Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

antivírus, não instala nenhum

Criado por vpaioli, Nov 30 2012 09:03 PM

segurança

Faça login para responder

14 respostas neste tópico

#1 vpaioli

Participante
118 mensagens

Publicado 30 November 2012 - 09:03 PM

Temos um novo notebook que veio com windows 7 e não estou conseguindo instalar antivírus. Nem avast nem avg estão dando certo. Desconectei o firewall pois nenhum site abria e mesmo assim eu entro no download mas ao primir o botão aparece um aviso de problemas de conexão. Isso está acontecendo nos 3 navegadores: Chrome, Mozila e IE. Repassei as configurações de acordo com outro note da casa, mas não estou visualizando o problema. Podem me dar uma luz?

Ir para o topo

#2 Mr.Million

Consumer Security MVP

Especialista
59648 mensagens

Publicado 30 November 2012 - 09:16 PM

Para podermos ajudá-lo, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".
Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, "Clique no campo abaixo e digite a sua resposta" e aguarde novas instruções.

Ir para o topo

#3 vpaioli

Participante
118 mensagens

Publicado 01 December 2012 - 08:22 AM

Peço desculpas... procedimentos solicitados já cumpridos, segue log do HijackThis logo abaixo, bem como de um aviso que o mesmo emitiu:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:10:39, on 01/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Users\Acer\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 6632 bytes

Não consegui postar o aviso, que salvei como jpeg... como faço?

Ir para o topo

#4 Mr.Million

Consumer Security MVP

Especialista
59648 mensagens

Publicado 01 December 2012 - 09:47 AM

Clique com o botão direito do mouse no executável do hijackthis(hijackthis.exe) e escolha executar como Administrador.
OBS: Não é no atalho em seu Desktop e sim no executável, como explicado acima.

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Ir para o topo

#5 vpaioli

Participante
118 mensagens

Publicado 01 December 2012 - 11:03 AM

Abaixo os 3 logs gerados (hijack como administrador antes do combofix, combofix e hijack depois do combofix na forma normal):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:36, on 01/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Acer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 6743 bytes
ComboFix 12-12-01.01 - Acer 01/12/2012 11:50:21.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.1894.957 [GMT -2:00]
Executando de: c:\users\Acer\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Acer\AppData\Roaming\nryzrry.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-01 to 2012-12-01 ))))))))))))))))))))))))))))
.
.
2012-12-01 13:55 . 2012-12-01 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 15:13 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A984EF3-4859-4F4D-9007-09E66CC0565F}\mpengine.dll
2012-11-29 17:35 . 2012-11-29 17:35 -------- d-----w- c:\windows\system32\Wat
2012-11-29 15:11 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-29 15:11 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-29 15:11 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-29 15:10 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-29 15:10 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-29 15:10 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-29 15:10 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-29 15:10 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-29 15:10 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-29 15:10 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-29 15:09 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-29 15:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-29 15:09 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-29 15:08 . 2012-11-29 15:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-11-28 22:22 . 2012-02-11 05:25 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-28 22:22 . 2012-02-11 05:21 317952 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-28 22:22 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-11-28 22:22 . 2012-07-04 19:41 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-11-28 22:22 . 2011-11-17 05:31 1293104 ----a-w- c:\windows\system32\ntdll.dll
2012-11-28 22:22 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-28 22:20 . 2012-03-31 04:26 1416192 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-11-28 22:19 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-11-28 22:08 . 2012-02-17 05:30 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-11-28 22:08 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-11-28 22:02 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-28 22:02 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-11-28 22:02 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-28 22:02 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-11-28 22:02 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-11-28 22:02 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-11-28 22:02 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-11-28 22:01 . 2012-06-02 17:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-28 22:01 . 2012-06-02 17:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-11-27 00:03 . 2012-12-01 11:05 -------- d-----w- c:\program files\CCleaner
2012-11-26 04:37 . 2012-11-27 00:11 -------- d-----w- c:\program files\Google
2012-11-09 21:11 . 2012-11-09 21:11 -------- d-----w- c:\windows\system32\nn-NO
2012-11-09 21:11 . 2011-03-16 18:47 64672 ----a-w- c:\windows\system32\athihvui.dll
2012-11-09 21:11 . 2011-03-11 20:54 2158592 ----a-w- c:\windows\system32\drivers\athr.sys
2012-11-09 21:11 . 2012-11-09 21:11 -------- d-----w- c:\program files\Atheros
2012-11-09 21:11 . 2011-03-16 18:47 400544 ----a-w- c:\windows\system32\athihvs.dll
2012-11-09 21:10 . 2012-11-09 21:11 -------- d-----w- c:\programdata\Atheros
2012-11-09 20:37 . 2012-11-09 20:37 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-09 20:37 . 2012-11-09 20:37 -------- d-----w- c:\program files\Broadcom
2012-11-09 19:31 . 2012-11-09 19:31 -------- d-----w- c:\users\Public\Roaming
2012-11-09 19:31 . 2012-11-09 19:31 -------- d-----w- c:\users\Default\Roaming
2012-11-09 19:30 . 2012-11-09 19:30 -------- d-----w- c:\programdata\Intel
2012-11-09 19:22 . 2012-11-09 19:22 -------- d-----w- c:\program files\Cisco
2012-11-09 19:22 . 2011-01-05 03:08 1004136 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2012-11-09 19:22 . 2012-11-09 19:22 -------- d-----w- c:\program files\REALTEK PCIE Wireless LAN Driver
2012-11-09 19:22 . 2010-12-01 11:31 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2012-11-09 19:21 . 2012-11-09 19:30 -------- d-----w- c:\program files\Common Files\Intel
2012-11-09 19:18 . 2010-09-13 20:18 353304 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-09 19:18 . 2012-11-09 19:18 -------- d-----w- c:\programdata\AmUStor
2012-11-09 19:18 . 2012-11-09 19:18 -------- d-----w- c:\program files\AmIcoSingLun
2012-11-09 19:16 . 2012-11-09 19:16 -------- d-----w- c:\windows\system32\Atheros_L1e
2012-11-09 19:16 . 2011-04-19 12:50 69232 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2012-11-09 18:32 . 2012-11-09 18:32 -------- d-----w- c:\program files\Synaptics
2012-11-09 18:32 . 2010-10-08 20:32 1314736 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-11-09 18:32 . 2010-10-08 20:31 144680 ----a-w- c:\windows\system32\SynGlwPadShlExt.dll
2012-11-09 18:32 . 2010-10-08 20:31 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-11-09 18:32 . 2010-10-08 20:31 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-11-09 18:32 . 2010-10-08 20:31 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2012-11-09 18:32 . 2010-10-08 20:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-09 18:32 . 2009-08-07 11:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-11-09 17:28 . 2012-11-09 19:30 -------- d-----w- c:\program files\Intel
2012-11-09 17:28 . 2010-10-04 15:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-11-09 17:27 . 2012-11-09 19:20 -------- d-----w- C:\Intel
2012-11-09 17:17 . 2012-11-09 17:17 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-09 17:09 . 2012-11-09 17:09 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-09 17:00 . 2012-05-31 14:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-08 23:49 . 2012-11-27 00:04 -------- d-----w- c:\windows\Panther
2012-11-08 23:29 . 2007-04-17 02:05 5632000 ----a-w- c:\windows\system32\RLVirtualCamera.ocx
2012-11-08 23:29 . 2007-03-19 18:00 31616 ----a-w- c:\windows\system32\drivers\RLVrtAuCbl.sys
2012-11-08 23:29 . 2012-11-08 23:29 -------- d-----w- c:\program files\Common Files\Reallusion
2012-11-08 23:28 . 2012-11-09 21:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-11-08 23:28 . 2012-11-08 23:29 -------- d-----w- c:\program files\Reallusion
2012-11-08 23:23 . 2012-11-08 23:23 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-08 23:18 . 2012-11-08 23:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-11-08 23:18 . 2012-11-29 15:37 -------- d-----w- c:\program files\Microsoft.NET
2012-11-08 23:18 . 2012-11-08 23:18 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-11-08 23:17 . 2012-11-08 23:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-11-08 23:16 . 2012-11-08 23:16 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-11-08 23:16 . 2012-11-30 15:03 -------- d-----w- c:\programdata\Microsoft Help
2012-11-08 23:16 . 2012-11-08 23:16 -------- d-----r- C:\MSOCache
2012-11-08 23:13 . 2012-11-08 23:13 -------- dc----w- c:\windows\system32\DRVSTORE
2012-11-08 23:13 . 2010-09-23 02:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-11-08 23:13 . 2012-11-08 23:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-08 23:12 . 2012-11-08 23:12 -------- d-----w- c:\windows\PCHEALTH
2012-11-08 23:11 . 2012-11-08 23:14 -------- d-----w- c:\program files\Windows Live
2012-11-08 23:11 . 2009-09-04 19:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-11-08 23:11 . 2009-09-04 19:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-11-08 23:11 . 2009-09-04 19:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-11-08 23:11 . 2006-11-29 15:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-11-08 23:10 . 2012-11-08 23:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-08 23:10 . 2012-11-09 19:23 -------- d-----w- c:\program files\Microsoft Silverlight
2012-11-08 23:10 . 2012-11-09 17:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 23:10 . 2012-11-08 23:10 -------- d-----w- c:\windows\system32\Macromed
2012-11-08 23:09 . 2012-11-30 15:05 -------- d-sh--w- c:\windows\Installer
2012-11-08 23:09 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-11-08 23:09 . 2011-07-16 14:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-11-08 23:09 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2012-11-08 23:09 . 2011-08-29 08:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2012-11-08 23:09 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-11-08 23:09 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-11-08 23:09 . 2012-11-08 23:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-11-08 23:08 . 2012-11-08 23:08 -------- d-----w- c:\program files\Common Files\Windows Live
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 00:33 . 2010-06-24 13:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-16 07:39 . 2012-11-28 22:21 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-07-14 00:15 . 2012-11-08 23:10 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2011-01-26 264792]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 176920]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 178456]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1210640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 17:09]
.
2012-12-01 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-08 23:23]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-27 00:09]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-27 00:09]
.
.
------- Scan Suplementar -------
.
IE: &Enviar para o OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\m1666dzx.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKCU-Run-Adobe Reader Speed Launcher - c:\users\Acer\AppData\Roaming\nryzrry.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-676154648-1466175821-2343868365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-676154648-1466175821-2343868365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-12-01 11:56:38
ComboFix-quarantined-files.txt 2012-12-01 13:56
.
Pré-execução: 292.299.083.776 bytes disponíveis
Pós execução: 292.265.369.600 bytes disponíveis
.
- - End Of File - - C7DCFFEE58C4705AFB02CC3ADA0F9892
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:36, on 01/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Acer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 6743 bytes

Ir para o topo

#6 Mr.Million

Consumer Security MVP

Especialista
59648 mensagens

Publicado 01 December 2012 - 11:18 AM

Download o Kaspersky Virus Removal Tool.

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.
Informe seu email depois clique no botão Submit Form.
A página será recarregada. Clique no botão Download

Salve-o em sua Área de trabalho.

Duplo clique no arquivo "setup" e aguarde a instalação;
Na próxima tela marque I accept the licence agreement e clique em Start

Clique no botão Posted Image

e marque:

Meu Computador
Disco local (C:) (a letra do disco local pode variar)

Clique em Actions e marque os dois quadros ( se já não estiverem marcados):

Posted Image

- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão Posted Image

, em Detected threats e no botão "Save".
- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

Ir para o topo

#7 vpaioli

Participante
118 mensagens

Publicado 01 December 2012 - 01:32 PM

Status: Deleted (events: 1)
01/12/2012 13:27:56 Deleted virus Net-Worm.Win32.Cynic.q C:\Qoobox\Quarantine\C\Users\Acer\AppData\Roaming\nryzrry.exe.vir High

Apenas esse item apareceu no relatório...

Editado por vpaioli, 01 December 2012 - 02:00 PM.
''

Ir para o topo

#8 Mr.Million

Consumer Security MVP

Especialista
59648 mensagens

Publicado 01 December 2012 - 02:24 PM

É a pasta do ComboFix...

Coloque um Antivírus neste PC, atualize e faça um Scan completo.

Após feito, poste um novo log do HijackThis.

Veja neste meu Tópico em Destaque as indicações:Kits de Segurança Free para sua maior Proteção (Y)

Ir para o topo

#9 vpaioli

Participante
118 mensagens

Publicado 01 December 2012 - 04:15 PM

Segue novo log.
Pergunta? O que faço com os programas salvos na área de trabalho (combofix e karspersky)?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:52, on 01/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Users\Acer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 7551 bytes

Ir para o topo

#10 Mr.Million

Consumer Security MVP

Especialista
59648 mensagens

Publicado 01 December 2012 - 04:59 PM

Ok, o PC está limpo (Y)

Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.
Ainda em Proteção do Sistema > Criar.

Feche todas as janelas abertas, e salve o que achar necessário.
Entre na pasta Kaspersky (estará na mesma pasta onde você salvou o arquivo de instalação), faça duplo clique sobre o arquivo unins000.exe
Clique em OK duas vezes.

Seu computador será reiniciado.

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
Qual melhor antivírus? malwares 1 2 3	Segurança	Fabio palagar	26 respostas 2474 visualizações	Há um minuto paulo.antonio
Textbox codigo Vba Textbox	Microsoft Office	Adjosi	1 reply 22 visualizações	há 52 min. osvaldomp
Pinado Microsoft confirma: Windows Blue é Windows 8.1 Windows Blue, Windows 8.1	Windows 8	Sid Vicious	3 respostas 199 visualizações	Hoje, 06:12 PM mach
Compra Windows 8 Pro Compra Windows 8 Pro	Windows 8	mach	0 respostas 27 visualizações	Hoje, 06:08 PM mach
Instalei um vírus em meu PC, como tirá-lo? antivírus não detecta vírus, malware, retirar vírus 1 2	Malwares	Duanees	13 respostas 141 visualizações	Hoje, 05:58 PM Mr.Million

Tópicos com palavra-chave: segurança

Segurança e Redes → Segurança → Suites de Segurança PAGAS são proteção suficiente? Trovalds criou em 19/Apr/2013 Segurança, Suites, Pago	0 respostas 267 visualizações	Trovalds 19/Apr/2013
Software → Softwares em geral → Baidu PC Faster lucas_rodrigues criou em 12/Apr/2013 baidu, pcfaster, baidupcfaster e 7 mais	0 respostas 268 visualizações	lucas_rodrigues 12/Apr/2013
Software → Navegadores, E-mail, P2P... → Internet Explorer - Confirmação de Download andersondecamarg criou em 11/Jan/2013 internet, explorer, download e 3 mais	2 respostas 455 visualizações	andersondecamarg 14/Jan/2013
Software → Softwares em geral → Software sandbox com permanência de dados e exportação? DominioSantos criou em 28/Nov/2012 dúvida, permanência, segurança	1 reply 413 visualizações	majoMo 17/Dec/2012
Segurança e Redes → Redes → Segurança rede local por cabo MSA_GT criou em 27/Nov/2012 lan, segurança	2 respostas 387 visualizações	nickosoft 28/Nov/2012

antivírus, não instala nenhum

Tópicos Relacionados

Pinado Microsoft confirma: Windows Blue é Windows 8.1

Tópicos com palavra-chave: segurança

Fazer login