Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Francisco Diogo

[Resolvido] &nbspMalware js:iframe-dhy

Recommended Posts


Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 13:48:11, on 29-01-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)



Boot mode: Normal


Running processes:

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Acer\Downloads\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 10567 bytes


Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Francisco Diogo

|- A infecção pode estar associado ao uso de pendrive infectado. Recomendo,portanto,sua formatação.

-/-

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )

UsbFix_Telecharge.jpg

|- Salve-o no desktop!
|- Siga com sua instalação.
|- Desmarque: "Desativar Autorun/AutoPlay automaticamente" >> OK
|- Aperte a tecla "Shift" e conecte seu pendrive ao computador!
|- Execute o arquivo UsbFix.exe,com um duplo clique.

UsbFix_Supprssion.jpg

|- Escolha a opção "Suppression".
|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, antes de mais obrigado pela resposta.

 

Não costumo usar pendrives no pc, ainda assim instalei o UsbFix, corri e passo a colocar o relatorio em seguida.

Ao abrir novamente o Chrome, o Avast voltou a notificar a presença do tal JS.Iframe - DHY [Trj].

 

############################## | UsbFix V 7.162 | [supressão]
Usuário: Acer (Administrador) # ACER-PC
Atualizado em 27/01/2014 por El Desaparecido - Team SosVirus
Começou em 14:20:42 | 29/01/2014
PC: Acer (Aspire 5742G)
CPU: Intel® Core i5 CPU M 460 @ 2.53GHz
RAM -> [Total : 3959 Mo| Free : 2739 Mo]
Bios: Acer
Boot: Normal boot
OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.102
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: Spybot - Search and Destroy [(!) Disabled | (!) Outdated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
AS: Malwarebytes' Anti-Malware : 1.75.0001
C:\ (%systemdrive%) -> Disco fixo # 581 Gb (470 Mb livre - 81%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
################## | Processos Ativos |
C:\Windows\system32\csrss.exe (ID: 576 |ParentID: 568)
C:\Windows\system32\wininit.exe (ID: 636 |ParentID: 568)
C:\Windows\system32\csrss.exe (ID: 660 |ParentID: 648)
C:\Windows\system32\services.exe (ID: 704 |ParentID: 636)
C:\Windows\system32\lsass.exe (ID: 720 |ParentID: 636)
C:\Windows\system32\lsm.exe (ID: 728 |ParentID: 636)
C:\Windows\system32\svchost.exe (ID: 824 |ParentID: 704)
C:\Windows\system32\nvvsvc.exe (ID: 904 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 944 |ParentID: 704)
C:\Windows\System32\svchost.exe (ID: 1004 |ParentID: 704)
C:\Windows\System32\svchost.exe (ID: 116 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 332 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 524 |ParentID: 704)
C:\Windows\system32\winlogon.exe (ID: 1056 |ParentID: 648)
C:\Windows\system32\svchost.exe (ID: 1116 |ParentID: 704)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1248 |ParentID: 704)
C:\Windows\system32\nvvsvc.exe (ID: 1312 |ParentID: 904)
C:\Windows\system32\Dwm.exe (ID: 1584 |ParentID: 116)
C:\Windows\Explorer.EXE (ID: 1592 |ParentID: 1532)
C:\Windows\system32\taskhost.exe (ID: 1600 |ParentID: 704)
C:\Windows\System32\spoolsv.exe (ID: 1672 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 1716 |ParentID: 704)
C:\Windows\system32\runonce.exe (ID: 1724 |ParentID: 1592)
C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID: 1832 |ParentID: 704)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 1884 |ParentID: 704)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (ID: 1912 |ParentID: 704)
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (ID: 1952 |ParentID: 704)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (ID: 1984 |ParentID: 704)
C:\Windows\system32\svchost.exe (ID: 2036 |ParentID: 704)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 1328 |ParentID: 704)
C:\Windows\system32\taskeng.exe (ID: 1844 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 2840 |ParentID: 704)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3056 |ParentID: 824)
################## | Regedit Run |
04 - HKCU\..\Run : [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKLM\..\Run : [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKLM64\..\Run : [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM64\..\Run : [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKU\S-1-5-19\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3751968839-2830508329-3538414248-1000\..\Run : [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Procura genérica |
(!) Ficheiros temporários suprimido.
################## | Registro |
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Reparado ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Supprimido ! HKU\S-1-5-21-3751968839-2830508329-3538414248-1000\Software\.\.\.\.\Mountpoints2\E
################## | Listing |
[05/06/2012 - 11:14:02 | SHD] - C:\$Recycle.Bin
[28/09/2013 - 19:16:52 | A | 0 Ko] - C:\autoexec.bat
[05/06/2012 - 10:35:10 | D] - C:\book
[30/08/2010 - 09:47:02 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[06/11/2013 - 16:11:30 | D] - C:\BTNext
[14/07/2009 - 05:08:56 | SHD] - C:\Documents and Settings
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1028.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1031.txt
[07/11/2007 - 07:00:40 | N | 10 Ko | 99C22D4A31F4EAD4351B71D6F4E5F6A1] - C:\eula.1033.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1036.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1040.txt
[07/11/2007 - 07:00:40 | N | 0 Ko | 9B15A3A055CC6E67EA191A1B7885649A] - C:\eula.1041.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1042.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.2052.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.3082.txt
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\globdata.ini
[29/01/2014 - 14:20:00 | ASH | 3040284 Ko] - C:\hiberfil.sys
[07/11/2007 - 07:03:18 | N | 550 Ko | 520A6D1CBCC9CF642C625FE814C93C58] - C:\install.exe
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\install.ini
[07/11/2007 - 07:03:18 | N | 75 Ko | 4151A4D07640863783F837E588235837] - C:\install.res.1028.dll
[07/11/2007 - 07:03:18 | N | 94 Ko | 3B8A82E04238655EAEF97E074FB29911] - C:\install.res.1031.dll
[07/11/2007 - 07:03:18 | N | 89 Ko | 9EDEB8B1C5C0A4CD3A3016B85108127D] - C:\install.res.1033.dll
[07/11/2007 - 07:03:18 | N | 95 Ko | 5B6FF470CFA7087690E61F87E81EF78A] - C:\install.res.1036.dll
[07/11/2007 - 07:03:18 | N | 93 Ko | 6310AB8FC9E3DBEE80592FC453A34FEE] - C:\install.res.1040.dll
[07/11/2007 - 07:03:18 | N | 80 Ko | 13ED4517152203DE4BC52ACC0255D952] - C:\install.res.1041.dll
[07/11/2007 - 07:03:18 | N | 78 Ko | 0D4FB4095EA49C1EC89B9E8DB0B936A3] - C:\install.res.1042.dll
[07/11/2007 - 07:03:18 | N | 74 Ko | D7366B34E8AFB605C39EF56E2201FE85] - C:\install.res.2052.dll
[07/11/2007 - 07:03:18 | N | 94 Ko | 41BB37A347121F3E5E88D85100638B79] - C:\install.res.3082.dll
[30/08/2010 - 09:01:22 | D] - C:\Intel
[10/08/2012 - 19:40:32 | RHD] - C:\MSOCache
[05/06/2012 - 11:13:54 | D] - C:\OEM
[29/01/2014 - 14:20:00 | ASH | 4053716 Ko] - C:\pagefile.sys
[14/07/2009 - 03:20:08 | D] - C:\PerfLogs
[11/08/2013 - 23:54:56 | D] - C:\Poker
[11/12/2013 - 14:53:08 | D] - C:\Program Files
[29/01/2014 - 13:16:53 | D] - C:\Program Files (x86)
[05/06/2012 - 11:12:21 | D] - C:\Programas
[29/01/2014 - 13:17:01 | HD] - C:\ProgramData
[05/06/2012 - 11:12:22 | SHD] - C:\Recovery
[05/06/2012 - 10:31:17 | N | 3 Ko] - C:\RHDSetup.log
[28/01/2014 - 11:43:20 | SHD] - C:\System Volume Information
[29/01/2014 - 14:17:14 | D] - C:\UsbFix
[29/01/2014 - 14:21:12 | A | 8 Ko | 4431BB6861EFB1A83F19C79015766516] - C:\UsbFix [Clean 2] ACER-PC.txt
[05/06/2012 - 11:12:32 | D] - C:\Users
[07/11/2007 - 07:00:40 | N | 6 Ko] - C:\vcredist.bmp
[07/11/2007 - 07:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 07:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[29/01/2014 - 13:40:48 | D] - C:\Windows
################## | Vaccin |
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Francisco Diogo

|- Instale o MBAM: < adeWcUUs.jpg >

|- Atualize o programa!

adtCRpOM.jpg

|- Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
|- Clique "Concluir".
|- Escolha o escaneamento Rápido! >> Verificar!
|- Desabilite programas de proteção,ao executar o malwarebytes.
|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.
|- Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!

MBAN_Remover.jpg

|- Ao concluir,clique em "Ok" >> "Ver Resultados" >> "Remover Selecionados".
|- Poste,o relatório: mbam-log-2013-xx-xx (00-00-00).txt
|- Indo à janela principal do MBAM,clique na aba Logs para obter o relatório.

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware (Período de Avaliação) 1.75.0.1300

www.malwarebytes.org


Versão da base de dados: v2014.01.29.05


Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Acer :: ACER-PC [administrador]


Protecção: Activada


29-01-2014 14:46:37

mbam-log-2014-01-29 (14-46-37).txt


Tipo de pesquisa: Rápida

Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI

Opções de pesquisa desactivadas: P2P

Objectos verificados: 211674

Tempo decorrido: 6 minuto(s), 9 segundo(s)


Processos de memória Detectados: 0

(Nenhum item malicioso detectado)


Módulos de Memória Detectados: 0

(Nenhum item malicioso detectado)


Chaves do Registo Detectadas: 0

(Nenhum item malicioso detectado)


Valores do Registo Detectados: 0

(Nenhum item malicioso detectado)


Itens de dados do Registo Detectados: 0

(Nenhum item malicioso detectado)


Pastas Detectadas: 0

(Nenhum item malicioso detectado)


Ficheiros Detectados: 0

(Nenhum item malicioso detectado)


(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Francisco Diogo

|- Uma última verificação online em Eset,já que Malwarebytes nada detectou de malicioso.

-/-

|- Execute escaneamento online em | hh3lp9.jpg |
|- Utilize o navegador "Internet Explorer",para essa tarefa!

th_Nod32.gif

|- Siga,conforme a imagem,essa verificação ou scan.

adkmMHUi.jpg

|- Ao concluir,teremos em "Resultados do rastreamento" a opção "Exportar para arquivo de texto...".
|- Escolha o desktop e nomeie o relatório como Eset_log.
|- Poste esse relatório!
|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom dia, ja corri o Eset e aqui vai o relatorio. Mais uma vez obrigado pela ajuda. Abraço





C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D application

C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mondngajneikgfbgpibddakednnmngef\11_0\background.js JS/TrojanClicker.Agent.NFJ.Gen trojan cleaned by deleting - quarantined

C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined

C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001 Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined

C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6YHBHTC2\trz84E9.tmp HTML/Iframe.B.Gen virus deleted - quarantined

C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E4T46ZYG\trz754E.tmp HTML/Iframe.B.Gen virus deleted - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4870ad9-76bbd8fe multiple threats cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2db251dd-2dd5ba6e a variant of Java/Exploit.CVE-2013-2460.N trojan cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2db251dd-75aa7cbd a variant of Java/Exploit.CVE-2013-2460.N trojan cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6f89dd60-541d1acf multiple threats cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\114bfeaa-107d649b multiple threats cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\4470abc5-266275d2 a variant of Win32/Kryptik.BOEL trojan cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6f0da0c5-788a5d86 multiple threats cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\ddeceb2-3ce5088b a variant of Java/Exploit.CVE-2013-2465.CU trojan cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4b7d1ab4-22cbd3ea multiple threats cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\472f513a-3b3aff46 multiple threats cleaned by deleting - quarantined

C:\Users\Acer\Desktop\Francisco\Documentos\Telemovel SapoA5\z4root.apk multiple threats deleted - quarantined

C:\Users\Acer\Desktop\Francisco\Documentos\Telemovel SapoA5\Backup SD\Android\z4root.apk multiple threats deleted - quarantined

C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined

C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe a variant of Win32/CompuTrace.B application cleaned by deleting - quarantined

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Francisco Diogo

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chromelook;
firefoxlook;
autoclean;
emptyalltemp;


|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.
|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

Abs!

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boas, acabei de fazer isso tudo e aqui vai o relatorio do zoek entao. Abraço

 

Zoek.exe v5.0.0.0 Updated 29-January-2014
Tool run by Acer on 30-01-2014 at 20:49:05,53.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Acer\Desktop\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
30-01-2014 20:50:24 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers deleted
C:\ProgramData\boost_interprocess deleted
C:\Users\Acer\AppData\Local\cache deleted
C:\Windows\Tasks\Dealply.job deleted
C:\windows\SysNative\Tasks\Dealply deleted
C:\windows\SysNative\Tasks\DealPlyUpdate deleted
C:\Windows\wininit.ini deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30-01-2014 00:28]
ieakfmpjhljbpbfpldjkddkjmmgjmgon - C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx[]
Entanglement Web App - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd
wareztuga.tv streamer - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj
Google Drive - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Tetris 2 - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\emidddocikgklceeeifefomdnbkldhng
AdBlock - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Windows Media Player Extension for HTML5 - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
Flash Player - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mondngajneikgfbgpibddakednnmngef
Google Wallet - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Bloxorz - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\phiaicokjaoaobiobphcfkmbeiejdang
Gmail - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon deleted successfully
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\57b3182e-3ca7-4e9e-869b-4079249a440f.exe /check
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TG21K9MK will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=132 folders=23 23138210 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Acer\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Acer\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TG21K9MK" deleted
==== EOF on 30-01-2014 at 21:02:49,92 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Francisco Diogo

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

advz4z8Y.jpg

|- Dê início ao scan,clicando em "Examinar".

|- Essa verificação pode ser realizada em Modo de Segurança.
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v3.018 - Report created 30/01/2014 at 22:57:28

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Acer - ACER-PC

# Running from : C:\Users\Acer\Desktop\adwcleaner.exe

# Option : Clean


***** [ Services ] *****



***** [ Files / Folders ] *****



***** [ Shortcuts ] *****



***** [ Registry ] *****


Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKLM\Software\Conduit


***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.16428



Aqui vai o relatório do AdwCleaner



-\\ Google Chrome v32.0.1700.102


[ File : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\preferences ]



*************************


AdwCleaner[R0].txt - [1368 octets] - [30/01/2014 22:55:25]

AdwCleaner[s0].txt - [1172 octets] - [30/01/2014 22:57:28]


########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1232 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Francisco Diogo

Ao abrir novamente o Chrome, o Avast voltou a notificar a presença do tal JS.Iframe - DHY [Trj].

|- Execute novo scan com o Avast,e verifique se o JS.Iframe - DHY [Trj] permanece no navegador Chrome.

-/-

|- Baixe: |DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

aciCkcnc.jpg

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".
|- Tudo Ok?

Abs!

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.