[Resolvido] &nbspWindows Explore Abre e Fecha

[AgmNeto 0]

Quando abro qualquer programa tipo meu computador, meus documentos ou qualquer pasta, a maquina ela começa a abrir e fechar o windows explore sozinha, já passei antivirus e anti spyware e não resolveu, então aki está a LOG pra vcs poderem analisar !! Vlw, espero que me ajudem

 

---------------------------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:14:49, on 17/09/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\tsnpstd3.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Ari\Documents\Downloads\Programs\HiJackThis.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: shdoflash.shdoc - {65189F3A-AD84-42EC-9967-5A681C920AE4} - C:\Windows\System32\shdoflash.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Soundupkd.Soundupkdcls - {784B1851-AC1B-4BFA-A058-B790C0AD8BA8} - C:\Windows\System32\Soundupkd.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3983F2D5-7C7C-4940-B27B-20DC45C38349}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CS1\Services\Tcpip\..\{3983F2D5-7C7C-4940-B27B-20DC45C38349}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CS2\Services\Tcpip\..\{3983F2D5-7C7C-4940-B27B-20DC45C38349}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

--

End of file - 9875 bytes

[Diogo R 0]

Olá.

 

1.

 

 

:veja: Faça o download do '>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]Ad Remover

:veja: Dê duplo clique em AD-R.exe...

:veja: Logo após, clique em Scan

:veja: O scan pode demorar, aguarde o processo terminar...

:veja: Um log será criado em C:\Ad-Report-SCAN.log

:veja: Copie e cole esse log aqui...

 

 

T+

[AgmNeto 0]

Olá.

 

1.

 

 

:veja: Faça o download do '>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]Ad Remover

:veja: Dê duplo clique em AD-R.exe...

:veja: Logo após, clique em Scan

:veja: O scan pode demorar, aguarde o processo terminar...

:veja: Um log será criado em C:\Ad-Report-SCAN.log

:veja: Copie e cole esse log aqui...

 

 

T+

 

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 16/09/10 at 13:30

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 22:25:02 on 18/09/2010, Normal boot

 

Microsoft Windows 7 Starter (X86)

Ari@ARI-MEGA (MEGAWARE MW-G31T-M7)

 

============== SEARCH ==============

 

 

 

0,Key found: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.9 (pt-BR)] **

 

-- C:\Users\Ari\AppData\Roaming\Mozilla\FireFox\Profiles\9icxnq6z.default\Prefs.js --

browser.download.lastDir, C:\\Users\\Ari\\Pictures

browser.search.defaultenginename, LocalStrike

browser.search.defaulturl, hxxp://search.localstrike.com.ar/?q={searchTerms}

browser.search.selectedEngine, Google

browser.startup.homepage, hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

browser.startup.homepage_override.mstone, rv:1.9.2.9

keyword.URL, hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

 

========================================

 

** Internet Explorer Version [8.0.7600.16385] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://nmd.msn.com

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

Search Page: hxxp://search.localstrike.com.ar/

Show_ToolBar: yes

Start Page: hxxp://nmd.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://search.localstrike.com.ar/

Default_Search_URL: hxxp://search.localstrike.com.ar/

Delete_Temp_Files_On_Exit: yes

Local Page: C:\Windows\System32\blank.htm

Search Page: hxxp://search.localstrike.com.ar/

Start Page: hxxp://search.localstrike.com.ar/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: hxxp://search.localstrike.com.ar

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)

C:\Program Files\Ad-Remover\Backup: 1 File(s)

 

C:\Ad-Report-SCAN[1].txt - 18/09/2010 (2215 Byte(s))

 

End at: 22:26:31, 18/09/2010

 

============== E.O.F ==============

[Diogo R 0]

Olá.

 

1.

 

:veja: Execute o Ad Remover...

:veja: Logo após, tecle --> Clean<--

:veja: Aguarde a remoção...

:veja: Será gerado um Log em C:\Ad-Report-CLEAN.log

:veja: Copie e cole esse log aqui...

 

2.

 

Novo log hijackthis

 

 

T+

[AgmNeto 0]

1.

 

======= REPORT FROM AD-REMOVER 2.0.0.1,F | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 16/09/10 at 13:30

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 13:12:52 on 19/09/2010, Normal boot

 

Microsoft Windows 7 Starter (X86)

Ari@ARI-MEGA (MEGAWARE MW-G31T-M7)

 

============== ACTION(S) ==============

 

 

 

(!) -- Temporary files deleted.

 

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.10 (pt-BR)] **

 

-- C:\Users\Ari\AppData\Roaming\Mozilla\FireFox\Profiles\9icxnq6z.default\Prefs.js --

browser.download.lastDir, C:\\Users\\Ari\\Pictures

browser.search.defaultenginename, LocalStrike

browser.search.defaulturl, hxxp://search.localstrike.com.ar/?q={searchTerms}

browser.search.selectedEngine, Google

browser.startup.homepage, hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

browser.startup.homepage_override.mstone, rv:1.9.2.10

keyword.URL, hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

 

========================================

 

** Internet Explorer Version [8.0.7600.16385] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\Windows\System32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)

C:\Program Files\Ad-Remover\Backup: 16 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 19/09/2010 (2679 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 19/09/2010 (2440 Byte(s))

C:\Ad-Report-SCAN[1].txt - 18/09/2010 (2344 Byte(s))

 

End at: 13:14:24, 19/09/2010

 

============== E.O.F ==============

 

2.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:28:12, on 19/09/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\tsnpstd3.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Ari\Documents\Downloads\Programs\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: shdoflash.shdoc - {65189F3A-AD84-42EC-9967-5A681C920AE4} - C:\Windows\System32\shdoflash.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Soundupkd.Soundupkdcls - {784B1851-AC1B-4BFA-A058-B790C0AD8BA8} - C:\Windows\System32\Soundupkd.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

--

End of file - 8981 bytes

[Diogo R 0]

OLá

 

1.

 

:veja: Execute o Ad Remover

:veja: Clique em Uninstal

:veja: Aguarde a desinstalação.

 

2.

 

Abra o HijackThis, e clica em "Do a system scan only"...e marque a(s) seguinte(s) linha(s):

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

 

E clique em Fix checked....

 

3.

 

:veja: Faça o download do ToolBar S&D e salve do Desktop

:veja: Reinicie o micro em Modo se Segurança...

:veja: Após isso, execute o aplicativo, tecle P depois Enter e depois em OK...

:veja: Logo depois, aperte a tecla 2 e depois Enter...

:veja: Aguarde o processo...

:veja: Depois que terminar será gerado um log em C:\ToolBar SD\TB_1.txt ...

:veja: Abra o documento copie e cole o resultado aqui...

 

4.

 

Baixe o Malwarebytes Anti-Malware

 

 

:veja: Inicie a instalação clicando em "mbam-setup.exe"...

:veja: Marque "Atualizar Malwarebytes Anti-Malware" e clique em concluir...

:veja: Execute o programa MalwareBytes Anti Malware...

:veja: Clique na aba: "Verificação", selecione a opção "Verificação completa"....

:veja: Clique então em "Verificar"...

:veja: Selecione tudo que deseja escanear.....

:veja: Clique então em "Verificar"....

:veja: Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log...

:veja: Se algo for detectado, veja se tudo está marcado e clique em "Remover"....

:veja: Se perguntar se você deseja remover objetos da memória, clica em Sim...

:veja: O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal...

:veja: Copie e cole esse log aqui...

 

Aguardo seu poste...

 

 

T+

[AgmNeto 0]

1. Deu certo o unintal do Ad Remover

 

2. Deu certo tambem esse processo

 

3. Não gerou nenhum log, fiz todo o processo mas nao gerou nenhum log

 

4. Deu certo, aki está o log :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4653

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

19/09/2010 22:31:03

mbam-log-2010-09-19 (22-31-03).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 219118

Tempo decorrido: 29 minuto(s), 16 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 6

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\TypeLib\{3a092ce8-6421-47d9-a5e1-45cc3e2000be} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04c40849-a090-4c2b-a7c4-cb749c20015f} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{65189f3a-ad84-42ec-9967-5a681c920ae4} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{65189f3a-ad84-42ec-9967-5a681c920ae4} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65189f3a-ad84-42ec-9967-5a681c920ae4} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65189f3a-ad84-42ec-9967-5a681c920ae4} (Trojan.Banker) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Windows\System32\shdoflash.dll (Trojan.Banker) -> Quarantined and deleted successfully.

[Diogo R 0]

Olá AgmNeto

 

1.

 

:veja: Delete o arquivo ToolBarSd.exe que está no seu Desktop e delete a pasta que estará em C:\ToolBar SD

 

2.

 

:veja: Abra/execute o Malwarebytes Anti-Malware

:veja: Clique na aba Quarentena

:veja: Se haver algum malware lá, selecione todos e clique em Remover

:veja: Feche o programa...

 

3.

 

 

:veja: Faça o download do Bankerfix'>http://www.linhadefensiva.org/dl/bankerfix"]Bankerfix

:veja: Desative temporariamente seu AntiVírus...

:veja: Dê um duplo-clique no bankerfix.exe .....

:veja: Uma janela pedirá a confirmação da instalação, clique em Sim

:veja: Uma mensagem irá surgir, clique em OK para continuar.

:veja: Aguarde o processo de download/atualização de componentes...

:veja: Irá aparecer uma janela, clique em OK...

:veja: Uma janela irá aparecer, feche todos os programas, exceto o BankerFix...

:veja: Pressione qualquer tecla para iniciar a ferramenta...

:veja: Após o processo, uma mensagem de informação irá aparecer, se pedir para reiniciar, então reinicie o micro..

:veja: Depois da reinicialização (caso precise) o BankerFix se executará...então aguarde o aviso do termino da remoção...

:veja: Um log será gerado em C:\LinhaDefensiva\relatorio.txt

:veja: Abra o relatório, copie e cole o resultado contido aqui...

 

Aguardo seu poste...

 

 

T+

[AgmNeto 0]

beleza Diogo R

 

1. Deu Certo

2. Deu Certo

 

3. Deu Certo o log ta aki:

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-09-21 - 19:23

-------------------------------------------------------

Lista de Definição: 2010-08-03-1 | CORE: 2010-01-14-1

=======================================================

 

IP malicioso encontrado no hosts: 76.163

[Diogo R 0]

Olá.

 

1.

 

:veja: Delete o arquivo Bankerfix.exe que você baixou e delete a pasta C:\LinhaDefensiva

 

2.

 

:veja: Faça o download do '>http://www.funkytoad.com/download/HostsXpert.zip"]HostsXpert

:veja: Extraia o Conteudo do arquivo HostsXpert.zip para o C:\HostsXpert\

:veja: Dê um duplo clique em HostsXpert.exe ...

:veja: Se a opção "Make Hosts Writable?" estiver disponível, clique nela..(localiza no canto direito superior)...

:veja: Clique então em "Restore Microsoft's Hosts file"..

:veja: Depois disso clique em OK..

:veja: Para sair do programa clique em X...

 

3.

 

Faça o download do ComboFix'>http://majorgeeks.com/downloadget.php?id=6402&file=1&evp=4d90f753bf109637fabd69481c775ab1"]ComboFix

 

 

:veja: Desative temporariamente o seu antivirus

:veja: Dê um duplo clique no ícone combofix.exe para iniciar o scaniamento...

:veja: Aceita o contrato para continuar....

:veja: Tecle 1 e logo após, tecle Enter...

:veja: Irá abrir uma janela do Console de Recuperação, clique em Sim, se aparecer outra janela, clique em OK, e depois em Sim...

:veja: Aguarde o ComboFix com seu scan...

:veja: Se ocorrer algum problema durante o scan, reinicie o micro em Modo de Segurança e faça novamente o processo...

:veja: Não utilize nem o mouse nem o teclado...se isso acontecer seu desktop ficará branco...

:veja: Caso queira sair ou cancelar o ComboFix, tecle N;

:veja: Quando terminar, o computador será reiniciado, após isso, a ferramenta executará novamente, então aguarde...

:veja: Será gerado um log em C:\ComboFix.txt ...

:veja: Cole este log em sua próxima resposta...

 

Aguardo seu poste...

 

 

 

T+

[AgmNeto 0]

Diogo desculpa a demora ai no post é pq estava ocupado esses dias !

 

1. OK

2. OK

3. OK log abaixo:

 

ComboFix 10-09-24.03 - Ari 24/09/2010 22:11:35.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.2038.947 [GMT -3:00]

Executando de: c:\users\Ari\Documents\Downloads\Programs\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-25 to 2010-09-25 ))))))))))))))))))))))))))))

.

 

2010-09-25 01:15 . 2010-09-25 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-25 01:03 . 2010-09-25 01:05 -------- d-----w- C:\HostsXpert

2010-09-20 00:53 . 2010-09-20 00:53 -------- d-----w- c:\users\Ari\AppData\Roaming\Malwarebytes

2010-09-20 00:53 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-20 00:53 . 2010-09-20 00:53 -------- d-----w- c:\programdata\Malwarebytes

2010-09-20 00:53 . 2010-09-20 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-20 00:53 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-19 01:24 . 2010-09-20 00:32 -------- d-----w- c:\program files\Ad-Remover

2010-09-17 23:13 . 2010-09-18 01:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-17 23:13 . 2010-09-17 23:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-09-16 22:33 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-09-10 19:37 . 2010-09-10 19:37 17920 ----a-w- c:\windows\system32\Soundupkd.dll

2010-09-09 16:37 . 2010-09-09 16:37 -------- d-----w- c:\windows\Sun

2010-09-06 01:50 . 2010-09-06 01:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-08-28 20:35 . 2010-08-28 20:35 -------- d-----w- c:\users\Ari\AppData\Roaming\Apple Computer

2010-08-28 16:37 . 2010-08-28 16:37 -------- d-----w- C:\videooutput

2010-08-28 16:37 . 2009-05-19 21:32 758018 ----a-w- c:\windows\system32\xvidcore.dll

2010-08-28 16:37 . 2008-12-05 00:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-08-27 19:54 . 2010-08-27 19:54 -------- d-----w- C:\DigitalVideoConverter

2010-08-26 12:53 . 2010-08-26 12:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-24 23:25 . 2010-07-08 18:10 -------- d-----w- c:\users\Ari\AppData\Roaming\DMCache

2010-09-21 00:54 . 2010-07-08 18:10 -------- d-----w- c:\users\Ari\AppData\Roaming\IDM

2010-09-20 23:54 . 2009-07-14 08:31 657176 ----a-w- c:\windows\system32\prfh0416.dat

2010-09-20 23:54 . 2009-07-14 08:31 125568 ----a-w- c:\windows\system32\prfc0416.dat

2010-09-17 03:46 . 2010-03-16 14:39 -------- d-----w- c:\programdata\Microsoft Help

2010-09-11 20:18 . 2010-07-02 22:47 -------- d-----w- c:\program files\Valve

2010-09-11 19:41 . 2010-07-03 23:28 -------- d-----w- c:\program files\sXe Injected

2010-09-08 21:08 . 2010-03-16 14:36 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-06 01:53 . 2010-07-28 10:05 -------- d-----w- c:\users\Ari\AppData\Roaming\Skype

2010-09-06 01:49 . 2010-07-28 10:06 -------- d-----w- c:\users\Ari\AppData\Roaming\skypePM

2010-08-26 13:08 . 2010-07-02 01:29 110816 ----a-w- c:\users\Ari\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-26 12:55 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild

2010-08-20 23:31 . 2010-08-20 22:57 -------- d-----w- c:\program files\PokerStars

2010-08-11 00:04 . 2010-08-11 00:04 -------- d-----w- c:\program files\Common Files\Java

2010-08-11 00:01 . 2010-07-06 21:11 -------- d-----w- c:\program files\Java

2010-08-10 23:39 . 2010-03-16 14:37 -------- d-----w- c:\program files\Microsoft Works

2010-08-06 15:48 . 2010-08-06 15:48 -------- d-----w- c:\users\Ari\AppData\Roaming\Media Player Classic

2010-07-30 00:12 . 2010-07-30 00:12 -------- d-----w- c:\program files\MSXML 4.0

2010-07-29 19:38 . 2010-07-29 19:38 -------- d-----w- c:\program files\Real Alternative

2010-07-29 19:32 . 2010-07-29 19:32 -------- d-----w- c:\users\Ari\AppData\Roaming\GRETECH

2010-07-29 19:31 . 2010-07-29 19:31 -------- d-----w- c:\program files\GRETECH

2010-07-29 16:01 . 2010-07-29 15:18 -------- d-----w- c:\program files\Hewlett-Packard

2010-07-29 15:18 . 2010-07-29 15:18 -------- d-----w- c:\program files\HP

2010-07-29 06:30 . 2010-08-10 22:41 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-08-10 22:41 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-07-28 10:05 . 2010-07-28 10:03 -------- d-----r- c:\program files\Skype

2010-07-28 10:03 . 2010-07-28 10:03 -------- d-----w- c:\program files\Common Files\Skype

2010-07-28 10:03 . 2010-07-28 10:03 -------- d-----w- c:\programdata\Skype

2010-07-17 08:00 . 2010-07-06 21:12 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-10 18:33 . 2010-07-10 18:33 0 ----a-w- c:\users\Ari\AppData\Roaming\wklnhst.dat

2010-07-08 18:10 . 2010-07-08 18:10 198064 ----a-w- c:\users\Ari\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

2010-07-02 02:22 . 2010-07-02 02:22 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb18E1.tmp.exe

2010-06-30 06:25 . 2010-08-10 22:42 978432 ----a-w- c:\windows\system32\wininet.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{784B1851-AC1B-4BFA-A058-B790C0AD8BA8}]

2010-09-10 19:37 17920 ----a-w- c:\windows\System32\Soundupkd.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-02 39408]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-08 3134896]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 1474560]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

 

c:\users\Ari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 135664]

R3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2010-08-15 91776]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 05:53]

 

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 05:53]

.

.

------- Scan Suplementar -------

.

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: {3983F2D5-7C7C-4940-B27B-20DC45C38349} = 200.165.132.155 200.149.55.140

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

FF - ProfilePath - c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\9icxnq6z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\users\Ari\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-Locked - (no file)

AddRemove-WMV Converter v1.6_is1 - c:\program files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-2857843694-555289194-2134968293-1000_Classes\CLSID\{42711476-5d65-42e9-ae09-a08b6ebece72}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000fc

"Therad"=dword:0000000a

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

 

[HKEY_USERS\S-1-5-21-2857843694-555289194-2134968293-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):8b,33,38,70,e9,0a,4c,73,1e,cd,4c,27,7e,f5,4c,13,33,c2,2c,bd,90,

e3,e8,32,fd,a1,81,8b,d0,44,98,10,38,69,32,3a,90,7b,d2,45,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2010-09-24 22:17:07

ComboFix-quarantined-files.txt 2010-09-25 01:17

 

Pré-execução: 280.496.103.424 bytes disponíveis

Pós execução: 280.510.246.912 bytes disponíveis

 

- - End Of File - - 5FB79135D66218826EF1F8506ACEBCF2

[Diogo R 0]

Olá!

 

1.

 

:veja: Faça o Scan Online com o KaspersKy aqui

:veja: Faça de acordo com o flash Abaixo:

 

 

:veja: Copie e cole o log aqui...

 

 

T+

[AgmNeto 0]

Diogo Cara o Problema voltou, ele tinha parado, mas voltou ontem, o pc fica totalmente sem utilidades com esse problema e estou presiçando dele para fazer um trabalho, quanto mais rapido você me ajudar melhor !! Vlw mesmo por ajudar ate agora !!

 

fiz hj esse scan ai do KAS e nao deu nenhum arquivo infectado ta aki o LOG :

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, October 4, 2010

Operating system: Microsoft Home Edition (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, October 04, 2010 07:10:18

Records in database: 4285427

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

C:\

D:\

 

Scan statistics:

Objects scanned: 97485

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 01:03:34

[Diogo R 0]

Ok.

 

Faça um NOVO log hijackthis e poste aqui.

 

 

T+

[AgmNeto 0]

Parou o Problema, não sei oq houve, mas parou de uma hora pra outra, mas ta aki o LOG DO HiJackThis :

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:10:12, on 05/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\tsnpstd3.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Ari\Documents\Downloads\Programs\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Soundupkd.Soundupkdcls - {1D8D62E6-4D4B-4EA5-9509-EDBE8F98F3CF} - C:\Windows\System32\Soundupkd.dll

O2 - BHO: shdoflash.shdoc - {330E4AD7-FE5F-4DF2-A95F-F37864075DE0} - C:\Windows\System32\shdoflash.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3983F2D5-7C7C-4940-B27B-20DC45C38349}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CS1\Services\Tcpip\..\{3983F2D5-7C7C-4940-B27B-20DC45C38349}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

--

End of file - 9137 bytes

[Diogo R 0]

Delete o arquivo C:\combofix.txt

 

:veja: Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

killall::File::c:\windows\System32\Soundupkd.dllC:\Windows\System32\shdoflash.dllRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{784B1851-AC1B-4BFA-A058-B790C0AD8BA8}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{330E4AD7-FE5F-4DF2-A95F-F37864075DE0}]

 

:veja: Salve o arquivo no desktop como CFScript.txt

:veja: Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

:veja: Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

:veja: Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório

:veja: Cole o relatório criado em C:\combofix.txt

 

 

T+

[AgmNeto 0]

ComboFix 10-10-09.04 - Ari 10/10/2010 10:35:41.2.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.2038.1282 [GMT -3:00]

Executando de: c:\users\Ari\Documents\Downloads\Programs\ComboFix.exe

Comandos utilizados :: c:\users\Ari\Documents\Downloads\Programs\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

* Criado um novo ponto de restauração

 

FILE ::

"c:\windows\System32\shdoflash.dll"

"c:\windows\System32\Soundupkd.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\System32\Soundupkd.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-10 to 2010-10-10 ))))))))))))))))))))))))))))

.

 

2010-10-10 13:38 . 2010-10-10 13:40 -------- d-----w- c:\users\Ari\AppData\Local\temp

2010-10-10 13:38 . 2010-10-10 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-08 21:24 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58B0C978-CD81-4D85-ABF4-781039A84C6A}\mpengine.dll

2010-10-07 16:24 . 2010-10-07 16:24 -------- d-----w- c:\program files\GameVicio

2010-10-07 01:13 . 2010-10-07 01:13 -------- d-----w- c:\program files\EA GAMES

2010-10-07 01:13 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-09-30 01:08 . 2010-09-30 01:08 -------- d-sh--w- c:\windows\system32\%APPDATA%

2010-09-30 01:08 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-09-29 23:40 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 23:33 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-09-25 01:03 . 2010-09-25 01:05 -------- d-----w- C:\HostsXpert

2010-09-20 00:53 . 2010-09-20 00:53 -------- d-----w- c:\users\Ari\AppData\Roaming\Malwarebytes

2010-09-20 00:53 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-20 00:53 . 2010-09-20 00:53 -------- d-----w- c:\programdata\Malwarebytes

2010-09-20 00:53 . 2010-09-20 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-20 00:53 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-19 01:24 . 2010-09-20 00:32 -------- d-----w- c:\program files\Ad-Remover

2010-09-17 23:13 . 2010-09-18 01:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-17 23:13 . 2010-09-17 23:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-09-16 22:33 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

((((((((((((((((((((((((((((( SnapShot@2010-09-25_01.15.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-10-01 23:44 . 2010-09-23 22:34 30544 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7600.20804_none_829a926d6243c4a4\aspnet_wp.exe

+ 2010-10-01 23:44 . 2010-09-23 22:31 30544 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7600.16677_none_996ef6ff48966291\aspnet_wp.exe

+ 2010-09-29 23:33 . 2010-08-27 05:22 13312 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.20789_none_bc0dc9762259ae62\iecompat.dll

+ 2010-09-29 23:33 . 2010-08-27 05:30 13312 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.7600.16664_none_bb94cb1109305803\iecompat.dll

+ 2010-09-29 23:40 . 2010-06-19 06:23 40448 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.20738_none_15e05f9083d7fde3\tzupd.exe

+ 2010-03-15 12:52 . 2010-03-15 12:52 40448 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.16617_none_156b62536aab0ce0\tzupd.exe

+ 2010-07-02 00:29 . 2010-10-06 21:39 65536 c:\windows\tracing\RASMBMGR.BIN

- 2010-07-02 00:29 . 2010-08-16 22:52 65536 c:\windows\tracing\RASMBMGR.BIN

+ 2010-07-02 00:29 . 2010-10-06 21:39 65536 c:\windows\tracing\RASL2TP.BIN

- 2010-07-02 00:29 . 2010-08-16 22:52 65536 c:\windows\tracing\RASL2TP.BIN

+ 2010-07-02 00:29 . 2010-10-06 21:39 65536 c:\windows\tracing\IPSEC.BIN

- 2010-07-02 00:29 . 2010-08-16 22:52 65536 c:\windows\tracing\IPSEC.BIN

+ 2010-03-16 14:59 . 2010-10-10 13:07 36840 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2010-10-10 13:07 41036 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:50 . 2010-09-30 15:51 86016 c:\windows\System32\DriverStore\infpub.dat

- 2009-07-14 04:50 . 2010-07-23 02:40 86016 c:\windows\System32\DriverStore\infpub.dat

+ 2010-03-27 11:03 . 2010-10-10 13:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-27 11:03 . 2010-09-24 23:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-27 11:03 . 2010-09-24 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-27 11:03 . 2010-10-10 13:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:41 . 2010-09-24 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:41 . 2010-10-10 13:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-30 01:08 . 2010-09-30 01:08 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 04:34 . 2010-09-17 15:44 64576 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:34 . 2010-10-09 19:38 64576 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-03-27 11:53 . 2010-09-24 23:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-27 11:53 . 2010-10-10 13:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-16 13:18 . 2010-09-24 23:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-16 13:18 . 2010-10-10 13:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-10-01 23:44 . 2010-09-23 22:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2009-07-13 20:46 . 2009-06-10 21:22 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2010-10-07 01:13 . 2005-03-18 20:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll

+ 2010-10-07 01:13 . 2005-03-18 20:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll

- 2010-07-05 03:30 . 2010-09-08 15:58 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-07-05 03:30 . 2010-09-30 01:08 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e822673e35e142ea7337480e677ae0db\System.Web.DynamicData.Design.ni.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2010-09-29 23:40 . 2010-06-19 06:21 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.20738_none_15e05f9083d7fde3\tzres.dll

+ 2010-09-29 23:40 . 2010-06-19 06:15 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7600.16617_none_156b62536aab0ce0\tzres.dll

+ 2010-07-06 23:35 . 2010-09-26 23:36 2628 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2010-07-01 17:38 . 2010-10-10 13:07 8844 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2857843694-555289194-2134968293-1000_UserData.bin

+ 2010-10-09 19:37 . 2010-10-09 19:41 9560 c:\windows\System32\NetworkList\Icons\{E3324405-053E-4401-86A2-54CAE568BDB8}_48.bin

+ 2010-10-09 19:37 . 2010-10-09 19:41 4280 c:\windows\System32\NetworkList\Icons\{E3324405-053E-4401-86A2-54CAE568BDB8}_32.bin

+ 2010-10-09 19:37 . 2010-10-09 19:41 2456 c:\windows\System32\NetworkList\Icons\{E3324405-053E-4401-86A2-54CAE568BDB8}_24.bin

+ 2010-10-09 19:48 . 2010-10-09 19:48 9560 c:\windows\System32\NetworkList\Icons\{7794ED7A-4126-4079-ABFA-90F76CC2D9AA}_48.bin

+ 2010-10-09 19:48 . 2010-10-09 19:48 4280 c:\windows\System32\NetworkList\Icons\{7794ED7A-4126-4079-ABFA-90F76CC2D9AA}_32.bin

+ 2010-10-09 19:48 . 2010-10-09 19:48 2456 c:\windows\System32\NetworkList\Icons\{7794ED7A-4126-4079-ABFA-90F76CC2D9AA}_24.bin

- 2010-09-24 23:25 . 2010-09-24 23:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2010-10-10 13:05 . 2010-10-10 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2010-10-10 13:05 . 2010-10-10 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2010-09-24 23:25 . 2010-09-24 23:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-09-30 01:08 . 2010-03-04 04:01 146304 c:\windows\winsxs\x86_usbvideo.inf_31bf3856ad364e35_6.1.7600.20659_none_2e80582b34e90b52\usbvideo.sys

+ 2010-09-30 01:08 . 2010-03-04 04:04 146304 c:\windows\winsxs\x86_usbvideo.inf_31bf3856ad364e35_6.1.7600.16543_none_2dfb89901bc8b78d\usbvideo.sys

+ 2010-10-01 23:44 . 2010-09-23 22:34 436048 c:\windows\winsxs\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7600.20804_none_f450fce80de64b2a\webengine.dll

+ 2010-10-01 23:44 . 2010-09-23 22:31 436048 c:\windows\winsxs\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.1.7600.16677_none_0b256179f438e917\webengine.dll

+ 2010-09-30 01:08 . 2010-03-04 03:53 190976 c:\windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.20659_none_580529fe10395c5f\ks.sys

+ 2010-09-30 01:08 . 2010-03-04 03:57 190976 c:\windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7600.16543_none_57805b62f719089a\ks.sys

+ 2009-07-14 08:30 . 2009-07-14 08:30 602112 c:\windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.1.7600.20804_pt-br_30d92542b8ad66e4\System.Web.resources.dll

+ 2009-07-14 08:30 . 2009-07-14 08:30 602112 c:\windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.1.7600.16677_pt-br_47ad89d49f0004d1\System.Web.resources.dll

+ 2010-07-02 00:29 . 2010-10-06 21:39 131072 c:\windows\tracing\VPNIKE.BIN

- 2010-07-02 00:29 . 2010-08-16 22:52 196608 c:\windows\tracing\RASSSTP.BIN

+ 2010-07-02 00:29 . 2010-10-06 21:39 196608 c:\windows\tracing\RASSSTP.BIN

+ 2010-07-02 00:29 . 2010-10-06 21:39 262144 c:\windows\tracing\RASPPTP.BIN

- 2010-07-02 00:29 . 2010-08-16 22:52 131072 c:\windows\tracing\AGILEVPN.BIN

+ 2010-07-02 00:29 . 2010-10-06 21:39 131072 c:\windows\tracing\AGILEVPN.BIN

+ 2009-07-14 08:31 . 2010-10-09 02:09 657176 c:\windows\System32\prfh0416.dat

- 2009-07-14 08:31 . 2010-09-20 23:54 657176 c:\windows\System32\prfh0416.dat

- 2009-07-14 08:31 . 2010-09-20 23:54 125568 c:\windows\System32\prfc0416.dat

+ 2009-07-14 08:31 . 2010-10-09 02:09 125568 c:\windows\System32\prfc0416.dat

- 2009-07-14 02:05 . 2010-09-20 23:54 609896 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-10-09 02:09 609896 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2010-09-20 23:54 104214 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2010-10-09 02:09 104214 c:\windows\System32\perfc009.dat

- 2009-07-14 04:50 . 2010-07-23 02:40 143360 c:\windows\System32\DriverStore\infstrng.dat

+ 2009-07-14 04:50 . 2010-09-30 15:51 143360 c:\windows\System32\DriverStore\infstrng.dat

- 2009-07-14 04:50 . 2010-07-23 02:40 143360 c:\windows\System32\DriverStore\infstor.dat

+ 2009-07-14 04:50 . 2010-09-30 15:51 143360 c:\windows\System32\DriverStore\infstor.dat

+ 2010-09-30 01:08 . 2010-03-04 04:04 146304 c:\windows\System32\DriverStore\FileRepository\usbvideo.inf_x86_neutral_2fa015dfde95fcc5\usbvideo.sys

- 2009-07-14 04:51 . 2010-07-07 15:42 399360 c:\windows\System32\DriverStore\drvindex.dat

+ 2009-07-14 04:51 . 2010-09-30 15:51 399360 c:\windows\System32\DriverStore\drvindex.dat

- 2010-03-16 14:35 . 2010-09-24 23:44 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-03-16 14:35 . 2010-10-09 21:23 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-10-01 23:44 . 2010-09-23 22:31 436048 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2009-07-13 20:46 . 2009-06-10 21:23 436048 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-10-07 01:13 . 2005-05-26 18:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll

+ 2010-10-07 01:13 . 2005-03-18 20:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll

+ 2010-10-07 01:13 . 2005-03-18 20:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll

+ 2010-10-07 01:13 . 2005-03-18 20:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll

+ 2010-10-07 01:13 . 2005-03-18 20:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll

+ 2010-10-07 01:13 . 2005-03-18 20:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll

+ 2010-10-07 01:13 . 2005-03-18 20:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\50c9a0aad20bf0351c18d4415de1e7ba\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e5b8584f97d3b36d8b33a01f6f8e4366\WindowsLive.Writer.HtmlParser.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b52c60c682fe4cffbf43d714391bbf2d\WindowsLive.Writer.BlogClient.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f75a83faf551003d59809fbd3739a59\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1af53304e3fe10a7b15dc9937f607fc2\System.Web.Routing.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\20b3c587af6b5c9c9d36a21cd7baa2f4\System.Web.Extensions.Design.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\b67882ca3c8f2b92606b8f9673626286\System.Web.Entity.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\df335f174e9789ff675fa67b6a254761\System.Web.Entity.Design.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\531e45c33d3984d0c186c740fc9f5e48\System.Web.DynamicData.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\115364cd934c1f77bbfd953c08ddacaf\System.Web.Abstractions.ni.dll

+ 2010-10-02 01:29 . 2010-10-02 01:29 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6afe3a43d112ed5356d73468c5c44045\System.Runtime.Remoting.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\41ebde9c737eff80b86ac671b545b999\System.Data.Entity.Design.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7261a9e2ac0c5f4fc97a365f2b9809ed\AspNetMMCExt.ni.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2010-10-07 01:13 . 2010-10-07 01:13 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2010-10-01 23:44 . 2010-09-23 22:34 5251072 c:\windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.1.7600.20804_none_b4d9679fec7e52d7\System.Web.dll

+ 2010-10-01 23:44 . 2010-09-23 22:31 5246976 c:\windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.1.7600.16677_none_cbadcc31d2d0f0c4\System.Web.dll

+ 2010-10-01 23:44 . 2010-09-23 22:34 1277952 c:\windows\winsxs\x86_netfx35linq-system.web.extensions_31bf3856ad364e35_6.1.7600.20804_none_cf2f2326655b9488\System.Web.Extensions.dll

+ 2010-10-01 23:44 . 2010-09-23 22:31 1277952 c:\windows\winsxs\x86_netfx35linq-system.web.extensions_31bf3856ad364e35_6.1.7600.16677_none_ce5cd5df4c740733\System.Web.Extensions.dll

+ 2010-10-01 23:44 . 2010-09-23 22:34 1277952 c:\windows\winsxs\msil_system.web.extensions_31bf3856ad364e35_6.1.7600.20804_none_3bed8de8183e838f\System.Web.Extensions.dll

+ 2010-10-01 23:44 . 2010-09-23 22:31 1277952 c:\windows\winsxs\msil_system.web.extensions_31bf3856ad364e35_6.1.7600.16677_none_3b1b40a0ff56f63a\System.Web.Extensions.dll

- 2009-07-14 02:03 . 2010-09-24 17:42 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:03 . 2010-10-09 19:48 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat

- 2009-07-14 04:34 . 2010-09-17 13:45 3300209 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:34 . 2010-10-02 01:28 3300209 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2010-10-01 23:44 . 2010-09-23 22:31 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f07849b9fd2a9efd953a8566e1ea3d63\WindowsLive.Writer.CoreServices.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c7e09b0bc2ad9a528371c8188a9694bc\WindowsLive.Writer.PostEditor.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\49bea010bf1cd3d114a44ac029d8aeaf\System.WorkflowServices.ni.dll

+ 2010-10-02 01:29 . 2010-10-02 01:29 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d2a55d3fd148e1634963a57afc8ab451\System.Workflow.Runtime.ni.dll

+ 2010-10-02 01:29 . 2010-10-02 01:29 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\54082b58a204310c895299ba03936274\System.Workflow.ComponentModel.ni.dll

+ 2010-10-02 01:29 . 2010-10-02 01:29 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b90f362205a2aa18b04b90a488322ede\System.Workflow.Activities.ni.dll

+ 2010-10-02 01:29 . 2010-10-02 01:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\eff56eb13480ff414dfca0496a3f572c\System.Web.Services.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\53878cd05f58c4959147cbd3b1d69d04\System.Web.Mobile.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 2402816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\55d8256368344958d49ffffc4b31d42d\System.Web.Extensions.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\177dc5c63e6c72ebd19d897c0fddab1b\System.ServiceModel.Web.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e1f487716bc10cf0b290e87d32f25252\System.IdentityModel.ni.dll

+ 2010-10-02 15:54 . 2010-10-02 15:54 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\192e017f3b0f1f3efbf1e3041cd0fa34\System.Data.Services.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\89713af86ff161490962fe41a01cd5f7\MIGUIControls.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\401d4cd2a06122a32cf094d541dcdd63\Microsoft.VisualBasic.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4708642bd681c2355e0a1a36a9016ffd\Microsoft.PowerShell.Commands.Utility.ni.dll

- 2009-07-13 21:10 . 2009-06-10 21:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2010-10-01 23:44 . 2010-09-23 22:31 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2010-10-01 23:44 . 2010-09-23 22:31 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-07-14 08:28 . 2010-10-01 23:43 30314461 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin

+ 2010-09-30 01:08 . 2010-09-30 01:08 20303872 c:\windows\Installer\d3a4a5.msp

+ 2010-10-02 01:29 . 2010-10-02 01:29 11807744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\ace3bede2f516f9e5bca620ad86cc063\System.Web.ni.dll

+ 2010-10-02 15:53 . 2010-10-02 15:53 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cbc67ea9e93f7bebfbc341d39a4f838f\System.ServiceModel.ni.dll

+ 2010-10-02 01:29 . 2010-10-02 01:29 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\11768b1a056f85182e774a21dd920347\System.Design.ni.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-02 39408]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-07-08 3134896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-15 1474560]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]

"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

 

c:\users\Ari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 135664]

R3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2010-08-15 91776]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1067008]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 05:53]

 

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 05:53]

.

.

------- Scan Suplementar -------

.

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: {B9C64D56-5E2B-4D23-A16F-BF691469EF10} = 200.165.132.155 200.149.55.140

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

FF - ProfilePath - c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\9icxnq6z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\users\Ari\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{1D8D62E6-4D4B-4EA5-9509-EDBE8F98F3CF} - c:\windows\System32\Soundupkd.dll

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-2857843694-555289194-2134968293-1000_Classes\CLSID\{42711476-5d65-42e9-ae09-a08b6ebece72}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000fc

"Therad"=dword:0000000a

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

 

[HKEY_USERS\S-1-5-21-2857843694-555289194-2134968293-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):8b,33,38,70,e9,0a,4c,73,1e,cd,4c,27,7e,f5,4c,13,33,c2,2c,bd,90,

e3,e8,32,fd,a1,81,8b,d0,44,98,10,38,69,32,3a,90,7b,d2,45,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\taskhost.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Internet Download Manager\IEMonitor.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-10-10 10:42:55 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-10-10 13:42

 

Pré-execução: 277.097.385.984 bytes disponíveis

Pós execução: 276.985.827.328 bytes disponíveis

 

- - End Of File - - A9F19D3ABD562C3887B1D77B4BA0DB4B

[Diogo R 0]

Certo, agora faça o seguinte:

 

:veja: Clique no botão Iniciar

:veja: Clique em Executar

:veja: Digite combofix /uninstall e dê Enter

 

 

:veja: Delete a pasta C:\Qoobox e o arquivo C:\combofix.txt, se ainda existirem.

 

 

Como está o sistema?

 

 

T+

[AgmNeto 0]

O Sistema agora está normal !! Agora gostaria que você me dissese um anti virus e outras coisas pra proteger meu pc !!

 

Obrigado Pela Ajuda !

[Diogo R 0]

Olá!

 

Fico feliz do problema ter sido solucionado.

 

Faça o download:

 

:veja:'>http://www.baixaki.com.br/download/avira-antivir-personal-edition-classic.htm"]Avira AntiVir Personal Edition Classic 2010 : Considerado um dos melhores ou o melhor anti-virus gratuito atualmente.

 

Leia como auxílio:

 

http://dicasetutoria...onfiguracao.htm'>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.htm"]http://dicasetutoria...onfiguracao.htm

 

http://dicasetutoria...om-o-avira.html'>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html"]http://dicasetutoria...om-o-avira.html

 

 

:veja: Spyware'>http://www.baixaki.com.br/site/dwnld28963.htm"]Spyware Blaster : Ele não remove nenhum tipo de malware...mas é um excelente complemento para segurança de seu Anti-Vírus, Anti-Spyware e Firewall, pois ele previne e imuniza instalação de pragas através de controles ActiveX maliciosos, adwares, discadores, hijackers e todo o tipo de conteúdo potencialmente perigoso em páginas da internet. Basta apenas atualizar o programa e imunizar seu sistema sempre...

 

 

:veja: Malwarebytes'>http://www.besttechie.net/tools/mbam-setup.exe"]Malwarebytes Anti-Malware : Encontra, e remove muitos tipos de malwares diversos...Não tem proteção Residente por ser gratuito, mas é uma ótima ferramenta para auxiliar o Anti-Vírus na remoção de pragas...Basta atualiza-lo (sempre) e fazer um scaniamente completo, e remover os achados...

 

:veja: Outpost'>http://www.baixaki.com.br/site/dwnld58699.htm"]Outpost Firewall Free = Proteja seu computador com um bom Firewall disponibilizado gratuitamente.

 

 

Outpost Firewall Free é um poderoso firewall pessoal grátis para proteger seu computador contra hackers e qualquer outro perigo em potencial na Internet. O programa oferece proteção por filtragem de pacotes e aplicativos para proteger suas informações pessoais de pessoas não-autorizadas.O programa protege a comunicação da Internet para o computador e vice-versa, criando uma proteção bidirecional, com proteção contra atividades ilegais de aplicativos. Possui utilitário de instalação e desinstalação.

 

Julgo ele uma ótima opção pra quem quer se proteger de uma forma fácil...

 

Há uma opção melhor e mais avançada no quesito proteção e configuração, que é o Comodo Firewall, entretanto recomendo para aqueles mais avançados no assunto!!!

 

Tá aí Boas dicas para ter uma navegação mais segura, mas lembre-se, a melhor ferramenta para se livrar de pragas que rondam pela net é o próprio usuário...

 

Grande Abraço :)

 

 

T+