2013-07-04 (19-20-51).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  235703
Tempo decorrido: 2 minuto(s), 48 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)


#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.463 posts

Bom dia.

 

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#7
V.Schmusz

V.Schmusz

    Novato

  • Novato
  • Pip
  • 6 posts

Olá, os outros programas e logs devem ser desinstalados? Segue o log do ESET:

 

C:\Users\rudimar\Downloads\aTube_Catcher_Setup.exe multiple threats cleaned by deleting - quarantined
C:\Users\rudimar\Downloads\avira_free_antivirus_ptbr.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\rudimar\Downloads\Babylon10_setup.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\rudimar\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\rudimar\Downloads\FoxitReader545.01242_enu_Setup.exe a variant of Win32/ELEX.B application cleaned by deleting - quarantined
 
 
****Pergunta: Os vírus foram deletados ou copiados para a quarenta e depois deletados? Se eu desinstalar o programa, os vírus da quarentena serão deletados?
 
Log do HijackThis:
 
Logfile of HijackThis v1.99.1
Scan saved at 13:03:35, on 05/07/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\rudimar\Desktop\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 


#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.463 posts

 

 
****Pergunta: Os vírus foram deletados ou copiados para a quarenta e depois deletados? Se eu desinstalar o programa, os vírus da quarentena serão deletados?

 

Foram deletados.

 

O problema inicial continua?


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#9
V.Schmusz

V.Schmusz

    Novato

  • Novato
  • Pip
  • 6 posts
Não, ja foi solucionado. Mais algum procedimento a ser feito?

#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.463 posts

Ok,

 

Os logs estão limpos. :)
 
Para finalizar:

 

  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u25.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.25 MB jre-7u25-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u25-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#11
V.Schmusz

V.Schmusz

    Novato

  • Novato
  • Pip
  • 6 posts

Tudo certo agora em meu computador, muito obrigada mesmo a ajuda. 



#12
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.