Ganhe dinheiro  escrevendo tutoriais para o Fórum do BABOO! Conheça os Tutoriais Pagos 2016

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

lframiro

PC lento e alto consumo de cpu

19 posts neste tópico

Após abrir anexo zip em email (confesso que era suspeito sim), PC ficou lento demais. Verificando gerenciador de tarefas há consumo alto de cpu, oscilando entre 90 a 100%. Também ao iniciar o windows abre uma caixa informando que o arquivo (?????) não foi deletado não infomando qual. O Skype parou de funcionar e não permite nem reinstalar e nem desinstalar. Fiz uma verificação com o kaspersky security scan e até 4% (onde parei a verificação) e ele achou + de 1300 (e aumentando) malware.

Segue log HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 10:23:32, on 18/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Ask.com\Updater\Updater.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Acer\Empowering Technology\eLock\LockServ.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\DOCUME~1\VMSANT~1\CONFIG~1\Temp\RtkBtMnt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Documents and Settings\VM Santos\Desktop\HijackThis\HijackThis.exe

C:\WINDOWS\system32\regsvr32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [ApnUpdater] "C:\Arquivos de programas\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\VM Santos\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msc] C:\Documents and Settings\VM Santos\Dados de aplicativos\Skype\Content\Generic_Guide.cpl

O4 - HKCU\..\Run: [igfxTray] C:\Documents and Settings\VM Santos\Dados de aplicativos\Skype\Content\IntelAMT-GFX.cpl

O4 - HKCU\..\Run: [KSS] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.itau.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1234060466234

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1345740839953

O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://certapp01.ce...pts/capicom.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphot.../HPSWUpdate.ocx

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Serviço do Kaspersky Security Scan (KSS) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r (file missing)

O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Que tipo de Vírus o Kaspersky encontrou ?

Dê continuidade......

Download o Kaspersky Virus Removal Tool.

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua Área de trabalho.

Duplo clique no arquivo "setup" e aguarde a instalação;

Na próxima tela marque I accept the licence agreement e clique em Start

Clique no botão f4uZX.png e marque:

  • Meu Computador
  • Disco local (C:) (a letra do disco local pode variar)

Clique em Actions e marque os dois quadros ( se já não estiverem marcados):

Zqewdl.jpg

- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão AouIc.png, em Detected threats e no botão "Save".

- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

" Que tipo de Vírus o Kaspersky encontrou ? "

Mr.Million, quando parei a verificação do kaspersky Security Scan, que estava em 4%, já havia detectado + de 1300 Malware, fiquei preocupado e resolvi interromper e fazer com a ajuda do forum. Não lembro ter visualizado algum vírus no teste, somente malware.

Kaspersky Virus Removal Tools por enquanto está em 22%, já consumiu 3h e 30 min e informa que faltam 12 horas para finalizar. è normal demorar assim mesmo ou há algo anormal?

Até o momento 88 ameaças encontradas.

No aguardo da finalização do Scan para postar o log.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, melhor assim, pois poderei saber realmente o que acontece. Tenha paciência que eu aguardo. (Y)



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mr.Million, fui agora pela manhã verificar o andamento e tinham 3 janelas abertas com a informação:

RUNDLL

Erro ao carregar basegui.ppl

Uma rotina de inicialização da biblioteca de vínculo dinâmico(DLL) falhou.

e as outras duas janelas:

RUNDLL

Erro ao carregar basegui.ppl

Não há cota suficiente para processar este comando.

Ontem antes de dormir, estava em 22% e 240 itens suspeitos, restando 1 dia de verificação.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos ver de outra maneira....

Download:

Dr.Web CureIT

Salve- o no Desktop

Dê um duplo-clique em drweb-cureit.

Na janela que abrir, clique em Iniciar -- OK.

Será iniciada a "Verificação rápida" - Feche a janela de propaganda!

Terminando,marque a caixa de "Verificação Completa".

Clique em "Options" --> Em"Change settings",desmarque a "Heuristic analysis".

Clique em "Iniciar verificação" -- Aguarde!

Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim para todos.

Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

Procure salvá-lo em Pasta de fácil localização, tipo Meus Documentos.- ( DrWeb.csv ) -- Texto!

Poste na sua próxima resposta: DrWeb.csv +um novo Log do HijackThis



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fez a express scan e não abre nehuma janela de propaganda. Não achei verificação completa

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-12-19.02 - VM Santos 19/12/2012 12:33:42.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.296 [GMT -2:00]

Executando de: c:\documents and settings\VM Santos\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

ADS - system32: deleted 4 bytes in 2 streams.

ADS - drivers: deleted 314 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\documents and settings\LocalService\Dados de aplicativos\alot

c:\documents and settings\VM Santos\Dados de aplicativos\alot

c:\documents and settings\VM Santos\Dados de aplicativos\alot\hideToolbarLayout\hideToolbarLayout.xml

c:\documents and settings\VM Santos\Dados de aplicativos\alot\hideToolbarLayout\hideToolbarLayout.xml.backup

c:\documents and settings\VM Santos\Dados de aplicativos\alot\SiteMetrics\SiteMetrics.xml

c:\documents and settings\VM Santos\Dados de aplicativos\alot\SiteMetrics\SiteMetrics.xml.backup

c:\documents and settings\VM Santos\Dados de aplicativos\alot\toolbar.xml

c:\documents and settings\VM Santos\WINDOWS

c:\windows\IsUn0416.exe

c:\windows\system32\SETD9.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-19 to 2012-12-19 ))))))))))))))))))))))))))))

.

.

2012-12-19 13:00 . 2012-12-19 13:28 -------- d-----w- c:\documents and settings\VM Santos\Doctor Web

2012-12-18 01:29 . 2012-12-18 01:35 -------- d-----w- C:\LinhaDefensiva

2012-12-18 01:04 . 2012-12-18 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2012-12-18 01:04 . 2012-12-18 01:04 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2012-12-18 00:59 . 2012-12-18 00:59 -------- d-----w- c:\windows\system32\winrm

2012-12-18 00:58 . 2012-12-18 01:00 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-12-17 22:59 . 2012-12-17 22:59 -------- d-----w- c:\documents and settings\VM Santos\Dados de aplicativos\URSoft

2012-12-17 22:59 . 2012-12-17 22:59 -------- d-----w- c:\documents and settings\VM Santos\Configurações locais\Dados de aplicativos\Babylon

2012-12-17 22:58 . 2012-12-17 22:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2012-12-17 22:58 . 2012-12-17 22:59 -------- d-----w- c:\arquivos de programas\Your Uninstaller! 7

2012-12-17 22:58 . 2012-12-17 22:58 -------- d-----w- c:\documents and settings\VM Santos\Dados de aplicativos\Babylon

2012-12-17 22:22 . 2012-12-17 22:22 -------- d-----w- c:\arquivos de programas\CCleaner

2012-12-17 20:44 . 2012-12-17 20:44 -------- d-----w- c:\documents and settings\VM Santos\Dados de aplicativos\Malwarebytes

2012-12-17 20:43 . 2012-12-17 20:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2012-12-17 20:43 . 2012-12-17 20:44 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2012-12-17 20:43 . 2012-09-29 21:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-13 16:22 . 2012-12-13 16:22 -------- d-----w- C:\tmp

2012-12-13 16:17 . 2012-12-13 16:17 -------- d-----w- C:\TMIGR

2012-11-20 11:33 . 2012-11-20 11:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-11 18:17 . 2012-05-04 11:31 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-11 18:17 . 2011-07-03 15:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 17:59 . 2012-10-16 16:45 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-12-11 17:59 . 2012-10-16 16:45 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-11-13 11:55 . 2008-04-14 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-11-13 11:39 . 2012-10-16 16:45 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-06 00:41 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-04 00:16 . 2010-04-21 16:54 46016 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2012-11-02 02:04 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:12 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:12 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:12 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-03 13:30 . 2012-10-03 13:30 675774 ----a-w- c:\windows\unins000.exe

2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-24 17:32 . 2012-09-28 12:30 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 17:32 . 2010-06-29 13:16 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-24 15:51 . 2012-09-28 12:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-09-02 13351304]

"KSS"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]

"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]

"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-12 438272]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]

"ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-03-18 421888]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"CertificateRegistration"="aetcrss1.exe" [2011-03-24 151552]

"ApnUpdater"="c:\arquivos de programas\Ask.com\Updater\Updater.exe" [2012-10-19 1573584]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2009-2-8 45056]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2012-11-04 655552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-10-04 17:05 650088 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-11-04 00:16 655552 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\VM Santos\\Dados de aplicativos\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\VM Santos\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [21/4/2010 14:54 46016]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16/10/2012 14:45 36552]

R2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [16/10/2012 14:45 85280]

R2 AntiVirWebService;Avira Web Protection;c:\arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe [16/10/2012 14:45 565024]

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [8/2/2009 11:27 17664]

R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [8/2/2009 11:27 90112]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [21/4/2010 14:54 279744]

R2 KSS;Serviço do Kaspersky Security Scan;c:\arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [25/4/2012 19:53 202296]

R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [17/12/2012 18:43 399432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/12/2012 18:43 22856]

S2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]

S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [17/12/2012 18:43 676936]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe" --> c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [?]

S3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes;c:\windows\system32\drivers\perto38u.sys [10/10/2006 15:06 33408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 18:17]

.

2012-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:57]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-12 20:49]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-12 20:49]

.

2012-12-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\arquivos de programas\Ask.com\UpdateTask.exe [2012-10-19 04:26]

.

2012-12-19 c:\windows\Tasks\User_Feed_Synchronization-{00FA04C0-8E9B-4218-8BF5-B655BDDDB8F7}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

2012-12-14 c:\windows\Tasks\WebReg Deskjet F4100 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 00:27]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\VM Santos\Dados de aplicativos\Mozilla\Firefox\Profiles\ssworwfs.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112250&babsrc=HP_ss&mntrId=1846d42f00000000000000197e7c0d78

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112250&babsrc=KW_ss&mntrId=1846d42f00000000000000197e7c0d78&q=

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-Foxit Reader - f:\portableapps\Foxit Reader\Uninstall.exe

AddRemove-ImgBurn - f:\portableapps\ImgBurn\uninstall.exe

AddRemove-IrfanView - f:\portableapps\IrfanView\iv_uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-19 12:49

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(668)

c:\arquivos de programas\GbPlugin\gbiehCef.dll

c:\arquivos de programas\GbPlugin\gbiehuni.dll

.

- - - - - - - > 'lsass.exe'(724)

c:\arquivos de programas\Avira\AntiVir Desktop\avsda.dll

.

Tempo para conclusão: 2012-12-19 12:52:11

ComboFix-quarantined-files.txt 2012-12-19 14:52

.

Pré-execução: 10 pasta(s) 52.358.033.408 bytes disponíveis

Pós execução: 16 pasta(s) 52.750.667.776 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 4721F81D378516738C8F2EA20CAAC6F6

Logfile of HijackThis v1.99.1

Scan saved at 12:59:34, on 19/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Ask.com\Updater\Updater.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\VM Santos\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [ApnUpdater] "C:\Arquivos de programas\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [KSS] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.itau.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234060466234

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345740839953

O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://certapp01.certificadodigital.com.br/testecd/scripts/capicom.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Serviço do Kaspersky Security Scan (KSS) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r (file missing)

O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 16:14:46

# Updated 16/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : VM Santos - VM-8F6C434A4E08

# Boot Mode : Normal

# Running from : C:\Documents and Settings\VM Santos\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

Folder Deleted : C:\Arquivos de programas\Ask.com

Folder Deleted : C:\Arquivos de programas\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\VM Santos\Dados de aplicativos\AskToolbar

Folder Deleted : C:\Documents and Settings\VM Santos\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\VM Santos\Dados de aplicativos\BabylonToolbar

Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\alot

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AskToolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112250&babsrc=NT_ss&mntrId=1846d42f00000000000000197e7c0d78 --> hxxp://www.google.com

*************************

AdwCleaner[s1].txt - [7396 octets] - [19/12/2012 16:14:46]

########## EOF - C:\AdwCleaner[s1].txt - [7456 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.1.8 (12.17.2012:1)

OS: Microsoft Windows XP x86

Ran by VM Santos on qua 19/12/2012 at 16:24:58,20

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\Internet Explorer\searchscopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\Internet Explorer\searchscopes\{a531d99c-5a22-449b-83da-872725c6d0ed}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\VM Santos\Dados de aplicativos\alotappbar"

Successfully deleted: [Folder] "C:\Arquivos de programas\alot"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\VM Santos\Dados de aplicativos\mozilla\firefox\profiles\ssworwfs.default\searchplugins\askcom.xml

Successfully deleted: [Folder] C:\Documents and Settings\VM Santos\Dados de aplicativos\mozilla\firefox\profiles\ssworwfs.default\extensions\ffxtlbr@babylon.com

Successfully deleted: [Folder] C:\Documents and Settings\VM Santos\Dados de aplicativos\mozilla\firefox\profiles\ssworwfs.default\extensions\toolbar@ask.com

Successfully deleted the following from C:\Documents and Settings\VM Santos\Dados de aplicativos\mozilla\firefox\profiles\ssworwfs.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

user_pref("browser.search.defaulturl", "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588");

user_pref("browser.search.order.1", "Search the web (Babylon)");

user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=112250&babsrc=HP_ss&mntrId=1846d42f00000000000000197e7c0d78");

user_pref("extensions.BabylonToolbar.bbDpng", 2);

user_pref("extensions.BabylonToolbar.cntry", "BR");

user_pref("extensions.BabylonToolbar.firstRun", false);

user_pref("extensions.BabylonToolbar.hdrMd5", "D9C8BD909E11763189CFB2430DB414C9");

user_pref("extensions.BabylonToolbar.lastActv", "2");

user_pref("extensions.BabylonToolbar.lastDP", 2);

user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1,ffxtlbr@babylon.com:1.1.3,{1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.14,{ef62e1ce-d2a4-4cdd-b7

user_pref("foxlingo.ixquickdefaultlang", "portugues");

user_pref("keyword.URL", "http://search.babylon.com/?affID=112250&babsrc=KW_ss&mntrId=1846d42f00000000000000197e7c0d78&q=");

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("extensions.asktb.ff-original-keyword-url", ""http://search.babylon.com/?babsrc=toolbar2&q=");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on qua 19/12/2012 at 16:31:15,28

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1

Scan saved at 16:33:29, on 19/12/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Acer\Empowering Technology\eLock\LockServ.exe

C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\VMSANT~1\CONFIG~1\Temp\RtkBtMnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\VM Santos\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [KSS] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.itau.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234060466234

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345740839953

O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://certapp01.certificadodigital.com.br/testecd/scripts/capicom.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Serviço do Kaspersky Security Scan (KSS) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r (file missing)

O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 3 Mensagens
    • 98 Visualizações
    • 9 Mensagens
    • 118 Visualizações
    • 2 Mensagens
    • 107 Visualizações
    • 25 Mensagens
    • 736 Visualizações
    • 10 Mensagens
    • 335 Visualizações