Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

Favor Help-me log...

Criado por Fodz, Aug 01 2012 07:49 PM

Virus

Faça login para responder

7 respostas neste tópico

#1 Fodz

Participante
64 mensagens

Publicado 01 August 2012 - 07:49 PM

Fiz limpeza com antivírus online
removi o avg e o avast qye minha irmã instalo aqui!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:48:02, on 01/08/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Users\USER\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\USER\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Hotkey.lnk = C:\Program Files\Hotkey\Hotkey.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files\Hotkey\PowerBiosServer.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 8079 bytes

Ir para o topo

#2 Mr.Million

Consumer Security MVP

Especialista
59613 mensagens

Publicado 01 August 2012 - 09:26 PM

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

Ir para o topo

#3 Fodz

Participante
64 mensagens

Publicado 01 August 2012 - 09:42 PM

OBS: Ja tentei remover esse avg em modo de segurança com a ferramenta avgremover e não vai...
ta complicado.
-------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2012.08.01.09

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
USER :: USER-PC [administrador]

Proteção: Permitir

01/08/2012 20:32:41
mbam-log-2012-08-01 (20-32-41).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 182696
Tempo decorrido: 3 minuto(s), 44 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\Users\USER\Downloads\AudioConverterSetup.exe (PUP.Adware.InstallCore) -> Nenhuma ação foi feita.

(fim)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:41:18, on 01/08/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\USER\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\USER\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Hotkey.lnk = C:\Program Files\Hotkey\Hotkey.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files\Hotkey\PowerBiosServer.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 7825 bytes

Editado por Fodz, 01 August 2012 - 09:51 PM.
''

Ir para o topo

#4 Mr.Million

Consumer Security MVP

Especialista
59613 mensagens

Publicado 01 August 2012 - 09:52 PM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Ir para o topo

#5 Fodz

Participante
64 mensagens

Publicado 02 August 2012 - 10:38 AM

ComboFix 12-07-31.03 - USER 02/08/2012 9:22.1.4 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.55.1046.18.2997.2194 [GMT -4:00]
Executando de: c:\users\USER\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))
.
.
2012-08-02 13:28 . 2012-08-02 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 12:52 . 2012-08-02 12:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-02 00:31 . 2012-08-02 00:31 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-08-02 00:30 . 2012-08-02 00:30 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 00:30 . 2012-08-02 00:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 00:30 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-01 22:43 . 2012-08-01 22:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-01 22:38 . 2012-08-01 22:38 -------- d-----w- c:\program files\CCleaner
2012-08-01 22:34 . 2012-08-01 22:34 -------- d-----w- c:\users\USER\AppData\Local\Mozilla
2012-08-01 22:32 . 2012-08-01 22:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-01 21:32 . 2012-08-01 21:32 -------- d-----w- C:\CCE_Quarantine
2012-07-28 22:32 . 2012-07-31 12:31 -------- d-----w- C:\agenda
2012-07-20 14:31 . 2012-07-20 14:31 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-20 14:31 . 2012-07-20 14:31 -------- d-----w- c:\users\USER\AppData\Roaming\Thinstall
2012-07-20 14:31 . 2012-07-20 14:31 -------- d-----w- c:\users\USER\AppData\Local\Thinstall
2012-07-19 15:04 . 2012-07-19 15:04 -------- d-----w- c:\users\USER\AppData\Local\eMule
2012-07-19 15:04 . 2012-07-19 15:04 -------- d-----w- c:\program files\eMule
2012-07-19 14:59 . 2012-07-19 14:59 -------- d-----w- c:\users\USER\AppData\Local\Ares
2012-07-19 14:58 . 2012-07-19 14:59 -------- d-----w- c:\program files\Ares
2012-07-06 01:13 . 2012-07-06 01:13 -------- d-----w- c:\users\USER\AppData\Roaming\.minecraft
2012-07-06 00:57 . 2012-08-02 00:20 -------- d-----w- c:\users\USER\AppData\Local\LogMeIn Hamachi
2012-07-06 00:56 . 2012-07-06 00:56 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-07-03 19:11 . 2012-07-03 19:11 -------- d-----w- c:\program files\Common Files\Java
2012-07-03 19:02 . 2012-07-03 19:02 -------- d-----w- c:\program files\Oracle
2012-07-03 19:01 . 2012-05-04 22:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-03 19:01 . 2012-07-03 19:01 -------- d-----w- c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 22:43 . 2012-01-17 19:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 22:57 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-04 22:29 . 2012-04-26 23:42 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-14 00:15 . 2012-08-01 22:32 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"HW_OPENEYE_OUC_VIVO INTERNET"="c:\program files\VIVO INTERNET\UpdateDog\ouc.exe" [2009-07-27 110592]
"ares"="c:\program files\Ares\Ares.exe" [2012-02-02 3209216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-12 982880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files\Hotkey\Hotkey.exe [2010-1-22 2416640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgfws;Firewall do AVG;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - AVGIDSSHIM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 22:43]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-15 03:42]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-15 03:42]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1578461677-1312225204-2137294785-1000Core.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 16:38]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1578461677-1312225204-2137294785-1000UA.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 16:38]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ct653rus.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{26604C7E-A313-4D12-867F-7C6E7820BE4C} - c:\program files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (a)

(Users)
@Denied: (a)

(Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-08-02 09:30:56
ComboFix-quarantined-files.txt 2012-08-02 13:30
.
Pré-execução: 466.361.090.048 bytes disponíveis
Pós execução: 466.298.789.888 bytes disponíveis
.
- - End Of File - - 2C44A3001757B2FFB109E1436FBE3FCC

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:37:20, on 02/08/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\USER\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\USER\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Hotkey.lnk = C:\Program Files\Hotkey\Hotkey.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files\Hotkey\PowerBiosServer.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 7449 bytes

Ir para o topo

#6 Mr.Million

Consumer Security MVP

Especialista
59613 mensagens

Publicado 02 August 2012 - 10:49 AM

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa branca) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::
c:\windows\system32\DRIVERS\AVGIDSEH.Sys
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\AVG\AVG2012\avgfws.exe
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
c:\windows\system32\DRIVERS\AVGIDSShim.Sys
Driver::
AVGIDSEH
avgwd;Watchdog do AVG
avgfws
AVGIDSDriver
AVGIDSFilter
AVGIDSShim
Folder::
c:\program files\AVG

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

Posted Image

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.
Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.

Ir para o topo

#7 Fodz

Participante
64 mensagens

Publicado 02 August 2012 - 11:23 AM

ComboFix 12-07-31.03 - USER 02/08/2012 10:06:17.2.4 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.55.1046.18.2997.2121 [GMT -4:00]
Executando de: c:\users\USER\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\USER\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\AVG\AVG2012\avgfws.exe"
"c:\program files\AVG\AVG2012\avgwdsvc.exe"
"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"
"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"
"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"
"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG
c:\program files\AVG\AVG2012\avgabout.dll
c:\program files\AVG\AVG2012\avgameh.dll
c:\program files\AVG\AVG2012\avgamnot.dll
c:\program files\AVG\AVG2012\avgamx.dll
c:\program files\AVG\AVG2012\avgapix.dll
c:\program files\AVG\AVG2012\avgapps.dll
c:\program files\AVG\AVG2012\avgaspmx.dll
c:\program files\AVG\AVG2012\avgatend.stp
c:\program files\AVG\AVG2012\avgatupd.stp
c:\program files\AVG\AVG2012\avgcclix.dll
c:\program files\AVG\AVG2012\avgcertx.dll
c:\program files\AVG\AVG2012\avgcfgex.exe
c:\program files\AVG\AVG2012\avgcfgx.dll
c:\program files\AVG\AVG2012\avgcfgx.dll.old
c:\program files\AVG\AVG2012\avgchclx.dll
c:\program files\AVG\AVG2012\avgchjwx.dll
c:\program files\AVG\AVG2012\avgclitx.dll
c:\program files\AVG\AVG2012\avgcmgr.exe
c:\program files\AVG\AVG2012\avgcorex.dll
c:\program files\AVG\AVG2012\avgcremx.exe
c:\program files\AVG\AVG2012\avgcslx.dll
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVG\AVG2012\avgdecider.dll
c:\program files\AVG\AVG2012\avgdiagex.exe
c:\program files\AVG\AVG2012\avgdumpx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgfws.exe
c:\program files\AVG\AVG2012\avgfws.exe.old
c:\program files\AVG\AVG2012\avgfwui.dll
c:\program files\AVG\AVG2012\avgfwwlx.dll
c:\program files\AVG\AVG2012\avgidpmx.dll
c:\program files\AVG\AVG2012\avgidpsdkx.dll
c:\program files\AVG\AVG2012\avglngx.dll
c:\program files\AVG\AVG2012\avglogx.dll
c:\program files\AVG\AVG2012\avglogx.dll.old
c:\program files\AVG\AVG2012\avglscanx.exe
c:\program files\AVG\AVG2012\avgmfapx.exe
c:\program files\AVG\AVG2012\avgmfapx.exe.old
c:\program files\AVG\AVG2012\avgmfarx.dll
c:\program files\AVG\AVG2012\avgmtrapx.dll
c:\program files\AVG\AVG2012\avgmvflx.dll
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgntdumpx.exe
c:\program files\AVG\AVG2012\avgntopensslx.dll
c:\program files\AVG\AVG2012\avgntsqlitex.dll
c:\program files\AVG\AVG2012\avgopensslx.dll
c:\program files\AVG\AVG2012\avgoutlookx.dll
c:\program files\AVG\AVG2012\avgpostinstx.dll
c:\program files\AVG\AVG2012\avgpp.dll
c:\program files\AVG\AVG2012\avgresf.dll
c:\program files\AVG\AVG2012\avgrktx.dll
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgsbgx.dll
c:\program files\AVG\AVG2012\avgscanx.dll
c:\program files\AVG\AVG2012\avgscanx.exe
c:\program files\AVG\AVG2012\avgsched.dll
c:\program files\AVG\AVG2012\avgse.dll
c:\program files\AVG\AVG2012\avgspmui.dll
c:\program files\AVG\AVG2012\avgsrmax.exe
c:\program files\AVG\AVG2012\avgsrmx.dll
c:\program files\AVG\AVG2012\avgssie.dll
c:\program files\AVG\AVG2012\avgstrmx.exe
c:\program files\AVG\AVG2012\avgsystx.exe
c:\program files\AVG\AVG2012\avgsysx.dll
c:\program files\AVG\AVG2012\avgtbapi.dll
c:\program files\AVG\AVG2012\AVGTBInstall.exe
c:\program files\AVG\AVG2012\avgtray.exe
c:\program files\AVG\AVG2012\avgui.exe
c:\program files\AVG\AVG2012\avguiadv.dll
c:\program files\AVG\AVG2012\avguires.dll
c:\program files\AVG\AVG2012\avgupdx.dll
c:\program files\AVG\AVG2012\avgutilx.dll
c:\program files\AVG\AVG2012\avgvvx.dll
c:\program files\AVG\AVG2012\avgwd.dll
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\AVG\AVG2012\avgwdwsc.dll
c:\program files\AVG\AVG2012\avgwebui.dll
c:\program files\AVG\AVG2012\avgwsc.exe
c:\program files\AVG\AVG2012\avgxpl.dll
c:\program files\AVG\AVG2012\avgxpl.dll.old.old
c:\program files\AVG\AVG2012\awacs\rules.cat
c:\program files\AVG\AVG2012\awacs\rules.js
c:\program files\AVG\AVG2012\awacs\speedtest\component\content.dat
c:\program files\AVG\AVG2012\awacs\speedtest\component\speedtest.bmp
c:\program files\AVG\AVG2012\awacs\speedtest\sign.bin
c:\program files\AVG\AVG2012\awacs\techbuddy\component\content.dat
c:\program files\AVG\AVG2012\awacs\techbuddy\component\techbuddy.mht
c:\program files\AVG\AVG2012\awacs\techbuddy\sign.bin
c:\program files\AVG\AVG2012\axioo.dll
c:\program files\AVG\AVG2012\buylnk.dat
c:\program files\AVG\AVG2012\compat.ini
c:\program files\AVG\AVG2012\Drivers\avgfwd6a.sys
c:\program files\AVG\AVG2012\Drivers\avgfwd6x.sys
c:\program files\AVG\AVG2012\Drivers\avgfwfd6.cat
c:\program files\AVG\AVG2012\Drivers\avgfwfd6.inf
c:\program files\AVG\AVG2012\Drivers\avgld.cat
c:\program files\AVG\AVG2012\Drivers\avgld.inf
c:\program files\AVG\AVG2012\Drivers\avgldx64.sys
c:\program files\AVG\AVG2012\Drivers\avgldx86.sys
c:\program files\AVG\AVG2012\Drivers\avgmf.cat
c:\program files\AVG\AVG2012\Drivers\avgmf.inf
c:\program files\AVG\AVG2012\Drivers\avgmfx64.sys
c:\program files\AVG\AVG2012\Drivers\avgmfx86.sys
c:\program files\AVG\AVG2012\Drivers\avgrk.cat
c:\program files\AVG\AVG2012\Drivers\avgrk.inf
c:\program files\AVG\AVG2012\Drivers\avgrkx64.sys
c:\program files\AVG\AVG2012\Drivers\avgrkx86.sys
c:\program files\AVG\AVG2012\Drivers\avgtdi.cat
c:\program files\AVG\AVG2012\Drivers\avgtdi.inf
c:\program files\AVG\AVG2012\Drivers\avgtdia.sys
c:\program files\AVG\AVG2012\Drivers\avgtdix.sys
c:\program files\AVG\AVG2012\Drivers\ErHr7x86\AVGIDSEH.cat
c:\program files\AVG\AVG2012\Drivers\ErHr7x86\AVGIDSEH.inf
c:\program files\AVG\AVG2012\Drivers\ErHr7x86\AVGIDSEH.sys
c:\program files\AVG\AVG2012\Drivers\platform_WIN7\UniversalDD.sys
c:\program files\AVG\AVG2012\Drivers\Windows 7\AVGIDSDriver.cat
c:\program files\AVG\AVG2012\Drivers\Windows 7\AVGIDSDriver.inf
c:\program files\AVG\AVG2012\Drivers\Windows 7\AVGIDSDriver.sys
c:\program files\AVG\AVG2012\Drivers\Windows 7\AVGIDSFilter.cat
c:\program files\AVG\AVG2012\Drivers\Windows 7\AVGIDSFilter.inf
c:\program files\AVG\AVG2012\Drivers\Windows 7\AVGIDSFilter.sys
c:\program files\AVG\AVG2012\Drivers\Windows 7\avgidsShim.cat
c:\program files\AVG\AVG2012\Drivers\Windows 7\avgidsShim.inf
c:\program files\AVG\AVG2012\Drivers\Windows 7\AVGIDSShim.sys
c:\program files\AVG\AVG2012\Firefox4\chrome.manifest
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff10.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff4.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff5.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff6.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff7.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff8.dll
c:\program files\AVG\AVG2012\Firefox4\Components\avgssff9.dll
c:\program files\AVG\AVG2012\fixcfg.exe
c:\program files\AVG\AVG2012\HtmLayout.dll
c:\program files\AVG\AVG2012\HtmLayout.dll.old
c:\program files\AVG\AVG2012\idpfixx.exe
c:\program files\AVG\AVG2012\PCTuneup\AxBrowsers.dll
c:\program files\AVG\AVG2012\PCTuneup\DiskCleanerHelper.dll
c:\program files\AVG\AVG2012\PCTuneup\DiskDefragHelper.dll
c:\program files\AVG\AVG2012\PCTuneup\helper.dll
c:\program files\AVG\AVG2012\PCTuneup\localizer.dll
c:\program files\AVG\AVG2012\PCTuneup\MicroScanner.exe
c:\program files\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll
c:\program files\AVG\AVG2012\PCTuneup\RegistryCleanerHelper.dll
c:\program files\AVG\AVG2012\PCTuneup\RescueCenterHelper.dll
c:\program files\AVG\AVG2012\winspamcatcher.dll
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
c:\windows\system32\DRIVERS\AVGIDSShim.Sys
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Service_avgfws
-------\Service_AVGIDSDriver
-------\Service_AVGIDSEH
-------\Service_AVGIDSFilter
-------\Service_AVGIDSShim
-------\Service_avgwd
-------\Service_avgwd
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))
.
.
2012-08-02 14:12 . 2012-08-02 14:14 -------- d-----w- c:\users\USER\AppData\Local\temp
2012-08-02 12:52 . 2012-08-02 12:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-02 00:31 . 2012-08-02 00:31 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-08-02 00:30 . 2012-08-02 00:30 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 00:30 . 2012-08-02 00:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 00:30 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-01 22:43 . 2012-08-01 22:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-01 22:38 . 2012-08-01 22:38 -------- d-----w- c:\program files\CCleaner
2012-08-01 22:34 . 2012-08-01 22:34 -------- d-----w- c:\users\USER\AppData\Local\Mozilla
2012-08-01 22:32 . 2012-08-01 22:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-01 21:32 . 2012-08-01 21:32 -------- d-----w- C:\CCE_Quarantine
2012-07-28 22:32 . 2012-07-31 12:31 -------- d-----w- C:\agenda
2012-07-20 14:31 . 2012-07-20 14:31 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-20 14:31 . 2012-07-20 14:31 -------- d-----w- c:\users\USER\AppData\Roaming\Thinstall
2012-07-20 14:31 . 2012-07-20 14:31 -------- d-----w- c:\users\USER\AppData\Local\Thinstall
2012-07-19 15:04 . 2012-07-19 15:04 -------- d-----w- c:\users\USER\AppData\Local\eMule
2012-07-19 15:04 . 2012-07-19 15:04 -------- d-----w- c:\program files\eMule
2012-07-19 14:59 . 2012-07-19 14:59 -------- d-----w- c:\users\USER\AppData\Local\Ares
2012-07-19 14:58 . 2012-07-19 14:59 -------- d-----w- c:\program files\Ares
2012-07-06 01:13 . 2012-07-06 01:13 -------- d-----w- c:\users\USER\AppData\Roaming\.minecraft
2012-07-06 00:57 . 2012-08-02 00:20 -------- d-----w- c:\users\USER\AppData\Local\LogMeIn Hamachi
2012-07-06 00:56 . 2012-07-06 00:56 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-07-03 19:11 . 2012-07-03 19:11 -------- d-----w- c:\program files\Common Files\Java
2012-07-03 19:02 . 2012-07-03 19:02 -------- d-----w- c:\program files\Oracle
2012-07-03 19:01 . 2012-05-04 22:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-03 19:01 . 2012-07-03 19:01 -------- d-----w- c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 22:43 . 2012-01-17 19:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 22:57 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-04 22:29 . 2012-04-26 23:42 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-14 00:15 . 2012-08-01 22:32 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"HW_OPENEYE_OUC_VIVO INTERNET"="c:\program files\VIVO INTERNET\UpdateDog\ouc.exe" [2009-07-27 110592]
"ares"="c:\program files\Ares\Ares.exe" [2012-02-02 3209216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-12 982880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files\Hotkey\Hotkey.exe [2010-1-22 2416640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files\Hotkey\PowerBiosServer.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 22:43]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-15 03:42]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-15 03:42]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1578461677-1312225204-2137294785-1000Core.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 16:38]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1578461677-1312225204-2137294785-1000UA.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 16:38]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 189.7.72.15 189.7.72.16
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ct653rus.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (a)

(Users)
@Denied: (a)

(Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-08-02 10:16:26 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-08-02 14:16
.
Pré-execução: 466.348.498.944 bytes disponíveis
Pós execução: 466.118.692.864 bytes disponíveis
.
- - End Of File - - BC17482C49E0DCF628A6135ED6E19CE6

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:44, on 02/08/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\USER\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\USER\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Hotkey.lnk = C:\Program Files\Hotkey\Hotkey.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files\Hotkey\PowerBiosServer.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 7156 bytes

Ir para o topo

#8 Mr.Million

Consumer Security MVP

Especialista
59613 mensagens

Publicado 02 August 2012 - 01:04 PM

Ok, o PC está limpo (Y)

Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.
Ainda em Proteção do Sistema > Criar.

Coloque um Antivírus neste PC, atualize e faça um Scan completo.

Veja neste meu Tópico em Destaque as indicações:Kits de Segurança Free para sua maior Proteção (Y)

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
problema de inicialização do windows 8 inicialização, windows	Notebooks, Tablets...	mnegao1234	3 respostas 65 visualizações	há 55 min. anderson_pb
malwares GRIPNET/bklcom.dll	Malwares	wallmotos37	4 respostas 75 visualizações	Hoje, 05:48 AM wallmotos37
Pinado Video aulas de Windows 8 TUTORIAL, Windows 8, video aulda e 1 mais 1 2 3 10 →	Windows 8	strippoli	91 respostas 7298 visualizações	Hoje, 12:40 AM strippoli
Windows 8 - Como ativar e desativar o painel de detalhes de arquivos windows 8 e 4 mais	Windows 8	strippoli	0 respostas 24 visualizações	Hoje, 12:37 AM strippoli
Análise de log suspeita de malware	Malwares	Chuka	6 respostas 54 visualizações	Hoje, 12:25 AM Chuka

Tópicos com palavra-chave: Virus

Segurança e Redes → Malwares → Análise de log - Combofix mateuspos criou em ontem, 04:29 PM virus, analise, combofix	5 respostas 44 visualizações	Mr.Million ontem, 06:00 PM
Segurança e Redes → Malwares → Win travando e desligando sozinho, virus? CJBRUNHARA criou em 11/May/2013 Virus, Malware, worm 1 2	Quente 10 respostas 187 visualizações	CJBRUNHARA 12/May/2013
Segurança e Redes → Malwares → "O Arquivo continha um vírus e foi excluído", como posso resolver isso? Guy Santos criou em 28/Apr/2013 Internet, vírus, download, System	1 reply 447 visualizações	Mr.Million 28/Apr/2013
Segurança e Redes → Malwares → Solicitação de análise de log Serginho S Cunha criou em 25/Apr/2013 vírus 1 2	Quente 17 respostas 778 visualizações	Mr.Million 01/May/2013
Segurança e Redes → Malwares → Analise de Log HijackThis lourenco.simas criou em 25/Apr/2013 Virus, HijackThis	3 respostas 239 visualizações	Mr.Million 26/Apr/2013

Favor Help-me log...

Tópicos Relacionados

Pinado Video aulas de Windows 8

Tópicos com palavra-chave: Virus

Fazer login