Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

Win Trava na escolha de contas (perfil)

Criado por anderson_almufid, Jun 08 2012 11:49 PM

contas trava demora

Faça login para responder

6 respostas neste tópico

#1 anderson_almufid

Participante
34 mensagens

Publicado 08 June 2012 - 11:49 PM

Na tela onde se escolhe a conta de usuário o PC demora além do normal. Quando passei o malwarebytes, tinha mais de 45 infecções, mas acho que ainda não estou limpo.

Já fiz todo o procedimento para análise de log.

Segue meu log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:42:43, on 08/06/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Andeson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andeson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andeson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andeson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andeson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andeson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Andeson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andeson\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files\4shared Toolbar\4sharedExt32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Zoom Downloader - {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files\4shared Toolbar\4sharedbar32.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [EPSON Stylus TX200 Series (Copiar 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFP.EXE /FU "C:\Windows\TEMP\E_SFD32.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus TX200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFP.EXE /FU "C:\Windows\TEMP\E_S86CB.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &4shared Search - res://C:\Program Files\4shared Toolbar\4sharedbar32.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 6303 bytes

Ir para o topo

#2 Mr.Million

Consumer Security MVP

Especialista
59629 mensagens

Publicado 08 June 2012 - 11:52 PM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Ir para o topo

#3 Mr.Million

Consumer Security MVP

Especialista
59629 mensagens

Publicado 09 June 2012 - 03:13 PM

Aguardando...

Ir para o topo

#4 anderson_almufid

Participante
34 mensagens

Publicado 11 June 2012 - 12:24 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:12:54, on 11/06/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andeson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files\4shared Toolbar\4sharedExt32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files\4shared Toolbar\4sharedbar32.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O8 - Extra context menu item: &4shared Search - res://C:\Program Files\4shared Toolbar\4sharedbar32.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 4743 bytes

ComboFix 12-06-10.01 - Andeson 10/06/2012 23:50:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1643.1029 [GMT -3:00]
Executando de: c:\users\Andeson\Desktop\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-05-11 to 2012-06-11 ))))))))))))))))))))))))))))
.
.
2012-06-09 02:38 . 2012-06-09 02:38 -------- d-----w- c:\program files\CCleaner
2012-06-02 16:23 . 2012-06-02 16:23 -------- d-----w- c:\users\Andeson\AppData\Roaming\TeamViewer
2012-06-02 13:54 . 2011-01-20 13:02 258048 ----a-w- C:\Start.exe
2012-06-02 13:51 . 2010-12-29 18:34 -------- d-----w- C:\ClientSoftware
2012-05-21 13:27 . 2012-05-21 13:28 -------- d-----w- c:\users\Andeson\AppData\Roaming\GetRightToGo
2012-05-17 21:48 . 2012-05-17 21:48 -------- d-----w- c:\program files\Discador MSN
2012-05-16 16:43 . 2012-05-16 16:43 -------- d-----w- c:\program files\Zoom Downloader
2012-05-15 17:55 . 2012-05-15 17:56 -------- d-----w- c:\users\Andeson\AppData\Local\Facebook
2012-05-15 12:12 . 2012-05-15 12:15 -------- d-----w- c:\program files\Google
2012-05-14 01:53 . 2012-06-09 23:28 -------- d-----w- C:\winsic
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 14:43 . 2012-03-29 01:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 14:43 . 2012-03-29 01:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 18:56 . 2012-03-25 08:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 15:14 . 2012-04-25 11:39 17280 ----a-w- c:\windows\system32\roboot.exe
2012-03-25 07:23 . 2011-10-24 12:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-20 06:53 . 2012-03-25 07:39 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DC1A94-F319-4FA8-9AE9-00D86AD623E9}\mpengine.dll
2012-03-13 15:12 . 2012-04-25 11:40 17136 ----a-w- c:\windows\system32\sasnative32.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}]
2012-02-02 13:07 121344 ----a-w- c:\program files\4shared Toolbar\4sharedExt32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files\4shared Toolbar\4sharedbar32.dll" [2012-03-07 214016]
.
[HKEY_CLASSES_ROOT\clsid\{95080b13-aa71-4ee8-b951-7e98221e1ed5}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files\4shared Toolbar\4sharedbar32.dll" [2012-03-07 214016]
.
[HKEY_CLASSES_ROOT\clsid\{95080b13-aa71-4ee8-b951-7e98221e1ed5}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-24 13:38 1410400 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Andeson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System Protector]
2012-04-11 20:42 6742912 ----a-w- c:\program files\Advanced System Protector\AdvancedSystemProtector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 21:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadManager]
2012-05-16 16:43 1644032 ----a-w- c:\program files\Zoom Downloader\DownloadManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-05-15 17:55 137536 ----atw- c:\users\Andeson\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-04-19 14:43 116648 ----atw- c:\users\Andeson\AppData\Local\Google\Update\GoogleUpdate.exe
.
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 116648]
R3 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2010-11-05 579488]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 218624]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 62592]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 24192]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX86.sys [2010-01-15 32352]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-10-25 23136]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-06-25 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-10-21 196352]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys [2010-08-16 5888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-15 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:43]
.
2012-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3008450305-1747374298-729567687-1000Core.job
- c:\users\Andeson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-15 17:55]
.
2012-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3008450305-1747374298-729567687-1000UA.job
- c:\users\Andeson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-15 17:55]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 12:12]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-15 12:12]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3008450305-1747374298-729567687-1000Core.job
- c:\users\Andeson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 14:43]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3008450305-1747374298-729567687-1000UA.job
- c:\users\Andeson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 14:43]
.
2012-06-09 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-04-25 15:14]
.
2012-05-30 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-04-25 15:14]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.fr
mStart Page = hxxp://www.google.fr
IE: &4shared Search - c:\program files\4shared Toolbar\4sharedbar32.dll/MENUSEARCH.HTM
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Andeson\AppData\Roaming\Mozilla\Firefox\Profiles\ts0i9mck.default\
FF - prefs.js: browser.search.defaulturl -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Zoom Downloader: downloadmanager@zoomdownloader.com - %profile%\extensions\downloadmanager@zoomdownloader.com
.
- - - - ORFÃOS REMOVIDOS - - - -
.
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
AddRemove-DiscadorCompMSN - c:\program files\Discador MSN\DiscadorCompMSN u
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(916)
c:\windows\system32\IcnOvrly.dll
.
Tempo para conclusão: 2012-06-11 00:10:49
ComboFix-quarantined-files.txt 2012-06-11 03:10
.
Pré-execução: 81.517.236.224 bytes disponíveis
Pós execução: 81.278.779.392 bytes disponíveis
.
- - End Of File - - 9E03A6D49D2AAD53E7FAF21AB4FBB89E

Ir para o topo

#5 Mr.Million

Consumer Security MVP

Especialista
59629 mensagens

Publicado 11 June 2012 - 10:27 AM

Download AdwCleaner . Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

Posted Image

Clique [Delete]

Poste o Log criado + um novo Log do HijackThis..

Ir para o topo

#6 anderson_almufid

Participante
34 mensagens

Publicado 11 June 2012 - 11:44 PM

# AdwCleaner v1.609 - Logfile created 06/11/2012 at 23:32:27
# Updated 10/06/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Andeson - ANDESON-PC
# Running from : C:\Users\Andeson\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.11 (pt-BR)

Profile name : default
File : C:\Users\Andeson\AppData\Roaming\Mozilla\Firefox\Profiles\ts0i9mck.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v19.0.1084.56

File : C:\Users\Andeson\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "icon_url": "hxxp://www.babylon.com/favicon.ico",
Deleted : "keyword": "babylon.com",
Deleted : "name": "Search the web (Babylon)",
Deleted : "search_url": "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",

*************************

AdwCleaner[S1].txt - [27639 octets] - [06/06/2012 00:49:48]
AdwCleaner[S2].txt - [1390 octets] - [11/06/2012 23:32:27]

########## EOF - C:\AdwCleaner[S2].txt - [1518 octets] ##########

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:39:56, on 11/06/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFP.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Andeson\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: 4sharedExt - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files\4shared Toolbar\4sharedExt32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: 4shared Toolbar - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files\4shared Toolbar\4sharedbar32.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [EPSON Stylus TX200 Series (Copiar 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFP.EXE /FU "C:\Users\Andeson\AppData\Local\Temp\E_S59B3.tmp" /EF "HKCU"
O8 - Extra context menu item: &4shared Search - res://C:\Program Files\4shared Toolbar\4sharedbar32.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 4950 bytes

Ir para o topo

#7 Mr.Million

Consumer Security MVP

Especialista
59629 mensagens

Publicado 12 June 2012 - 12:13 AM

O PC está limpo (Y)

Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
ESPECIAL 1ª Etapa: DESCRIÇÃO E DÚVIDAS ESPECIAL, tutoriais 1 2 3 11 →	Tutoriais Pagos do BABOO	Baboo	109 respostas 21372 visualizações	há 17 min. Baboo
Windows Server 2012 - Configurando GPO para alterar a imagem da tela de bloqueio do Windows 8 windows server 2012, windows 2012 e 2 mais	Windows Server 2012	strippoli	0 respostas 8 visualizações	há 57 min. strippoli
Dica de Media player qual	Multimídia (Vídeo, Áudio & afins)	ultimate_live	1 reply 27 visualizações	Hoje, 12:40 AM _Lucas_
Analise de Log superantispyware 1 2	Malwares	Ikei	10 respostas 104 visualizações	Hoje, 12:16 AM Ikei
Instalei um vírus em meu PC, como tirá-lo? antivírus não detecta vírus, malware, retirar vírus	Malwares	Duanees	2 respostas 39 visualizações	Hoje, 12:07 AM Duanees

Tópicos com palavra-chave: contas, trava, demora

Windows → Windows 8 → Wifi demora muito para ligar quando ligo o PC nani8_ criou em 14/May/2013 windows 8, windows, demora, wifi e 2 mais	2 respostas 84 visualizações	nani8_ 14/May/2013
Hardware → Notebooks, Tablets... → windows 7 trava na tela de inicializar emanuel6 criou em 11/Apr/2013 windows, trava, inicializar	6 respostas 979 visualizações	emanuel6 12/Apr/2013
Windows → Windows 7 → Windows travando menus na tela. rodrigolujan criou em 23/Mar/2013 menu, trava, tela	2 respostas 379 visualizações	rodrigolujan 29/Mar/2013
Segurança e Redes → Malwares → Analise de Log rodrigolujan criou em 20/Mar/2013 erro, virus, malwarebytes, trava 1 2	Quente 13 respostas 646 visualizações	Mr.Million 23/Mar/2013
Windows → Windows 8 → Windows 8 trava na tela de login clagraca criou em 02/Feb/2013 Travamento, Travando, Trava	3 respostas 1443 visualizações	mvalandro 15/Feb/2013

Win Trava na escolha de contas (perfil)

Tópicos Relacionados

Tópicos com palavra-chave: contas, trava, demora

Fazer login