Ganhe dinheiro  escrevendo tutoriais para o Fórum do BABOO! Conheça os Tutoriais Pagos 2016

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

TheuLoko123

Log Do HijackThis !

13 posts neste tópico

Bom Dia ,

 

depois de um tempo sem internet , reparei minha net oscilando , creio que seja alguma configurção ou virus .

 

Segue o LOG abaixo !

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:45, on 12/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\ARQUIV~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Arquivos de programas\Tibia\Tibia.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Meus documentos\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RtkDashClient.exe] C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\WINDOWS\is-AGO10.exe" /REG /REGSVRMODE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
 
--
End of file - 8056 bytes
 

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o "Citar" do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue Log do MBAM-LOG 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados:  v2013.02.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Matheus Souza :: MATHEUS [administrador]

13/2/2013 10:08:54
mbam-log-2013-02-13 (10-08-54).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  196275
Tempo decorrido: 7 minuto(s), 36 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

 

 

Log Do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:19:08, on 13/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Tibia\Tibia.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Matheus Souza\Meus documentos\Downloads\HijackThis.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RtkDashClient.exe] C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--
End of file - 7776 bytes
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Coloque um Antivírus neste PC, atualize e faça um Scan completo.

Após feito, poste um novo log do HijackThis.

Veja neste meu Tópico Pinado as indicações: Kits de Segurança Free para sua maior proteção (Y)



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:17:25, on 13/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
c:\arquivos de programas\avira\antivir desktop\avscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Tibia\Tibia.exe
C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
C:\Documents and Settings\Matheus Souza\Desktop\Magebot\magebotv55.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Meus documentos\Downloads\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RtkDashClient.exe] C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--
End of file - 8437 bytes
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o "Citar" do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-02-13.02 - Matheus Souza 14/02/2013  16:52:19.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2037.1563 [GMT -2:00]
Executando de: c:\documents and settings\Matheus Souza\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADO !!
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dados de aplicativos\TEMP
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-01-14 to 2013-02-14  ))))))))))))))))))))))))))))
.
.
2013-02-13 23:43 . 2012-12-26 20:19 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-13 19:23 . 2013-02-13 21:32 -------- d-----w- c:\windows\system32\NtmsData
2013-02-13 19:20 . 2013-02-13 19:20 -------- d-----w- c:\documents and settings\Matheus Souza\Dados de aplicativos\Avira
2013-02-13 19:19 . 2013-02-13 17:24 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-13 19:19 . 2013-02-13 17:24 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-13 19:19 . 2013-02-13 17:24 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-13 19:19 . 2013-02-13 19:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2013-02-13 19:19 . 2013-02-13 19:19 -------- d-----w- c:\arquivos de programas\Avira
2013-01-24 21:14 . 2013-01-24 21:14 -------- d-----w- c:\arquivos de programas\Tibia
2013-01-24 21:09 . 2013-02-14 15:19 -------- d-----w- c:\documents and settings\Matheus Souza\Dados de aplicativos\Tibia
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 20:23 . 2011-11-30 12:38 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 20:23 . 2011-11-30 12:38 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2004-08-04 03:45 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:25 . 2004-08-04 00:40 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:25 . 2004-08-04 03:40 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2004-08-04 03:38 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 03:45 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 03:45 1296896 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:20 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:19 . 2004-08-04 03:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:19 . 2004-08-04 03:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:42 . 2004-08-04 03:37 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-04 03:44 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 18:49 . 2012-01-05 17:09 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
[-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . CB6BBDCCC9F7984E2CA6CA5842746635 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[7] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[7] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . E64296F1D45C776FAC6EE8F89EF3C303 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 6CF079A582D64AC2BF7932F323F76BD2 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 3976FAE773878603E12188B29B86FD69 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[7] 2004-08-04 03:45 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
.
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 . 070E2A3C3F8715C806BCACF1AB0E47F4 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 070E2A3C3F8715C806BCACF1AB0E47F4 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[7] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
.
[-] 2011-11-01 . 39AF06704835F7BC76CB0292A382843A . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 39AF06704835F7BC76CB0292A382843A . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 1C25730B4DF47E0FD20FC0AF9BC087CE . 1288704 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . C30659F5FE93DB40AB0965E427C3E001 . 1287680 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . E56285801DAD163215DB71A8BE476F47 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[7] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[7] 2004-08-04 . C44792D0F3070F7959E4DC4F49380595 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 68C76F0EC31E693F7A6E262FF7AA4F9E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 96405954A94A3890670D2648FBF22CC8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2009-07-27 . B2EC6D6CC31ABF1862801DFBD1C7219E . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . B2EC6D6CC31ABF1862801DFBD1C7219E . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 49E3691B7B320381D264D3D9950620AE . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[7] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2010-12-09 . 8862374ABB9C3B74C4CAF27BC5E4CE25 . 734208 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . B7F4168A13D253DDACB9C04A9434857C . 734208 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . B7F4168A13D253DDACB9C04A9434857C . 734208 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 57BAAF8C6BE977FD376863A9FF7C6207 . 731136 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[-] 2009-02-09 . 45232A23B6CB293A0BB5707CAD04E38F . 730624 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll
[-] 2009-02-09 . 45232A23B6CB293A0BB5707CAD04E38F . 730624 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[-] 2009-02-09 . 67FD488D79D9012CCCCE819E32B0390E . 730624 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
[-] 2009-02-09 . F50F991B00DA872A42E960B52F16A74B . 731136 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntdll.dll
[7] 2008-04-14 . EC6F999F3D32F951B4EA08BDFBC7B705 . 721920 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[7] 2008-04-14 . EC6F999F3D32F951B4EA08BDFBC7B705 . 721920 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[7] 2004-08-04 . 887F30B21FD68DEA4EEDBBE5E0A2200A . 723968 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntdll.dll
.
[-] 2009-02-27 . C8C9B4D99521BE8FB60EC2C48B26FAD8 . 177152 . . [5.1.2600.3531] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
[-] 2009-02-27 . AB17A80ADF50A4F06ADF1F3BC6849325 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3GDR\msctfime.ime
[-] 2009-02-27 . AB17A80ADF50A4F06ADF1F3BC6849325 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . AB17A80ADF50A4F06ADF1F3BC6849325 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 1A0FB9CBBB82529A7004CF258D95D612 . 177152 . . [5.1.2600.3531] . . c:\windows\$hf_mig$\KB961503\SP2QFE\msctfime.ime
[-] 2009-02-27 . 07A93C94F7B2709787E0DF3EA72D2712 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[7] 2008-04-14 . 609222D86984FC7A48A6AA5CB491D24F . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime
[7] 2008-04-14 . 609222D86984FC7A48A6AA5CB491D24F . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[7] 2004-08-04 . 855C0DEB5F89018CE7D2C94FBE2D8406 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB961503_0$\msctfime.ime
.
[-] 2010-09-18 07:18 . 7E9E27D39EAC36D2E6B1023F9CA915E2 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . EBA8BC5C21D8EAB3997CC47D9212BACB . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[7] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2001-10-28 15:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\arquivos de programas\ManyCam\Bin\ManyCam.exe" [2011-03-21 1752136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-30 17881088]
"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-11-30 296056]
"RtkDashClient.exe"="c:\arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe" [2010-12-02 437248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-26 16:50 136176 ----atw- c:\documents and settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2011-11-26 18:04 190024 ----a-w- c:\arquivos de programas\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 00:12 3872080 ----a-w- c:\arquiv~1\WINDOW~4\MESSEN~1\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-10-24 18:51 801792 ----a-w- c:\arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13/2/2013 17:19 36552]
R2 AntiVirSchedulerService;Avira Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [13/2/2013 17:19 86752]
R2 RtDash5x;Realtek NDIS Protocol Driver for Dash;c:\windows\system32\drivers\RtDash5x.sys [24/5/2010 14:16 22528]
S2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/9/2012 22:59 398184]
S2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [5/1/2012 15:09 682344]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [13/7/2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26/11/2011 14:46 1684736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/1/2012 15:09 21104]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
S3 XDva401;XDva401;\??\c:\windows\system32\XDva401.sys --> c:\windows\system32\XDva401.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-30 20:23]
.
2013-02-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-1965331169-839522115-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-11-08 18:14]
.
2013-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-1965331169-839522115-1003.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-11-08 18:14]
.
2013-02-13 c:\windows\Tasks\ReclaimerUpdateFiles_Matheus Souza.job
- c:\documents and settings\Matheus Souza\Dados de aplicativos\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-23 00:48]
.
2013-02-14 c:\windows\Tasks\ReclaimerUpdateXML_Matheus Souza.job
- c:\documents and settings\Matheus Souza\Dados de aplicativos\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-23 00:48]
.
2013-02-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Matheus Souza.job
- c:\documents and settings\Matheus Souza\Dados de aplicativos\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-01-23 00:48]
.
2013-02-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-11-27 00:18]
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-14 16:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'explorer.exe'(1352)
c:\windows\system32\WININET.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2013-02-14  17:00:03
ComboFix-quarantined-files.txt  2013-02-14 19:00
.
Pré-execução: 9 pasta(s) 293.538.725.888 bytes disponíveis
Pós execução: 12 pasta(s) 293.951.131.648 bytes disponíveis
.
- - End Of File - - 903C90DA4F7A2004DF05FEB77BA2A4D2


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:57, on 14/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matheus Souza\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Matheus Souza\Meus documentos\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RtkDashClient.exe] C:\Arquivos de programas\Realtek\RtkXPDashClientInstaller\RtkDashClient.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--
End of file - 7627 bytes
 

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga os procedimentos da página abaixo:

http://support.microsoft.com/kb/822798

Veja o campo RESOLUÇÃO e Execute o FixIT.

Feito isso, faça uma nova execução do ComboFix. Será gerado um novo Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-05-07.02 - flavia 07/05/2013  22:58:21.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.55.1046.18.2012.833 [GMT -3:00]

Executando de: c:\documents and settings\flavia\Desktop\ComboFix.exe

AV: avast! antivírus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

ADS - drivers: deleted 208 bytes in 1 streams.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\windows\system32\roboot.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

.

A cópia de c:\windows\system32\Services.exe foi encontrada e desinfectada 

Cópia restaurada de - c:\windows\$NtUninstallKB956572$\services.exe 

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-08 to 2013-05-08  ))))))))))))))))))))))))))))

.

.

2013-05-08 01:54 . 2013-05-08 01:54 -------- d-----w- c:\windows\system32\CatRoot2

2013-05-04 14:26 . 2013-05-04 14:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2013-05-01 15:23 . 2013-05-01 15:23 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\4Media

2013-05-01 14:07 . 2013-05-01 14:08 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator

2013-05-01 14:06 . 2013-05-01 14:06 172032 ----a-w- c:\windows\system32\AniGIF.ocx

2013-05-01 14:06 . 2013-05-01 14:06 -------- d-----w- c:\arquivos de programas\Common Files

2013-05-01 13:38 . 2013-05-01 13:38 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\Avira

2013-05-01 13:36 . 2013-05-05 18:56 -------- d-----w- c:\windows\system32\NtmsData

2013-05-01 13:30 . 2013-05-01 13:26 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-05-01 13:30 . 2013-05-01 13:26 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-05-01 13:30 . 2013-05-01 13:26 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-05-01 13:30 . 2013-05-01 13:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2013-05-01 13:30 . 2013-05-01 13:30 -------- d-----w- c:\arquivos de programas\Avira

2013-04-28 13:37 . 2013-04-28 13:37 -------- d-----w- c:\documents and settings\flavia\Configurações locais\Dados de aplicativos\Help

2013-04-23 19:38 . 2013-04-23 19:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2013-04-23 16:57 . 2013-04-23 16:57 -------- d-----w- c:\windows\system32\Low

2013-04-23 16:57 . 2013-04-23 16:57 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\ProgSense

2013-04-23 16:57 . 2013-04-23 16:57 -------- d-----w- C:\downloads

2013-04-23 16:57 . 2013-04-23 16:57 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\GrabPro

2013-04-23 16:57 . 2013-04-23 16:57 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\OpenCandy

2013-04-23 16:57 . 2013-04-23 18:59 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\Orbit

2013-04-23 16:54 . 2013-04-23 16:54 -------- d-----w- c:\documents and settings\flavia\Configurações locais\Dados de aplicativos\PSafe

2013-04-23 16:54 . 2013-04-23 16:54 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\PSafe

2013-04-23 16:54 . 2013-04-11 21:52 322560 ----a-r- c:\windows\system32\PsClikS.dll

2013-04-23 16:48 . 2013-04-23 19:01 -------- d-----w- c:\arquivos de programas\DsNET Corp

2013-04-22 15:43 . 2013-04-23 19:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Tarma Installer

2013-04-22 15:43 . 2013-04-22 15:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Baidu Security

2013-04-22 15:41 . 2013-04-22 15:41 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\Baidu Security

2013-04-17 23:43 . 2013-04-17 23:43 -------- d-----w- c:\documents and settings\flavia\Dados de aplicativos\VDownloader

2013-04-17 23:43 . 2013-05-01 14:50 -------- d-----w- c:\documents and settings\flavia\Configurações locais\Dados de aplicativos\VDownloader

2013-04-17 23:43 . 2013-04-17 23:43 -------- d-----w- C:\ProgramData

2013-04-17 23:43 . 2010-01-26 13:11 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

2013-04-17 23:43 . 2013-05-04 18:22 -------- d-----w- c:\arquivos de programas\VDownloader

2013-04-17 23:41 . 2013-04-26 21:58 -------- d-----w- c:\arquivos de programas\Minibar

2013-04-10 00:57 . 2013-05-01 14:11 -------- d---a-w- c:\arquivos de programas\Windows Sidebar

2013-04-10 00:57 . 2013-04-10 00:57 -------- d---a-w- C:\VAIO

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-03 14:10 . 2013-04-03 14:10 109696 ----a-w- c:\windows\system32\EasyHook64.dll

2013-04-03 14:10 . 2013-04-03 14:10 91264 ----a-w- c:\windows\system32\EasyHook32.dll

2013-03-13 12:24 . 2012-06-25 13:56 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 12:24 . 2012-01-24 11:06 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-08 22:14 . 2011-10-01 14:05 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-03-08 22:14 . 2003-03-18 15:44 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-03-08 08:36 . 2008-04-13 19:20 293888 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 15:56 . 2008-10-21 03:01 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 15:56 . 2008-08-14 13:56 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 02:07 . 2008-08-26 08:11 916480 ----a-w- c:\windows\system32\wininet.dll

2013-03-02 02:06 . 2008-10-21 03:02 43520 ------w- c:\windows\system32\licmgr10.dll

2013-03-02 02:06 . 2008-08-26 08:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:58 . 2008-10-21 02:59 1867392 ----a-w- c:\windows\system32\win32k.sys

2013-03-02 01:08 . 2008-10-21 03:02 385024 ------w- c:\windows\system32\html.iec

2013-02-27 07:58 . 2011-10-01 13:56 2067456 ----a-w- c:\windows\system32\mstscax.dll

2013-02-12 00:32 . 2008-04-13 11:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-07-06 . CA55414844420DD7798AAEFBB58E1439 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[-] 2012-07-06 . CA55414844420DD7798AAEFBB58E1439 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll

[-] 2012-07-06 . 8684F9EFDFE46A62309C934FC5EC1FB7 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll

[7] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll

[7] 2008-04-13 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\browser.dll

.

[-] 2012-10-03 . 190D664F0BEED2D8C9EF24E4DE74A13E . 1029120 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll

[-] 2012-10-03 . 190D664F0BEED2D8C9EF24E4DE74A13E . 1029120 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2012-10-03 . BB9E92F86B66AC9664DD7FDB0F3A2EF4 . 1030656 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\erdnt\cache\kernel32.dll

[-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[7] 2008-04-13 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

.

[-] 2010-12-09 . 8862374ABB9C3B74C4CAF27BC5E4CE25 . 734208 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[-] 2010-12-09 . 8862374ABB9C3B74C4CAF27BC5E4CE25 . 734208 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll

[-] 2009-02-09 . 57BAAF8C6BE977FD376863A9FF7C6207 . 731136 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll

[7] 2008-04-13 . EC6F999F3D32F951B4EA08BDFBC7B705 . 721920 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll

.

[-] 2009-02-27 . AB17A80ADF50A4F06ADF1F3BC6849325 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime

[-] 2009-02-27 . AB17A80ADF50A4F06ADF1F3BC6849325 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime

[-] 2009-02-27 . 07A93C94F7B2709787E0DF3EA72D2712 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime

[7] 2008-04-13 . 609222D86984FC7A48A6AA5CB491D24F . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime

.

[-] 2008-10-21 . 72FE80D2D4653F5DC7716D45CEEA5E52 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 123536 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

"SpeedBitVideoAccelerator"="c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2013-05-01 1515688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-23 129536]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-23 164352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-23 140800]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2013-03-08 295072]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2013-05-01 345312]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-01-22 13:31 1684520 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 11:10 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

.

R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [25/9/2012 22:02 61488]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [15/3/2012 17:46 46888]

R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [25/9/2012 22:02 152880]

R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [25/9/2012 22:02 29744]

R1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [25/9/2012 22:02 64048]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/10/2011 03:43 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/10/2011 09:08 337880]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [1/5/2013 10:30 37352]

R2 AntiVirSchedulerService;Avira Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [1/5/2013 10:31 86752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/10/2011 09:08 20696]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [15/3/2012 17:46 526888]

R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [1/10/2011 04:55 88688]

R2 ogmservice;Online Games Manager;c:\arquivos de programas\Online Games Manager\ogmservice.exe [12/3/2013 10:01 559168]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20:31 38608]

R2 SBUpd;SpeedBit Update;c:\arquivos de programas\Common Files\SpeedBit\SBUpdate\sbu.exe [27/2/2013 10:21 772728]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2/10/2012 11:13 3064000]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [1/10/2011 04:57 61552]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [15/3/2012 17:46 28880]

R3 SBUpdd;SpeedBit UpdateD;c:\arquivos de programas\Common Files\SpeedBit\SBUpdate\sbw.sys [27/2/2013 10:21 31640]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/10/2011 04:55 2804720]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [28/2/2013 18:45 161384]

S3 cpudrv;cpudrv;c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [2/6/2011 11:08 11336]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [15/3/2012 17:46 28880]

S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]

S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]

S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 21:17 1642448 ----a-w- c:\arquivos de programas\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 12:24]

.

2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-01-19 19:47]

.

2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2012-01-19 19:47]

.

2013-05-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1177238915-413027322-1417001333-1004.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 18:30]

.

2013-05-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1177238915-413027322-1417001333-1004.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 18:30]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.softonic.com/MOY00015/tb_v1?SearchSource=10&cc=

mStart Page = hxxp://br.hao123.com/?tn=smt_hp_hao123_br

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\arquivos de programas\SpeedBit Video Accelerator\SBLSP.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-07 23:06

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ... 

.

Procurando entradas auto inicializáveis ocultas ... 

.

Procurando ficheiros/arquivos ocultos ... 

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(608)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

- - - - - - - > 'lsass.exe'(664)

c:\arquivos de programas\SpeedBit Video Accelerator\SBLSP.dll

c:\arquivos de programas\SpeedBit Video Accelerator\ConfigDB.dll

.

- - - - - - - > 'explorer.exe'(2760)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\SpeedBit Video Accelerator\SBLSP.dll

c:\arquivos de programas\SpeedBit Video Accelerator\ConfigDB.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-05-07  23:09:22 - Máquina reiniciou

ComboFix-quarantined-files.txt  2013-05-08 02:09

ComboFix2.txt  2012-07-12 00:28

.

Pré-execução: 14 pasta(s) 67,998,347,264 bytes disponíveis

Pós execução: 15 pasta(s) 68,039,512,064 bytes disponíveis

.

- - End Of File - - 09E2E6B609DE4E9884C8ECFA71E5769A

 


 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:09:51, on 7/5/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\WINDOWS\system32\KaraokeSer.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Online Games Manager\ogmservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Arquivos de programas\Common Files\SpeedBit\SBUpdate\sbu.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\flavia\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/MOY00015/tb_v1?SearchSource=10&cc=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=smt_hp_hao123_br



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab


O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364938182703

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Arquivos de programas\Online Games Manager\ogmservice.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: SpeedBit Update (SBUpd) - Speedbit Ltd. - C:\Arquivos de programas\Common Files\SpeedBit\SBUpdate\sbu.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

O23 - Service: VideoAcceleratorService - SPEEDbit - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

 

--

End of file - 11851 bytes

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nunca use dois Antivírus juntos....Eles geram Conflitos, Instabilidades e Lentidão no PC, em suma um desastre completo. Dois antivírus instalados no computador competem entre si e abrem brecha para que a funcionalidade de um anule a proteção do outro.

Desinstale um, reinicie...

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.300 - Relatório criado em 08/05/2013 às 12:49:55# Atualizado em 28/04/2013 por Xplode# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)# Usuário : flavia - ESCOLA-E73F56C7# Modo de Boot : Normal# Executado de : C:\Documents and Settings\flavia\Desktop\adwcleaner.exe# Opção [Remover]***** [serviços] ********** [Arquivos/Pastas] *****Arquivo Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\funmoods.crxArquivo Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorageArquivo Removido : C:\ENDArquivo Removido : C:\user.jsPasta Removido : C:\Arquivos de programas\iMesh Applications\MediabarPasta Removido : C:\Arquivos de programas\IminentPasta Removido : C:\Arquivos de programas\MinibarPasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\BabylonPasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\rvlklPasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\SweetIMPasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma InstallerPasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\TrymediaPasta Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\BabylonPasta Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\PackageAwarePasta Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\vghdPasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\BabylonPasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\BabylonToolbarPasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\FunmoodsPasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\OpenCandyRemovido Durante o reboot : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphhRemovido Durante o reboot : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekknRemovido Durante o reboot : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj***** [Registro] *****Chave Removida : HKCU\Software\a55d78ce069b913Chave Removida : HKCU\Software\APN PIPChave Removida : HKCU\Software\BabylonToolbarChave Removida : HKCU\Software\FunmoodsChave Removida : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhChave Removida : HKCU\Software\HeadlightChave Removida : HKCU\Software\IminentChave Removida : HKCU\Software\InstallCoreChave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}Chave Removida : HKCU\Software\SpeedBitChave Removida : HKLM\Software\BabylonChave Removida : HKLM\Software\BabylonToolbarChave Removida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}Chave Removida : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}Chave Removida : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Chave Removida : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Chave Removida : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dllChave Removida : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dllChave Removida : HKLM\SOFTWARE\Classes\bChave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBndChave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1Chave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCoreChave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlprChave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Chave Removida : HKLM\SOFTWARE\Classes\escort.escrtBtn.1Chave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvcChave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1Chave Removida : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvcChave Removida : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Chave Removida : HKLM\SOFTWARE\Classes\Prod.capChave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhChave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekknChave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcjChave Removida : HKLM\Software\IminentChave Removida : HKLM\Software\InstallCoreChave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstallChave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\053f8b1c3a8d58c1451292c44db21a91Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1d819b7bfd62e2186add44f6e6d6d65aChave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\238cd4b9b9ca10e0533906ef653fbf15Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4af464415f2b92470ea13b1e40050b6dChave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6cd88d517530976a570f4c4dc27907a1Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\943690f0651bbdd8a4ff4caed9c7d9e2Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa0b1a67041ac54f8d05e91f37bce6dfChave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPChave Removida : HKLM\Software\PIPChave Removida : HKLM\Software\SpeedBitChave Removida : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Chave Removida : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]***** [Navegadores] *****-\\ Internet Explorer v8.0.6001.18702Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.softonic.com/MOY00015/tb_v1?SearchSource=10&cc= --> hxxp://www.google.comRemovida : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.comSubstituído : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.comSubstituído : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.comSubstituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.com-\\ Google Chrome v26.0.1410.64Arquivo : C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences[OK] Arquivo está limpo.Arquivo : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences[OK] Arquivo está limpo.*************************AdwCleaner[s1].txt - [355 octets] - [11/07/2012 23:50:15]AdwCleaner[s2].txt - [355 octets] - [12/07/2012 01:27:15]AdwCleaner[s3].txt - [8642 octets] - [15/07/2012 14:01:52]AdwCleaner[s4].txt - [18031 octets] - [08/05/2013 12:49:55]########## EOF - C:\AdwCleaner[s4].txt - [18092 octets] ##########~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Microsoft Windows XP x86Ran by flavia on qua 08/05/2013 at 12:56:33,76~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baiduSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baiduSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweakSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BF3097A-38EC-0F1F-64C7-1476586065CA}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{485D4D93-2CED-7DAC-8268-5355BBD910BA}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4A1B9CE-1B31-4515-B10E-D1F89DE2600F}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3BF3097A-38EC-0F1F-64C7-1476586065CA}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{485D4D93-2CED-7DAC-8268-5355BBD910BA}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\Documents and Settings\flavia\Dados de aplicativos\baidu"Successfully deleted: [Folder] "C:\Documents and Settings\flavia\Dados de aplicativos\splashtop"Successfully deleted: [Folder] "C:\Documents and Settings\flavia\Dados de aplicativos\systweak"Successfully deleted: [Folder] "C:\Documents and Settings\flavia\appdata\locallow\datamngr"Successfully deleted: [Folder] "C:\Arquivos de programas\imesh applications"Successfully deleted: [Folder] "C:\Arquivos de programas\splashtop"Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"Successfully deleted: [Folder] "C:\ai_recyclebin"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on qua 08/05/2013 at 12:58:14,85End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:59:01, on 8/5/2013Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exeC:\Arquivos de programas\Real\RealPlayer\update\realsched.exeC:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exeC:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exeC:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exeC:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exeC:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\KaraokeSer.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Online Games Manager\ogmservice.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Arquivos de programas\Common Files\SpeedBit\SBUpdate\sbu.exeC:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\WINDOWS\system32\svchost.exeC:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\flavia\Desktop\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllO4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" /startupO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dllO10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dllO10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dllO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO15 - Trusted Zone: www.bancobrasil.com.brO15 - Trusted Zone: www14.bancobrasil.com.brO15 - Trusted Zone: www2.bancobrasil.com.brO15 - Trusted Zone: www.bb.com.brO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364938182703O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dllO22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exeO23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exeO23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Arquivos de programas\Online Games Manager\ogmservice.exeO23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exeO23 - Service: SpeedBit Update (SBUpd) - Speedbit Ltd. - C:\Arquivos de programas\Common Files\SpeedBit\SBUpdate\sbu.exeO23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exeO23 - Service: VideoAcceleratorService - SPEEDbit - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe--End of file - 11070 bytes

Boa tarde Mr. Million , não estou conseguindo postar os relatorios as paginas demoram pra carregar é nunca a resposta é postada :/ 

 

 

# AdwCleaner v2.300 - Relatório criado em 08/05/2013 às 12:49:55
# Atualizado em 28/04/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : flavia - ESCOLA-E73F56C7
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\flavia\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Arquivo Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\funmoods.crx
Arquivo Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Arquivo Removido : C:\END
Arquivo Removido : C:\user.js
Pasta Removido : C:\Arquivos de programas\iMesh Applications\Mediabar
Pasta Removido : C:\Arquivos de programas\Iminent
Pasta Removido : C:\Arquivos de programas\Minibar
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\rvlkl
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\SweetIM
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
Pasta Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\PackageAware
Pasta Removido : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\vghd
Pasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\BabylonToolbar
Pasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\Funmoods
Pasta Removido : C:\Documents and Settings\flavia\Dados de aplicativos\OpenCandy
Removido Durante o reboot : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Removido Durante o reboot : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Removido Durante o reboot : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\a55d78ce069b913
Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\Funmoods
Chave Removida : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKCU\Software\Headlight
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Removida : HKCU\Software\SpeedBit
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Chave Removida : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Chave Removida : HKLM\SOFTWARE\Classes\b
Chave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Chave Removida : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Chave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Chave Removida : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Removida : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Removida : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Chave Removida : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\053f8b1c3a8d58c1451292c44db21a91
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1d819b7bfd62e2186add44f6e6d6d65a
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\238cd4b9b9ca10e0533906ef653fbf15
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4af464415f2b92470ea13b1e40050b6d
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6cd88d517530976a570f4c4dc27907a1
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\943690f0651bbdd8a4ff4caed9c7d9e2
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa0b1a67041ac54f8d05e91f37bce6df
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Removida : HKLM\Software\PIP
Chave Removida : HKLM\Software\SpeedBit
Chave Removida : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Removida : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [Navegadores] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.softonic.com/MOY00015/tb_v1?SearchSource=10&cc= --> hxxp://www.google.com
Removida : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=BR&userid=e3b09b9c-bb33-443c-9c96-ced85306fa25&searchtype=ds&q={searchTerms}&installDate=23/04/2013 --> hxxp://www.google.com
 
-\\ Google Chrome v26.0.1410.64
 
Arquivo : C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
Arquivo : C:\Documents and Settings\flavia\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[s1].txt - [355 octets] - [11/07/2012 23:50:15]
AdwCleaner[s2].txt - [355 octets] - [12/07/2012 01:27:15]
AdwCleaner[s3].txt - [8642 octets] - [15/07/2012 14:01:52]
AdwCleaner[s4].txt - [18031 octets] - [08/05/2013 12:49:55]
 
########## EOF - C:\AdwCleaner[s4].txt - [18092 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by flavia on qua 08/05/2013 at 12:56:33,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BF3097A-38EC-0F1F-64C7-1476586065CA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{485D4D93-2CED-7DAC-8268-5355BBD910BA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4A1B9CE-1B31-4515-B10E-D1F89DE2600F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3BF3097A-38EC-0F1F-64C7-1476586065CA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{485D4D93-2CED-7DAC-8268-5355BBD910BA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\flavia\Dados de aplicativos\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\flavia\Dados de aplicativos\splashtop"
Successfully deleted: [Folder] "C:\Documents and Settings\flavia\Dados de aplicativos\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\flavia\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Arquivos de programas\imesh applications"
Successfully deleted: [Folder] "C:\Arquivos de programas\splashtop"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on qua 08/05/2013 at 12:58:14,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:59:01, on 8/5/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\KaraokeSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Online Games Manager\ogmservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Arquivos de programas\Common Files\SpeedBit\SBUpdate\sbu.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\flavia\Desktop\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364938182703
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Arquivos de programas\Online Games Manager\ogmservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: SpeedBit Update (SBUpd) - Speedbit Ltd. - C:\Arquivos de programas\Common Files\SpeedBit\SBUpdate\sbu.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: VideoAcceleratorService - SPEEDbit - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
 
--
End of file - 11070 bytes
 
 

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do Sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR/ Propiedades/ Restauração do Sistema/ marque Desativar Restauração do Sistema/ Aplicar > OK.

Depois desmarque novamente. Aplicar > OK.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 2 Mensagens
    • 10 Visualizações
    • 12 Mensagens
    • 152 Visualizações
    • 24 Mensagens
    • 192 Visualizações
    • 7 Mensagens
    • 141 Visualizações
    • 13 Mensagens
    • 257 Visualizações