Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
gouki

navegador abrindo paginas sozinho

9 posts neste tópico

boa noite

 

por fvor ver meu log??

 

PC lento e toda pagina que abro, abre outra em seguida.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:35:35, on 09/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Users\Helio Jr\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "BR17FFR2K605HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: View Password (ViewPassword) - Unknown owner - C:\Program Files\View-Password\ViewPassword152.exe

--
End of file - 8636 bytes


ledsn

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes'Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe,escolha a linguagem.

 

Antes de concluir a instalação, desmarque a opção“Ativar trial gratuito do Malwarebytes Anti-Malware PRO”

 

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir. Se houver atualizações a serem feitas, serão baixadas e instaladas.

 

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

 

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o Relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar.

 

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pelo Malwarebytes Anti-Malware nao foi enconrado item.

mas as paginas ficam sempre carregando, abrem varias paginas quando uso o navegador, nao consigo acessar aguns sites; hotmail...

E ficam sempre uma exclamacao antes da http e nao consigo acessar.

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados:  v2014.02.09.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Helio Jr :: HELIOJR-PC [administrador]

09/02/2014 19:35:17
mbam-log-2014-02-09 (19-35-17).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  233195
Tempo decorrido: 14 minuto(s), 51 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)
 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:58:17, on 09/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "BR17FFR2K605HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8177 bytes
 


ledsn

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!!

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download AdwCleaner dlsymb.jpg

Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar: run_as_adm1.png

AdwCleanerMobile_zps74904f3e.jpg

Clique [scan e depois em Clean]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v3.018 - Relatório criado 10/02/2014 às 20:44:31
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Helio Jr - HELIOJR-PC
# Executando de : C:\Users\Helio Jr\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Deletada : C:\Users\Helio Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Arquivo Deletada : C:\Users\Helio Jr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\lollipop

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\prefs.js ]

Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora oficial d[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app38094%22%3A%22app38[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_css.expiration", "Tue Feb 11 2014 19:21:55 GMT-0300 (Hora oficial do Bra[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_displayed_messages.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_displayed_messages.value", "%7B%22594%22%3A594%7D");
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_geolocation.expiration", "Thu Feb 13 2014 12:05:00 GMT-0300 (Hora oficia[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_geolocation.value", "%22BR%22");
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_messages.expiration", "Fri Feb 01 2030 00:00:00 GMT-0300 (Hora oficial d[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_messages.value", "%7B%22data%22%3A%7B%22592%22%3A%7B%22id%22%3A592%2C%22[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_metadata.expiration", "Mon Feb 10 2014 21:28:45 GMT-0300 (Hora oficial d[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A38094%2C%22appName%22%3A%22Ultra%20Do[...]
Linha deletada : user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.internaldb.Resources_meta.value", "%7B%22style.css%22%3A%7B%22id%22%3A212397%2C%22ver%22%3A5%2C%22[...]
Linha deletada : user_pref("extensions.crossrider.bic", "14407bace0a62f7e9c9d3b05bca9df5b");

-\\ Google Chrome v32.0.1700.107

[ Arquivo : C:\Users\Helio Jr\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7066 octets] - [02/11/2013 16:31:37]
AdwCleaner[R1].txt - [4328 octets] - [10/02/2014 20:42:56]
AdwCleaner[s0].txt - [6998 octets] - [02/11/2013 16:33:19]
AdwCleaner[s1].txt - [4212 octets] - [10/02/2014 20:44:31]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4272 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x86
Ran by Helio Jr on 10/02/2014 at 20:51:24,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted the following from C:\Users\Helio Jr\AppData\Roaming\mozilla\firefox\profiles\3mbjsub6.default\prefs.js

user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_css.expiration", "Tue Feb 11 2014 20:50:06 GMT-
user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdi
user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_geolocation.expiration", "Mon Feb 17 2014 20:50
user_pref("extensions.a5e303593d0594ae3a11d8a91cdbdd8c99f8368f305e54dfe9f027bf4726fa8f8com38094.38094.cookie.CrossriderNotifier_geolocation.value", "%22BR%22");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"13916990928731814400\"},\"google\":{\"CountryCode\":\"BR\",\"
user_pref("iminent.enabledAds", "false");
user_pref("iminent.registerToolbarEvent102", "1391699098501");
user_pref("iminent.version", "8.4.3.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.41.2.1\",\"InstallEventCTime\":1382459086853,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1391699086785}");
Emptied folder: C:\Users\Helio Jr\AppData\Roaming\mozilla\firefox\profiles\3mbjsub6.default\minidumps [87 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Helio Jr\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/02/2014 at 20:54:50,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:04:08, on 10/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "BR17FFR2K605HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7695 bytes
 


ledsn

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 14-02-11.01 - Helio Jr 11/02/2014  10:53:08.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1789.1147 [GMT -3:00]
Executando de: c:\users\Helio Jr\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome.manifest
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\asyncDB.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\background.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\browserAction.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\contextMenu.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\dbManager.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\dom_bg.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\fileManager.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\firefox.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\firefoxNotifications.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\firefoxOmnibox.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\message.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\pageAction.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\request.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\tabs.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\webRequest.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\background.html
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\baseObject.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\browser.xul
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\console.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\consts.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\delegate.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\extensionDataStore.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\folderIOWrapper.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\httpObserver.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\IDBWrapper.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\installer.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\logFile.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\prefs.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\progressListenerObserver.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\registry.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\reloadObserver.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\reports.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\requestObject.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\searchSettings.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\uninstallObserver.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\updateManager.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\utils.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\core\xhr.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\dialog.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\main.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\options.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\options.xul
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\platformVersion.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\chrome\content\search_dialog.xul
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\defaults\preferences\prefs.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\manifest.xml
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins.json
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\1_base.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\102_dealply_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\103_intext_5_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\17_jQuery.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\182_openUrl.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\207_dbWrapper.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\21_debug.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\22_resources.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\28_initializer.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\47_resources_background.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\5_notifications.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\64_appApiMessage.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\7_hooks.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\72_appApiValidation.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\plugins\98_omniCommands.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\userCode\background.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\extensionData\userCode\extension.js
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\install.rdf
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\locale\en-US\translations.dtd
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\button1.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\button2.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\button3.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\button4.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\button5.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\crossrider_statusbar.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\icon128.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\icon16.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\icon24.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\icon48.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\panelarrow-up.png
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\popup.html
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\skin.css
c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\extensions\5e303593-d059-4ae3-a11d-8a91cdbdd8c9@9f8368f3-05e5-4dfe-9f02-7bf4726fa8f8.com\skin\update.css
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-11 to 2014-02-11  ))))))))))))))))))))))))))))
.
.
2014-02-10 16:19 . 2014-02-10 16:22    --------    d-----w-    c:\users\Helio Jr\AppData\Roaming\iFunBox.NXGen
2014-02-09 22:56 . 2014-02-09 03:32    388608    ----a-w-    C:\HijackThis.exe
2014-02-06 15:06 . 2014-02-07 12:27    --------    d-----w-    c:\users\Helio Jr\AppData\Local\genienext
2014-01-31 20:32 . 2014-01-31 20:32    --------    d-----w-    c:\program files\iPod
2014-01-31 20:32 . 2014-01-31 20:33    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-31 20:32 . 2014-01-31 20:33    --------    d-----w-    c:\program files\iTunes
2014-01-20 23:03 . 2014-01-20 23:34    --------    d-----w-    c:\program files\Appnimi
2014-01-20 22:55 . 2014-01-20 23:30    --------    d-----w-    c:\program files\RAR Password Unlocker
2014-01-17 14:12 . 2014-02-08 03:09    --------    d-----w-    C:\FILE
2014-01-12 15:05 . 2014-01-12 15:05    --------    d-----w-    c:\users\Helio Jr\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 15:21 . 2013-08-28 02:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 15:21 . 2013-08-28 02:48    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-19 10:41 . 2013-08-28 13:04    69240    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2013-12-19 10:41 . 2013-08-28 03:17    90400    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-12-19 10:41 . 2013-08-28 03:17    135648    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2013-11-27 19:47 . 2013-08-28 03:17    37352    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-09-13 09:02    1724616    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-09-13 09:02    1724616    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-09-13 09:02    1724616    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"HP Deskjet 3050 J610 series (NET)"="c:\program files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-19 684600]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-01 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-09-04 280576]
.
c:\users\Helio Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050 J610 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR17FFR2K605HX;CONNECTION=NW;MONITOR=1; [2009-7-13 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 MFE_RR;MFE_RR;c:\users\HELIOJ~1\AppData\Local\Temp\mfe_rr.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-29 1343400]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2013-08-08 64480]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-27 37352]
S2 AntiVirSchedulerService;Avira Agendamento;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-12-19 440376]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-12-19 1011768]
S2 APNMCP;Serviço de atualização Ask;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-12-20 166352]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2012-07-13 769432]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-06 15:22    1211720    ----a-w-    c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-28 15:21]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-28 02:42]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-28 02:42]
.
.
------- Scan Suplementar -------
.
uStart Page = https://www.google.com.br/
mStart Page = hxxp://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Helio Jr\AppData\Roaming\Mozilla\Firefox\Profiles\3mbjsub6.default\
FF - prefs.js: browser.search.selectedEngine -
.
.
------- Associação de arquivos/ficheiros -------
.
.scr=AutoCADScriptFile
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-02-11  11:02:05
ComboFix-quarantined-files.txt  2014-02-11 14:02
ComboFix2.txt  2013-11-04 01:40
.
Pré-execução: 191.945.076.736 bytes disponíveis
Pós execução: 191.897.407.488 bytes disponíveis
.
- - End Of File - - EF4C29803496DC976CC0D47795DB8192
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:25:00, on 11/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "BR17FFR2K605HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Monitorar alertas de tinta - HP Deskjet 3050 J610 series (Rede).lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7333 bytes
 


ledsn

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)

Finalizando.......

Vá até Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall

2egd02b.png

Dê o OK. Aguarde, pois isso desinstalará o ComboFix.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.Ainda em Proteção do Sistema > Criar.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Boa tarde! Solicito a sua ajuda para solucionar o problema. Conforme arquivo anexo. Grato - GENECI.   dificultar.zip
    • Estou trocando o HDD de um notebook por um SSD e esbarrei no seguinte: como a capacidade do SSD é menor, a clonagem é impossível (tentei vários programas diferentes, sem sucesso). Existe uma forma de transferir todos os programas e configurações sem haver nenhuma perda? No caso vou apelar pra formatação limpa do SSD. Obrigado.
    • Consegue com uma mídia de instalação, iniciar o assistente? Se sim, escolha a opção "Reparar seu PC" em seguida "Prompt de Comando". Digite as linhas abaixo uma a uma: cd..
      cd..
      c: (supondo que C:\ seja a unidade do sistema).
      chkdsk /r
      sfc /scannow
      bootrec.exe /fixboot Reinicie e veja se resolve.
    • Eu tenho um notebook Dell Inspiron 15 7000 series desde 2015. Desde o começo do ano ele vem apresentando quedas de desempenho, porém de um tempo pra cá eu não consigo abrir nenhum jogo (que antes eu conseguia jogar na qualidade alta) no minimo sem ficar acima de 20fps com quedas para menos ainda. O navegador está bastante lento e travando frequentemente. Já formatei, atualizei os drivers, fiz testes de detecção de problemas no HARDWARE e temperaturas e não encontrei a fonte do problema, muito menos a solução. Gostaria muito que me ajudassem.     
    • Milgrau, muito obrigado!!   Sim, eu conheço... Na verdade eu sou técnico, mas gostaria de saber outras opiniões, aqui no brasil, somente Acer ou dell... Mas... hahaha   Até!
    •   Bom dia! Sr. Osvaldo Muito obrigado, pela fórmula elaborada. Grato - GENECI
    • Bom dia! Solicito a sua ajuda. Com a evolução a possibilidade torna-se possível. Como converter o resultado da fórmula em valor absoluto. Exemplo: Efetuo o cadastro do cliente no campo data de criação, tenho a fórmula =HOJE()  o que corresponde 19/02/2017, após um determinado tempo efetuo a consulta a data de criação é atualizada. Objetivo Na célula A3 tenho a fórmula =hoje()  passado 2 meses, deve-se converter para data absoluta, usando um célula alternativa A5 para exibir o resultado  "19/12/2016". Nesse caso, há como converter o resultado para uma data absoluta?   Grato – GENECI.  
    • Bom dia!  Deciog Agora sim está perfeito. Muito obrigado. Grato - GENECI.
    • GENECI Você tinha postado a planilha errada, Confere se é desta forma esta correta Décio   A-Perg-div-pef Decio 3.xlsx
    • Caríssimos, um amigo me deu a tarefa(desafio) de consertar seu netbook que não lia pendrive em suas portas USB e nem no leitor de cartão SD, além de iniciar como uma tartaruga! Vi então que ele tinha dois antivírus, o Avast e outro o qual não recordo, sendo que o primeiro estava expirado. Decidi desinstalar o tal, mas antes atualizei os drivers USB e SD. Feito a desinstalação, o Windows pediu para reiniciare fail, o OS não deu boot e ia para a reparação do sistema que não encontrava solução. Tentei de tudo e nada. As pastas e arquivos estão lá, nem no Modo de Segurança ele entra, vai sempre pra restauração do sistema que volta a informar que não pôde fazer a restauração. Não tem Backup nem nada. tem alguma solução antes de formatar?
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.