Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
lucaslopan

Computador muito lento

Mensagem Recomendada

Prezados,

Meu notebook está muito lento, principalmente quando estou navegando pelo Mozilla firefox. Muitas vezes o PC trava e só volta a funcionar legal depois que eu desligo e ligo novamente. Já rodei antivírus mas não encontra nada. O Malware byte achou alguns arquivos, mas nao sei se devo deletá-los.

Estou suspeitando de virus... alguém pode me ajudar?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para podermos ajudá-lo, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, clicando no "BOTÃO RESPONDER", logo abaixo, e aguarde novas instruções.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado,

Segue abaixo o log para exame:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:28:53, on 22/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16438)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lucas\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119556&tt=3512_3&babsrc=HP_ss&mntrId=14fb538c0000000000000015afe9f720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lucas\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6976 bytes
 

 

Fico grato pela atenção

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download HostsXpert
Descompacte, abra o Programa, execute o arquivo HostsXpert.exe, clique em "Restore Microsoft's Hosts File" e em OK.
Finalize o Programa.

Clique em "MakeReadOnly" e repita o Procedimento com o HostsXpert.
Refaça o Procedimento com o HostsXpert desta maneira:
Descompacte, abra o Programa, execute o arquivo HostsXpert.exe, clique em "MAKE WRITEABLE" clique em "Restore Microsoft's Hosts File" e aperte em OK.
Finalize o Programa.

Coloque um Antivírus neste PC, atualize e faça um Scan completo.

Após feito, poste um novo log do HijackThis.

Veja neste meu Tópico Pinado as indicações: Kits de Segurança Free para sua maior proteção (Y)


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado:

Segue  um novo log para verificação:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:59, on 23/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16438)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Users\Lucas\Desktop\antivius malware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119556&tt=3512_3&babsrc=HP_ss&mntrId=14fb538c0000000000000015afe9f720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lucas\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7041 bytes
 

Obrigado pela atenção

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, continuando...

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado:

Fiz tudo o que voce orientou e a velocidade melhorou, mas por vezes o computador desliga só e reinicia automaticamente.

 

Segue log do malwarebytes

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados:  v2013.03.23.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16438
Lucas :: LUCAS-PC [administrador]

Proteção: Permitir

23/03/2013 18:06:23
mbam-log-2013-03-23 (18-06-23).txt

Tipo de Verificação:  Verificação Completa  (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  284890
Tempo decorrido: 44 minuto(s), 26 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

 

Log do HijackThis
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:32, on 23/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16438)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Lucas\Desktop\antivius malware\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119556&tt=3512_3&babsrc=HP_ss&mntrId=14fb538c0000000000000015afe9f720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lucas\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7164 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esse problema de Reiniciar ou Desligar provavelmente é de Hardware, mas vamos fazer uma última verificação..

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do combofix:

omboFix 13-03-23.01 - Lucas 23/03/2013  19:56:55.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1982.494 [GMT -3:00]
Executando de: c:\users\Lucas\Desktop\antivius malware\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files\Complitly\FireFoxUninstaller.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\System.Data.SQLite.dll
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\sXe Injected
c:\program files\sXe Injected\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files\sXe Injected\Chrome\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files\sXe Injected\chromechange.exe
c:\program files\sXe Injected\ddsxei.sys
c:\program files\sXe Injected\default.reg
c:\program files\sXe Injected\firechange.exe
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.js
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\example.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon128.png
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon19.png
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon200.png
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\manifest.json
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.css
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.js
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\README.md
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.js
c:\program files\sXe Injected\localstrike-search.xml
c:\program files\sXe Injected\newtaburl_local.xpi
c:\program files\sXe Injected\Preferences
c:\program files\sXe Injected\search.ini
c:\program files\sXe Injected\speeddial.ini
c:\program files\sXe Injected\sXe-I EULA.txt
c:\program files\sXe Injected\sXe Injected.exe
c:\program files\sXe Injected\sXe Injected.txt
c:\program files\sXe Injected\sXe.dll
c:\program files\sXe Injected\TopSites.plist
c:\program files\sXe Injected\uninstall.exe
c:\program files\sXe Injected\uninstall.ini
c:\program files\sXe Injected\Web Data
c:\program files\Vid-Saver
c:\program files\Vid-Saver\ButtonUtil.dll
c:\program files\Vid-Saver\Uninstall.exe
c:\program files\Vid-Saver\Vid-Saver-bg.exe
c:\program files\Vid-Saver\Vid-Saver.dll
c:\program files\Vid-Saver\Vid-Saver.exe
c:\program files\Vid-Saver\Vid-Saver.ico
c:\program files\Vid-Saver\Vid-Saver.ini
c:\windows\system\BisonCam.dll
c:\windows\system32\NTVBSvcW.tlb
c:\windows\system32\WinIo.sys
.
A cópia de c:\windows\system32\userinit.exe foi encontrada e desinfectada
Cópia restaurada de - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ddsxeiservice
-------\Legacy_WINIO
-------\Legacy_ddsxeiservice
-------\Service_ddsxeiservice
-------\Service_WINIO
-------\Service_ddsxeiservice
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-02-23 to 2013-03-23  ))))))))))))))))))))))))))))
.
.
2013-03-23 23:04 . 2013-03-23 23:07    --------    d-----w-    c:\users\Lucas\AppData\Local\temp
2013-03-22 22:07 . 2012-10-30 23:51    21256    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-03-22 22:07 . 2012-10-30 23:51    361032    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-03-22 22:07 . 2012-10-15 15:59    44784    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-03-22 22:07 . 2012-10-30 23:51    54232    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-03-22 22:07 . 2012-10-30 23:51    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-03-22 22:07 . 2012-10-30 23:51    58680    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-03-22 22:06 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-03-22 22:06 . 2013-03-22 22:06    --------    d-----w-    c:\program files\AVAST Software
2013-03-22 20:24 . 2013-03-22 20:24    --------    d-----w-    c:\program files\CCleaner
2013-03-20 22:00 . 2013-03-20 22:00    --------    d-----w-    c:\users\Lucas\AppData\Roaming\HD Tune Pro
2013-03-20 22:00 . 2013-03-20 22:00    --------    d-----w-    c:\program files\HD Tune Pro
2013-03-18 23:29 . 2013-03-18 23:29    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-14 09:52 . 2013-03-14 20:33    --------    d-----w-    c:\program files\RegistryNuke 2012
2013-03-14 00:58 . 2013-03-19 21:42    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-03-14 00:04 . 2013-03-14 00:04    --------    d-----w-    c:\users\Lucas\AppData\Roaming\Malwarebytes
2013-03-14 00:04 . 2013-03-14 00:04    --------    d-----w-    c:\programdata\Malwarebytes
2013-03-14 00:04 . 2013-03-14 00:04    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-14 00:04 . 2012-12-14 19:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-10 17:49 . 2013-03-10 17:49    --------    d-----w-    c:\program files\Apoint2K
2013-03-10 17:48 . 2007-04-18 15:09    100410    ----a-w-    c:\windows\system32\Vxdif.dll
2013-03-10 17:48 . 2006-04-20 04:18    1418720    ----a-w-    c:\windows\system32\WdfCoInstaller01001.dll
2013-03-10 17:48 . 2007-05-13 17:30    158720    ----a-w-    c:\windows\system32\drivers\Apfiltr.sys
2013-03-07 23:31 . 2013-03-07 23:33    --------    d-----w-    c:\program files\Angel Writer
2013-03-03 22:16 . 2013-03-03 22:16    --------    d-----w-    c:\program files\DsNET Corp
2013-03-03 21:22 . 2013-03-03 21:22    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 23:29 . 2012-08-16 01:59    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-18 23:29 . 2012-08-16 01:59    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-14 00:26 . 2012-08-16 02:10    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-14 00:26 . 2012-08-16 02:10    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 20:49 . 2013-03-09 20:49    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2008-05-06 1679360]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-19 295072]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WINIO
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-22 22:08    1629648    ----a-w-    c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 00:32]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-22 22:07]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-22 22:07]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119556&tt=3512_3&babsrc=HP_ss&mntrId=14fb538c0000000000000015afe9f720
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.25.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://br.yahoo.com/
FF - ExtSQL: 2013-03-22 19:15; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyMy5tlqR&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 14fb538c00000000000000140b4aef9c
FF - user.js: extensions.incredibar_i.instlDay - 15582
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:21
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyMy5tlqR
FF - user.js: extensions.incredibar_i.upn2n - 92262017094137085
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10671
FF - user.js: extensions.incredibar_i.ppd - 7777732
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtCyD0A0F0Ezy0FyBtBtDyDtAzz0CtN0D0Tzu0CyEtCyEtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1E1Rzu1H1P1Nzu1TtC&cr=1769628247&ir=
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtCyD0A0F0Ezy0FyBtBtDyDtAzz0CtN0D0Tzu0CyEtCyEtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1E1Rzu1H1P1Nzu1TtC&cr=1769628247&ir=
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtCyD0A0F0Ezy0FyBtBtDyDtAzz0CtN0D0Tzu0CyEtCyEtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1E1Rzu1H1P1Nzu1TtC&cr=1769628247&ir=&q=
FF - user.js: extensions.funmoods.id - 0015AFE9F720538C
FF - user.js: extensions.funmoods.instlDay - 15753
FF - user.js: extensions.funmoods.vrsn - 1.8.11.0
FF - user.js: extensions.funmoods.vrsni - 1.8.11.0
FF - user.js: extensions.funmoods_i.vrsnTs - 1.8.11.020:13
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - pcmega1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=14fb538c00000000000000140b4aef9c&q=
FF - user.js: extensions.BabylonToolbar.id - 14fb538c00000000000000140b4aef9c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15585
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1215:58
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=44444&tt=3512_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.funmoods.appId - {EA28B360-05E0-4F93-8150-02891F1D8D3C}
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - pcmega1
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 1769628247
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0A0F0Ezy0FyBtBtDyDtAzz0CtN0D0Tzu0CyEtCyEtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1E1Rzu1H1P1Nzu1TtC
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 14fb538c0000000000000015afe9f720
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15767
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.019:15
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-sXe Injected - c:\program files\sXe Injected\uninstall.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-427248711-1806572418-1701156557-1000\Software\SecuROM\License information*]
"datasecu"=hex:f8,36,6d,cb,c2,38,35,75,7d,12,02,2a,ec,10,8b,f6,8c,4c,54,76,df,
   b7,e2,98,50,f4,1f,06,1e,da,6e,f2,98,ba,e2,07,12,46,b7,3e,d3,7d,28,9f,86,b5,\
"rkeysecu"=hex:46,ff,bb,81,33,3d,2c,e7,0f,bd,b1,88,db,8a,f9,e5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(3012)
c:\program files\7-Zip\7-zip.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-03-23  20:12:09 - Máquina reiniciou
ComboFix-quarantined-files.txt  2013-03-23 23:12
.
Pré-execução: 57.847.373.824 bytes disponíveis
Pós execução: 57.428.062.208 bytes disponíveis
.
- - End Of File - - CA8A3F15D066E9625CB15E3D06B93B73

 

 

Segue log do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:18, on 23/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16438)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\taskeng.exe
C:\Users\Lucas\Desktop\antivius malware\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119556&tt=3512_3&babsrc=HP_ss&mntrId=14fb538c0000000000000015afe9f720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lucas\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6587 bytes
 

obrigado pela atenção

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Ultimate x86
Ran by Lucas on 24/03/2013 at  0:17:00,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\Internet Explorer\internetregistry\registry\user\S-1-5-21-427248711-1806572418-1701156557-1000\software\web assistant"
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\hse2ncce.default\invalidprefs.js
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\staged"
Successfully deleted the following from C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\hse2ncce.default\prefs.js

user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012101820");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm022YYbr");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "C7817D19-FBBA-4983-B7C2-E3032673FDCA");
user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1351170419264");
user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Emptied folder: C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\hse2ncce.default\minidumps [162 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/03/2013 at  0:23:48,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Segue o log do Adware:

 

# AdwCleaner v2.115 - Relatório criado em 24/03/2013 às 00:11:24
# Atualizado em 17/03/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Lucas - LUCAS-PC
# Modo de Boot : Normal
# Executado de : C:\Users\Lucas\Desktop\adwcleaner.exe
# Opção [Remover]


***** [serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\END
Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\user.js
Arquivo Removido : C:\Users\Lucas\AppData\Local\funmoods-speeddial.crx
Arquivo Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Arquivo Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\searchplugins\delta.xml
Arquivo Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\searchplugins\funmoods.xml
Arquivo Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\searchplugins\MyStart Search.xml
Arquivo Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\searchplugins\search.xml
Arquivo Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\searchplugins\SweetIm.xml
Pasta Removido : C:\Program Files\Red Sky
Pasta Removido : C:\ProgramData\Babylon
Pasta Removido : C:\Users\Lucas\AppData\Local\DownTango
Pasta Removido : C:\Users\Lucas\AppData\LocalLow\Delta
Pasta Removido : C:\Users\Lucas\AppData\Roaming\Babylon
Pasta Removido : C:\Users\Lucas\AppData\Roaming\Complitly
Pasta Removido : C:\Users\Lucas\AppData\Roaming\Funmoods
Pasta Removido : C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Pasta Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Pasta Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\extensions\ffxtlbr@babylon.com
Pasta Removido : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\SweetPacksToolbarData
Pasta Removido : C:\Users\Lucas\AppData\Roaming\yourfiledownloader

***** [Registro] *****

Chave Removida : HKCU\Software\5a2888bb13fe412
Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\AppDataLow\Software\Crossrider
Chave Removida : HKCU\Software\AppDataLow\Software\Vid-Saver
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\Complitly
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\delta LTD
Chave Removida : HKCU\Software\IM
Chave Removida : HKCU\Software\ImInstaller
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver-InternalInstaller_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Removida : HKLM\Software\PIP
Chave Removida : HKLM\Software\SimplyGen
Chave Removida : HKLM\SOFTWARE\Software
Chave Removida : HKLM\Software\Web Assistant
Chave Removida : HKLM\Software\YourFileDownloader
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16438

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119556&tt=3512_3&babsrc=HP_ss&mntrId=14fb538c0000000000000015afe9f720 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (pt-BR)

Arquivo : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\prefs.js

C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\hse2ncce.default\user.js ... Removido !

Removida : user_pref("browser.search.selectedEngine", "Delta Search");
Removida : user_pref("extensions.BabylonToolbar.admin", false);
Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Removida : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Removida : user_pref("extensions.BabylonToolbar.babExt", "");
Removida : user_pref("extensions.BabylonToolbar.babTrack", "affID=44444&tt=3512_3");
Removida : user_pref("extensions.BabylonToolbar.babext", "babExt");
Removida : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Removida : user_pref("extensions.BabylonToolbar.bbDpng", "6");
Removida : user_pref("extensions.BabylonToolbar.bbdpng", 6);
Removida : user_pref("extensions.BabylonToolbar.cntry", "BR");
Removida : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Removida : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Removida : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Removida : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Removida : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar.firstrun", false);
Removida : user_pref("extensions.BabylonToolbar.hdrMd5", "12A282DD357AB6CBD0A383B0499FFD95");
Removida : user_pref("extensions.BabylonToolbar.hmpg", false);
Removida : user_pref("extensions.BabylonToolbar.hrdid", "14fb538c00000000000000140b4aef9c");
Removida : user_pref("extensions.BabylonToolbar.id", "14fb538c00000000000000140b4aef9c");
Removida : user_pref("extensions.BabylonToolbar.instlDay", "15585");
Removida : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Removida : user_pref("extensions.BabylonToolbar.instlday", "15585");
Removida : user_pref("extensions.BabylonToolbar.instlref", "sst");
Removida : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Removida : user_pref("extensions.BabylonToolbar.keywordurl", "");
Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1215:58:48");
Removida : user_pref("extensions.BabylonToolbar.lastdp", 6);
Removida : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Removida : user_pref("extensions.BabylonToolbar.newTab", false);
Removida : user_pref("extensions.BabylonToolbar.newtab", "false");
Removida : user_pref("extensions.BabylonToolbar.newtaburl", "");
Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Removida : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Removida : user_pref("extensions.BabylonToolbar.sg", "none");
Removida : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Removida : user_pref("extensions.BabylonToolbar.smplgrp", "none");
Removida : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Removida : user_pref("extensions.BabylonToolbar.srcext", "ss");
Removida : user_pref("extensions.BabylonToolbar.srch", "");
Removida : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Removida : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Removida : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
Removida : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Removida : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1215:58:48");
Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Removida : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1215:58:48");
Removida : user_pref("extensions.BabylonToolbar_i.babExt", "");
Removida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=44444&tt=3512_3");
Removida : user_pref("extensions.BabylonToolbar_i.newTab", false);
Removida : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119556&tt=351[...]
Removida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Removida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Removida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1215:58:48");
Removida : user_pref("extensions.delta.admin", false);
Removida : user_pref("extensions.delta.aflt", "babsst");
Removida : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Removida : user_pref("extensions.delta.autoRvrt", "false");
Removida : user_pref("extensions.delta.bbDpng", "3");
Removida : user_pref("extensions.delta.cntry", "BR");
Removida : user_pref("extensions.delta.dfltLng", "en");
Removida : user_pref("extensions.delta.excTlbr", false);
Removida : user_pref("extensions.delta.hdrMd5", "25B4420C345890C51C3DDB2B14465D21");
Removida : user_pref("extensions.delta.id", "14fb538c0000000000000015afe9f720");
Removida : user_pref("extensions.delta.instlDay", "15767");
Removida : user_pref("extensions.delta.instlRef", "sst");
Removida : user_pref("extensions.delta.lastVrsnTs", "1.8.10.019:15:23");
Removida : user_pref("extensions.delta.newTab", false);
Removida : user_pref("extensions.delta.prdct", "delta");
Removida : user_pref("extensions.delta.prtnrId", "delta");
Removida : user_pref("extensions.delta.rvrt", "false");
Removida : user_pref("extensions.delta.sg", "azb");
Removida : user_pref("extensions.delta.smplGrp", "none");
Removida : user_pref("extensions.delta.tlbrId", "base");
Removida : user_pref("extensions.delta.tlbrSrchUrl", "");
Removida : user_pref("extensions.delta.vrsn", "1.8.10.0");
Removida : user_pref("extensions.delta.vrsnTs", "1.8.10.019:15:23");
Removida : user_pref("extensions.delta.vrsni", "1.8.10.0");
Removida : user_pref("extensions.funmoods.aflt", "pcmega1");
Removida : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
Removida : user_pref("extensions.funmoods.autoRvrt", false);
Removida : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Removida : user_pref("extensions.funmoods.cntry", "BR");
Removida : user_pref("extensions.funmoods.cv", "cv5");
Removida : user_pref("extensions.funmoods.dfltLng", "");
Removida : user_pref("extensions.funmoods.dfltSrch", true);
Removida : user_pref("extensions.funmoods.dfltlng", "en");
Removida : user_pref("extensions.funmoods.dfltsrch", true);
Removida : user_pref("extensions.funmoods.dnsErr", true);
Removida : user_pref("extensions.funmoods.envrmnt", "production");
Removida : user_pref("extensions.funmoods.excTlbr", false);
Removida : user_pref("extensions.funmoods.hdrMd5", "910A838F9CCC1BFE16CE65F84C9554AD");
Removida : user_pref("extensions.funmoods.hmpg", true);
Removida : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=pcmega1&cd=2XzuyEtN2Y1L1Q[...]
Removida : user_pref("extensions.funmoods.hrdid", "0015AFE9F720538C");
Removida : user_pref("extensions.funmoods.id", "0015AFE9F720538C");
Removida : user_pref("extensions.funmoods.instlDay", "15753");
Removida : user_pref("extensions.funmoods.instlRef", "");
Removida : user_pref("extensions.funmoods.instlday", "15753");
Removida : user_pref("extensions.funmoods.instlref", "");
Removida : user_pref("extensions.funmoods.isDcmntCmplt", true);
Removida : user_pref("extensions.funmoods.isdcmntcmplt", true);
Removida : user_pref("extensions.funmoods.keywordurl", "");
Removida : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2218:41:42");
Removida : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Removida : user_pref("extensions.funmoods.newTab", true);
Removida : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=pcmega1&cd=2XzuyEtN2Y1L[...]
Removida : user_pref("extensions.funmoods.newtab", true);
Removida : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=pcmega1&cd=2XzuyEtN2Y1L[...]
Removida : user_pref("extensions.funmoods.prdct", "funmoods");
Removida : user_pref("extensions.funmoods.prtnrId", "funmoods");
Removida : user_pref("extensions.funmoods.prtnrid", "funmoods");
Removida : user_pref("extensions.funmoods.savedVrsnTs", "1");
Removida : user_pref("extensions.funmoods.sg", "none");
Removida : user_pref("extensions.funmoods.similarsitesstorage-pid2", "e6667819872be024");
Removida : user_pref("extensions.funmoods.smplGrp", "none");
Removida : user_pref("extensions.funmoods.smplgrp", "none");
Removida : user_pref("extensions.funmoods.srch", "");
Removida : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Removida : user_pref("extensions.funmoods.srchprvdr", "Funmoods");
Removida : user_pref("extensions.funmoods.tlbrId", "base");
Removida : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=pcmega1&cd=2XzuyEtN2Y[...]
Removida : user_pref("extensions.funmoods.tlbrid", "base");
Removida : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=pcmega1&cd=2XzuyEtN2Y[...]
Removida : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
Removida : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2218:41:42");
Removida : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
Removida : user_pref("extensions.funmoods.vrsnts", "1.5.23.2218:41:42");
Removida : user_pref("extensions.funmoods_i.hmpg", true);
Removida : user_pref("extensions.funmoods_i.newTab", false);
Removida : user_pref("extensions.funmoods_i.smplGrp", "none");
Removida : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.020:13:46");
Removida : user_pref("extensions.incredibar.admin", false);
Removida : user_pref("extensions.incredibar.aflt", "orgnl");
Removida : user_pref("extensions.incredibar.cntry", "BR");
Removida : user_pref("extensions.incredibar.dfltLng", "");
Removida : user_pref("extensions.incredibar.dfltSrch", false);
Removida : user_pref("extensions.incredibar.did", "10671");
Removida : user_pref("extensions.incredibar.envrmnt", "production");
Removida : user_pref("extensions.incredibar.excTlbr", false);
Removida : user_pref("extensions.incredibar.hdrMd5", "E62901BBEDEF6D642D53C9E030C711A5");
Removida : user_pref("extensions.incredibar.hmpg", false);
Removida : user_pref("extensions.incredibar.id", "14fb538c00000000000000140b4aef9c");
Removida : user_pref("extensions.incredibar.installerproductid", "26");
Removida : user_pref("extensions.incredibar.instlDay", "15582");
Removida : user_pref("extensions.incredibar.instlRef", "");
Removida : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:21:47");
Removida : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Removida : user_pref("extensions.incredibar.newTab", false);
Removida : user_pref("extensions.incredibar.noFFXTlbr", false);
Removida : user_pref("extensions.incredibar.ppd", "7777732");
Removida : user_pref("extensions.incredibar.prdct", "incredibar");
Removida : user_pref("extensions.incredibar.productid", "26");
Removida : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Removida : user_pref("extensions.incredibar.sg", "none");
Removida : user_pref("extensions.incredibar.smplGrp", "none");
Removida : user_pref("extensions.incredibar.tlbrId", "base");
Removida : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyMy5tlqR&loc=IB_T[...]
Removida : user_pref("extensions.incredibar.upn2", "6OyMy5tlqR");
Removida : user_pref("extensions.incredibar.upn2n", "92262017094137085");
Removida : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Removida : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:21:47");
Removida : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Removida : user_pref("extensions.incredibar_i.aflt", "orgnl");
Removida : user_pref("extensions.incredibar_i.dfltLng", "");
Removida : user_pref("extensions.incredibar_i.did", "10671");
Removida : user_pref("extensions.incredibar_i.excTlbr", false);
Removida : user_pref("extensions.incredibar_i.id", "14fb538c00000000000000140b4aef9c");
Removida : user_pref("extensions.incredibar_i.installerproductid", "26");
Removida : user_pref("extensions.incredibar_i.instlDay", "15582");
Removida : user_pref("extensions.incredibar_i.instlRef", "");
Removida : user_pref("extensions.incredibar_i.ms_url_id", "");
Removida : user_pref("extensions.incredibar_i.newTab", false);
Removida : user_pref("extensions.incredibar_i.ppd", "7777732");
Removida : user_pref("extensions.incredibar_i.prdct", "incredibar");
Removida : user_pref("extensions.incredibar_i.productid", "26");
Removida : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Removida : user_pref("extensions.incredibar_i.smplGrp", "none");
Removida : user_pref("extensions.incredibar_i.tlbrId", "base");
Removida : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyMy5tlqR&loc=IB[...]
Removida : user_pref("extensions.incredibar_i.upn2", "6OyMy5tlqR");
Removida : user_pref("extensions.incredibar_i.upn2n", "92262017094137085");
Removida : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Removida : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:21:47");
Removida : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Removida : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Hao123 toolbar\",\"description\":\[...]
Removida : user_pref("extensions.kango.storage.minibar.homepageSet", "\"1\"");
Removida : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANS[...]
Removida : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Removida : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Removida : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Removida : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Removida : user_pref("sweetim.toolbar.Visibility.enable", "true");
Removida : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Removida : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Removida : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Removida : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Removida : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Removida : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Removida : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Removida : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Removida : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Removida : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Removida : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Removida : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Removida : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Removida : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Removida : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Removida : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Removida : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Removida : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Removida : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Removida : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Removida : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Removida : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Removida : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Removida : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Removida : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Removida : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Removida : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Removida : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Removida : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Removida : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Removida : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Removida : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Removida : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Removida : user_pref("sweetim.toolbar.mode.debug", "false");
Removida : user_pref("sweetim.toolbar.newtab.created", "false");
Removida : user_pref("sweetim.toolbar.newtab.enable", "true");
Removida : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Removida : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Removida : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Removida : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Removida : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Removida : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Removida : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Removida : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Removida : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Removida : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Removida : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Removida : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Removida : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Removida : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Removida : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Removida : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Removida : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Removida : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Removida : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Removida : user_pref("sweetim.toolbar.scripts.2.callback", "");
Removida : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Removida : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Removida : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Removida : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Removida : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Removida : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Removida : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Removida : user_pref("sweetim.toolbar.search.history.capacity", "10");
Removida : user_pref("sweetim.toolbar.searchguard.enable", "false");
Removida : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Removida : user_pref("sweetim.toolbar.simapp_id", "{FB1B4603-C21A-4A15-AAE5-89A62A3904E5}");
Removida : user_pref("sweetim.toolbar.version", "1.9.0.0");
Removida : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.babylon.c[...]
Removida : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.babyl[...]
Removida : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v25.0.1364.172

Arquivo : C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

-\\ Opera v [impossível ler a versão]

Arquivo : C:\Users\Lucas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Arquivo está limpo.

*************************

AdwCleaner[R1].txt - [33456 octets] - [24/03/2013 00:10:58]
AdwCleaner[s1].txt - [32196 octets] - [24/03/2013 00:11:24]

########## EOF - C:\AdwCleaner[s1].txt - [32257 octets] ##########

 

Segue o log do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:39:08, on 24/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16438)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Users\Lucas\Desktop\antivius malware\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6174 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...