Ir para conteúdo

BABOO e KTS 2018 no YouTube Loja online do BABOO

augustocezar

Participante
  • Postagens

    53
  • Desde

  • Última visita

Perfil

  • Estado
    São Paulo
  • Sexo
    masculino
  1. Solicitação de Análise de Logs

    Obrigado, Mr Million.
  2. Solicitação de Análise de Logs

    O computador está normal, aparentemente sem problemas.
  3. Solicitação de Análise de Logs

    Boa tarde, Mr. Million! Conforme solicitado descompactei e executei o Zoek (não cliquei naquela opção executar como administrador, cliquei diretamente com o botão esquerdo, tem algum problema?). De qualquer forma o meu perfil no PC é de administrador do sistema. Segue abaixo o relatório do Zoek e o log do Hijackthis. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Augusto on 24/08/2015 at 7:17:47,73.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86Running in: Normal Mode No Internet Access DetectedLaunched: C:\Users\Augusto\Desktop\zoek.scr [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-24-023948.log 1306 bytesC:\zoek-results2015-08-24-025436.log 1399 bytesC:\zoek-results2015-08-24-044846.log 554 bytesC:\zoek-results2015-08-24-101349.log 655 bytes ==== System Restore Info ====================== 24/08/2015 07:20:10 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\Bitdefender deleted successfullyC:\Program Files\MSXML 4.0 deleted successfullyC:\Users\Augusto\AppData\Roaming\baidu deleted successfullyC:\Users\Augusto\AppData\Roaming\HpUpdate deleted successfullyC:\Users\Augusto\AppData\Roaming\Opera Software deleted successfullyC:\Users\Augusto\AppData\Roaming\Panda Security deleted successfullyC:\Users\Augusto\AppData\Roaming\QuickScan deleted successfullyC:\Users\Augusto\AppData\Roaming\Spyware Terminator deleted successfullyC:\Users\Alessandra\AppData\Local\VirtualStore deleted successfullyC:\Users\Augusto\AppData\Local\Opera Software deleted successfullyC:\Users\Convidado\AppData\Local\VirtualStore deleted successfullyC:\Users\Inalda\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\Inalda\AppData\Local\EmieSiteList deleted successfullyC:\Users\Inalda\AppData\Local\EmieUserList deleted successfullyC:\Users\Inalda\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3765219849-3279150773-2029606266-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3785216E-1C50-4FC9-AB20-81211007F5C9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\ALESSA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ny19qa66.default-1404152375172\prefs.js: Added to C:\Users\ALESSA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ny19qa66.default-1404152375172\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Augusto\AppData\Roaming\Mozilla\Firefox\Profiles\bz297p2c.default\prefs.js:user_pref("browser.startup.homepage", " C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences"startup_urls": [ "http://www.google.com/" ], C:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Preferencesnbpagnldghgfoolbancepceaanlmhfmd":"0856563B7D96809121CF7DFFC458A6A4B612A0E1AEEC4428CFEB0C7C52FBB2D6","neajdppkdcdipfabeoofebfddakdcjhd":"515264BD72DFC31FDDE824CBD13C5F14472085E5CFA2A74D392AF12123B3DF97","nkeimhogjdpnpccoofpliimaahmaaome":"3AA10E5BE31CCB50EE91F231CE81E9BF899E201B0BFF07720509A4089B9F121E","nmmhkkegccagdldgiimedpiccmgmieda":"2C95F203AC9F3F47472896107D72B7F325E852F3983B4BE0DEE897B4458A576C","npdicihegicnhaangkdmcgbjceoemeoo":"9E495B1DD40AEC41E65B26B650AF4B307C2D560456A14DBEECC6110350DC4866","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"468953C87EB6A98E28DA4D841EFFAB45EE64BAB977CE5DB1F5C28228838F2078","pjkljhegncpnkpknbcohdijeoejaedia":"42A769C0FEC01597DBB23B6225A8465EE39DD26610F8BEEE3B5BC6E5E1E235CC"}},"google":{"services":{"account_id":"1F2D4E53CDEA35BE896F52BC35184F1AEE08F8EDF249D7D369F5C87262ABDF3D","last_username":"1096A1CA42DDBE4D72F4062899016D2795BA82E29DD95886DE72D5372E6E3521","username":"A65B6601C809CF687A4C8C7E85F45F5856EC71EACB710905B2BE3DD7388D91D8"}},"homepage":"622A0E213980EEED93DA7CAC09871A56E22F567D91EF7E6286DB5A134C29C4EB","homepage_is_newtabpage":"8E9CC1BB6A739B5022775C7728AA7C126D553B66FE4B8E46BBE642BCCB9AB91D","pinned_tabs":"CFC655DD5B8281E552B32EB5DF3C1E9B9A2F36D2FE5C856DCC156380A9C95B20","prefs":{"preference_reset_time":"E65D8F81A1E862EAF4205C6EE04058AAAEE28BF5D4ACD573AAF2766563C1CA0A"},"profile":{"reset_prompt_memento":"40607BF4F847E0ECE12B69D5F448144FB51A31DAE40573686D62231252F78D60"},"safebrowsing":{"incidents_sent":"8738146269808852C58DD2FEED4F104CB0BC19ED8FE26FE60E1289D5F0D4E661"},"search_provider_overrides":"F77796F4A79C3EF1977AFB17C103B945964C9055DF7D693CAB453BC5DE680AF5","session":{"restore_on_startup":"9F11AF05F8C8BBCDD608A6D75BE08BABB8BA001D69BB2D38DF35425E9C8C412C","startup_urls":"DDC89AC172A779955E4ECD336D4165E728D958B624A0EEED843ACE12599FFFB2"},"software_reporter":{"prompt_reason":"F3FCDD07C73F225966E26DAD6ECA853ECB1EA5D5D846FFC2437F41078F3504E1","prompt_seed":"A4B0D11C3D4A94C677DCD6003631D4A9FC6B68FE2CB6D4B037E0A6EBD278BB8E","prompt_version":"4DE714B0FCB7AA5F067A7AAC9EC9C33EA94532FE888DADCEF7051D0969191C0F"},"sync":{"remaining_rollback_tries":"AD56126D8BEDD862C8FA8E46A3ECFDCD03CBD77738A6A9842826AB0440FCA445"}},"super_mac":"3EAAAC94CF05B9A25967D6A9C38C466326F2A77A7A46E2725B79AD3C161718E2"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/"]}} ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Reset Google Chrome ====================== C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfullyC:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfullyC:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfullyC:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Augusto\Desktop\Backup - Augusto - Atalho.lnk - D:\Backup - Augusto C:\Users\Augusto\Desktop\chrome - Atalho.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Augusto\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Augusto\Desktop\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Augusto\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Augusto\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Inalda\Desktop\chrome - Atalho.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Inalda\Desktop\Computador - Atalho.lnk - C:\Users\Inalda\Desktop\Documentos - Atalho.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms C:\Users\Inalda\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\Launcher\Avira.Systray.exe /showMiniGuiC:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\Central de Soluções HP.lnk - C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files\HP\Digital Imaging\AppStudio\hpzsip.url C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Receitanet 1.07 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Spyware Terminator 2015.lnk - C:\Program Files\Spyware Terminator\SpywareTerminator.exe C:\Users\Public\Desktop\SpywareBlaster.lnk - D:\Program Files\SpywareBlaster\spywareblaster.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\Launcher\Avira.Systray.exe /showMiniGuiC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Avira antivírus Help.lnk - C:\Program Files\Avira\AntiVir Desktop\57\avwin.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Avira on the Internet.lnk - C:\Program Files\Avira\AntiVir Desktop\weblink.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Start Avira antivírus.lnk - C:\Program Files\Avira\AntiVir Desktop\SecurityCenter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab aboutC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab updateC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab aboutC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015\Desinstalar Spyware Terminator 2015.lnk - C:\Program Files\Spyware Terminator\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015\Spyware Terminator 2015.lnk - C:\Program Files\Spyware Terminator\SpywareTerminator.exe ==== shortcuts in Quick Launch ====================== C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix:"ProxyEnable"=dword:00000000 Value(s) after fix:"ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bdagent deleted successfully ==== Empty IE Cache ====================== C:\Users\Alessandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Augusto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Augusto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Inalda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Inalda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Alessandra\AppData\Local\Mozilla\Firefox\Profiles\ny19qa66.default-1404152375172\Cache emptied successfullyC:\Users\Augusto\AppData\Local\Mozilla\Firefox\Profiles\bz297p2c.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=154 folders=48 58322521 bytes) ==== Empty Temp Folders ====================== C:\Users\Alessandra\AppData\Local\Temp emptied successfullyC:\Users\Augusto\AppData\Local\Temp will be emptied at rebootC:\Users\Convidado\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\Inalda\AppData\Local\Temp emptied successfullyC:\Users\USURIO~1\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Augusto\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 24/08/2015 at 12:50:05,87 ====================== Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:58:21, on 24/08/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17937)Boot mode: Normal Running processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\notepad.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeD:\Program Files\Online Armor\oaui.exeD:\Program Files\Online Armor\OAhlp.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\taskeng.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Avira\Launcher\Avira.Systray.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\Launcher\Avira.Systray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group - C:\Program Files\Spyware Terminator\st_rsser.exeO23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exeO23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (file missing)O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (file missing) --End of file - 7261 bytes
  4. Solicitação de Análise de Logs

    Prezado Mr.Million, Segui todos os procedimentos solicitados. Segue respectivamente o log do AdwCleaner, JRT e HijackThis: # AdwCleaner v5.003 - Relatório criado 23/08/2015 às 22:18:47# Atualizado 20/08/2015 por Xplode# Base de dados : 2015-08-20.1 [Local]# Sistema operacional : Windows 7 Professional Service Pack 1 (x86)# Usuário : Augusto - AUGUSTO-PC# Executando de : C:\Users\Augusto\Desktop\AdwCleaner.exe# Opção : Limpar ***** [ Serviços ] ***** [-] Serviço Excluído : sp_rsdrv2[-] Serviço Excluído : YSearchUtilSvc ***** [ Pastas ] ***** [-] Pasta Excluído : C:\Program Files\driverupdate[-] Pasta Excluído : C:\Users\Augusto\AppData\Local\YSearchUtil[-] Pasta Excluído : C:\Users\Augusto\AppData\LocalLow\HPAppData[-] Pasta Excluído : C:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo[-] Pasta Excluído : C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil ***** [ Arquivos ] ***** [-] Arquivo Excluído : C:\Windows\system32\drivers\sp_rsdrv2.sys ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** [-] Chave Apagado : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo[-] Chave Apagado : HKCU\Software\Conduit[-] Chave Apagado : HKCU\Software\systweak[-] Chave Apagado : HKCU\Software\SlimWare Utilities Inc[-] Chave Apagado : HKLM\SOFTWARE\TermTutor[-] Chave Apagado : HKLM\SOFTWARE\SiteSee[-] Chave Apagado : HKLM\SOFTWARE\SlimWare Utilities Inc[-] Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet ***** [ Navegadores ] ***** [-] [C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : br.ask.com[-] [C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Excluído : [-] [C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Excluído : hxxp://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_br","hxxp://www.google.com/[-] [C:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : br.ask.com[-] [C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : br.ask.com ************************* :: Configurações Proxy restauradas:: Configurações Winsock restauradas:: Políticas do Chrome Excluído ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2358 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.5.7 (08.18.2015:1)OS: Windows 7 Professional x86Ran by Augusto on 23/08/2015 at 22:23:00,37~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully deleted: [service] bdsandbox [Reboot required]Successfully deleted: [service] sp_rsdrv2 [Reboot required] ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\ProgramData\1396648706.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397960751.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397961210.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962689.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962695.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962740.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962780.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962795.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962916.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962920.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962947.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962970.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962978.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397963245.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397963247.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397965942.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397967004.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1402204388.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1402204403.bdinstall.bin ~~~ Folders Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers ~~~ FireFox Successfully deleted: [File] C:\Users\Augusto\AppData\Roaming\mozilla\firefox\profiles\bz297p2c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpiEmptied folder: C:\Users\Augusto\AppData\Roaming\mozilla\firefox\profiles\bz297p2c.default\minidumps [16 files] ~~~ Chrome [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 23/08/2015 at 22:35:05,41End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of Trend Micro HijackThis v2.0.4Scan saved at 22:36:08, on 23/08/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17937)Boot mode: Normal Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXED:\Program Files\Online Armor\oaui.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeD:\Program Files\Online Armor\OAhlp.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchFilterHost.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpsetR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\Launcher\Avira.Systray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group - C:\Program Files\Spyware Terminator\st_rsser.exeO23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exeO23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (file missing)O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (file missing) --End of file - 6915 bytes
  5. Solicitação de Análise de Logs

    Boa noite, Mr Million, Conforme solicitado realizei os procedimentos. Quanto ao br.hao123.com, lembro de ter realmente tido problemas com ele há algum tempo atrás, não me lembro bem como fiz na época, mas consegui retirar esse site da página inicial do navegador. De qualquer forma, segui as suas recomendações e verifiquei que o br.hao123.com não estava aparecendo no atalho de cada um dos três navegadores que utilizo. O MBAM fez o log e pediu para reiniciar. Vários arquivos foram enviados para quarentena, apesar do log do MBAM aparentemente não encontrar nada. Logo após a verificação do MBAM e antes de reiniciar, o log do MBAM gerou o resultado abaixo . PS: Segue também o novo log do HijackThis Malwarebytes Anti-Malwarewww.malwarebytes.org Data da verificação: 23/08/2015Hora da verificação: 20:05Arquivo de registro: mbam-log.txtAdministrador: Sim Versão: 2.1.8.1057Banco de dados de malware: v2015.08.23.05Banco de dados de rootkit: v2015.08.16.01Licença: GratuitaProteção contra malware: DesabilitadoProteção contra website malicioso: DesabilitadoAutoproteção: Desabilitado Sistema operacional: Windows 7 Service Pack 1CPU: x86Sistema de arquivos: NTFSUsuário: Augusto Tipo de verificação: Verificação da ameaçaResultado: ConcluídoObjetos verificados: 444200Tempo decorrido: 13 min, 4 seg Memória: HabilitadoInicialização: HabilitadoSistema de arquivos: HabilitadoArquivos compactados: HabilitadoRootkits: HabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 0(Nenhum item malicioso detectado) Módulos: 0(Nenhum item malicioso detectado) Chaves de registro: 0(Nenhum item malicioso detectado) Valores de registro: 0(Nenhum item malicioso detectado) Dados de registro: 0(Nenhum item malicioso detectado) Pastas: 0(Nenhum item malicioso detectado) Arquivos: 0(Nenhum item malicioso detectado) Setores físicos: 0(Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:26:24, on 23/08/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17937)Boot mode: Normal Running processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeD:\Program Files\Online Armor\oaui.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeD:\Program Files\Online Armor\OAhlp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\taskeng.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Avira\Launcher\Avira.Systray.exeC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\NOTEPAD.EXEC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpsetR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_brR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\Launcher\Avira.Systray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-21-3765219849-3279150773-2029606266-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe -update plugin (User '?')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group - C:\Program Files\Spyware Terminator\st_rsser.exeO23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exeO23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (file missing)O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (file missing)O23 - Service: YSearchUtilSvc - Yahoo Inc. - C:\Program Files\Yahoo!\yset\{125E2934-3DFE-F045-9F07-ECC83FB7C60D}\YSearchUtilSvc.exe --End of file - 7771 bytes
  6. Solicitação de Análise de Logs

    Prezados, Hoje de manhã, ao fazer uma varredura utilizando o Spyware Terminator verifiquei que o mesmo encontrou 4 resultados de infecção que foram nomeados de Trojan.ExOptions.Gen Segui as solicitações para postar o log, conforme recomendação do tópico. Quando abri o HijackThis para fazer o log na unidade C: apareceu a seguinte mensagem: HijackThis appears to have been started from a temporary folder. Since temp folders tend to be be emptied regulary, it´s wise to copy Hijackthis.exe to a folder of its own, for instance C:\Program Files\HijackThis This way, any backups that will be made of fixed items won´t be lost Please quit HijackThis and copy it to a separate folder first before fixing any items. Ignorei a mensagem e postei o log mesmo assim. Tem algum problema ou tenho que fazer mais alguma coisa? Segue o log abaixo para análise. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 18:58:37, on 23/08/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17937)Boot mode: Normal Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeD:\Program Files\Online Armor\oaui.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeD:\Program Files\Online Armor\OAhlp.exeC:\Windows\system32\taskeng.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskeng.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpsetR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_brR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\Launcher\Avira.Systray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group - C:\Program Files\Spyware Terminator\st_rsser.exeO23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exeO23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (file missing)O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (file missing)O23 - Service: YSearchUtilSvc - Yahoo Inc. - C:\Program Files\Yahoo!\yset\{125E2934-3DFE-F045-9F07-ECC83FB7C60D}\YSearchUtilSvc.exe --End of file - 7569 bytes
  7. Análise de log

    Obrigado, Mr. Million!
  8. Análise de log

    Prezados, Fiz um scan online utilizando o Panda que deu o seguinte resultado: Broken Link. FILE: File not found:C:\ARQUIVOS DE PROGRAMAS\BONJOUR\MDNSNSP.DLL to be deleted. Broken Link. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004[LibraryPath]. Value: LibraryPath To be deleted. O computador está funcionando normalmente, não tenho nenhum problema com a velocidade do micro ou qualquer outro comportamento anormal, mas esse resultado do Panda me deixou alerta e com certa dose de preocupação. Segui todos os procedimentos e solicito, por gentileza, o log do Hijackthis para análise: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:43:09, on 11/5/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ZoneAlarm] "C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [iSW] C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" O4 - HKLM\..\Run: [TkBellExe] "d:\real player\update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1644491937-448539723-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Inalda') O4 - HKUS\S-1-5-21-1644491937-448539723-839522115-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Alessandra') O4 - HKUS\S-1-5-21-1644491937-448539723-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrador') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1644491937-448539723-839522115-1006 Startup: OpenOffice.org 3.3.lnk = C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe (User 'Inalda') O4 - S-1-5-21-1644491937-448539723-839522115-1006 User Startup: OpenOffice.org 3.3.lnk = C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe (User 'Inalda') O8 - Extra context menu item: Download with &Shareaza - res://D:\Arquivos de programas\Shareaza\RazaWebHook32.dll/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - Unknown owner - D:\Arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe (file missing) O23 - Service: avast! antivírus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe -- End of file - 8788 bytes
  9. Solicitação de análise de log

    Muito obrigado, Mr. Million! Problema resolvido. O computador voltou ao normal.
  10. Solicitação de análise de log

    Melhorou bastante, o PC está bem melhor.
  11. Solicitação de análise de log

    Segui os procedimentos adotados. Segue abaixo os logs para análise: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.2 (04.29.2013:1) OS: Microsoft Windows XP x86 Ran by Guto on seg 29/04/2013 at 17:53:38,09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\billp studios\detected\startup Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627} ~~~ Files Successfully deleted: [File] "C:\WINDOWS\system32\turegopt.exe" ~~~ Folders ~~~ FireFox Successfully deleted: [File] "C:\Arquivos de programas\Mozilla Firefox\searchplugins\search.xml" Successfully deleted: [File] C:\Documents and Settings\Guto\Dados de aplicativos\mozilla\firefox\profiles\drldfez7.default\invalidprefs.js Emptied folder: C:\Documents and Settings\Guto\Dados de aplicativos\mozilla\firefox\profiles\drldfez7.default\minidumps [18 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on seg 29/04/2013 at 17:56:17,51 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.300 - Relatório criado em 29/04/2013 às 17:48:15 # Atualizado em 28/04/2013 por Xplode # Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits) # Usuário : Guto - EXPERT # Modo de Boot : Normal # Executado de : C:\Documents and Settings\Guto\Desktop\adwcleaner.exe # Opção [Remover] ***** [serviços] ***** ***** [Arquivos/Pastas] ***** Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml Arquivo Removido : C:\Documents and Settings\Guto\Dados de aplicativos\Mozilla\Firefox\Profiles\drldfez7.default\searchplugins\Search_Results.xml Arquivo Removido : C:\Documents and Settings\Guto\Dados de aplicativos\Mozilla\Firefox\Profiles\drldfez7.default\searchplugins\zonealarm.xml Pasta Removido : C:\Arquivos de programas\Arquivos comuns\AVG Secure Search Pasta Removido : C:\Arquivos de programas\Arquivos comuns\spigot Pasta Removido : C:\Arquivos de programas\AVG Secure Search Pasta Removido : C:\Documents and Settings\Alessandra\Configurações locais\Dados de aplicativos\AVG Security Toolbar Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer Pasta Removido : C:\Documents and Settings\Guto\Configurações locais\Dados de aplicativos\AVG Secure Search Pasta Removido : C:\Documents and Settings\Guto\Configurações locais\Dados de aplicativos\AVG Security Toolbar Pasta Removido : C:\Documents and Settings\Guto\Dados de aplicativos\AVG Secure Search Pasta Removido : C:\Documents and Settings\Guto\Dados de aplicativos\DealPly Pasta Removido : C:\Documents and Settings\Inalda\Configurações locais\Dados de aplicativos\AVG Secure Search Pasta Removido : C:\Documents and Settings\Inalda\Configurações locais\Dados de aplicativos\AVG Security Toolbar Pasta Removido : C:\Documents and Settings\Inalda\Dados de aplicativos\AVG Secure Search ***** [Registro] ***** Chave Removida : HKCU\Software\AppDataLow\Software\Search Settings Chave Removida : HKCU\Software\AVG Secure Search Chave Removida : HKCU\Software\InstallCore Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Chave Removida : HKLM\Software\AVG Secure Search Chave Removida : HKLM\Software\AVG Security Toolbar Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane Chave Removida : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Chave Removida : HKLM\SOFTWARE\Classes\ScriptHost.Tool Chave Removida : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Navegadores] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registro está limpo. -\\ Mozilla Firefox v20.0.1 (pt-BR) Arquivo : C:\Documents and Settings\Inalda\Dados de aplicativos\Mozilla\Firefox\Profiles\275fohsq.default\prefs.js C:\Documents and Settings\Inalda\Dados de aplicativos\Mozilla\Firefox\Profiles\275fohsq.default\user.js ... Removido ! Removida : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Removida : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={55C44EEC-E55F-44CC-8C4B-4DBFEA9E8DF6}&m[...] Arquivo : C:\Documents and Settings\Alessandra\Dados de aplicativos\Mozilla\Firefox\Profiles\7i8muf8d.default\prefs.js [OK] Arquivo está limpo. Arquivo : C:\Documents and Settings\Guto\Dados de aplicativos\Mozilla\Firefox\Profiles\drldfez7.default\prefs.js C:\Documents and Settings\Guto\Dados de aplicativos\Mozilla\Firefox\Profiles\drldfez7.default\user.js ... Removido ! [OK] Arquivo está limpo. -\\ Google Chrome v [impossível ler a versão] Arquivo : C:\Documents and Settings\Guto\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences [OK] Arquivo está limpo. ************************* AdwCleaner[R3].txt - [10000 octets] - [29/04/2013 17:46:39] AdwCleaner[R4].txt - [10061 octets] - [29/04/2013 17:47:26] AdwCleaner[R5].txt - [10146 octets] - [29/04/2013 17:48:04] AdwCleaner[s4].txt - [395 octets] - [29/04/2013 17:47:38] AdwCleaner[s5].txt - [9860 octets] - [29/04/2013 17:48:15] ########## EOF - C:\AdwCleaner[s5].txt - [9920 octets] ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:59:12, on 29/4/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe C:\Arquivos de programas\AVG\AVG2013\avgui.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe C:\Arquivos de programas\AVG\AVG2013\avgrsx.exe C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ZoneAlarm] "C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [TkBellExe] "D:\real player\update\realsched.exe" -osboot O4 - HKLM\..\Run: [iSW] C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download with &Shareaza - res://D:\Arquivos de programas\Shareaza\RazaWebHook32.dll/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - Unknown owner - D:\Arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe -- End of file - 8078 bytes
  12. Solicitação de análise de log

    Tentei em modo de segurança e apareceu a mesma mensagem (mensagem automático do AVG reconhecendo o Combofix como vírus). Por isso tentei novamente no modo normal e deu certo. Ele só não fez a reinicialização automática. Não sei se fiz o certo.... De qualquer forma segue o log do Combofix e do Hijack para análise. ComboFix 13-04-28.01 - Guto 29/04/2013 0:52.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1416 [GMT -3:00] Executando de: c:\documents and settings\Guto\Desktop\ComboFix.exe AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Execuções precedente ------- . c:\arquivos de programas\sXe Injected c:\arquivos de programas\sXe Injected\sXe Injected.txt c:\documents and settings\All Users\Dados de aplicativos\TEMP c:\windows\system32\Cache c:\windows\system32\Cache\26c630d098e22dd5.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\95f567698be8a182.fb c:\windows\system32\Cache\9bdc3338d0cb69f7.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\SET167.tmp . . (((((((((((((((( Arquivos/Ficheiros criados de 2013-03-28 to 2013-04-29 )))))))))))))))))))))))))))) . . 2013-04-29 03:41 . 2013-04-29 03:41 63115 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2013-04-29 03:41 . 2013-04-29 03:41 9310 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2013-04-29 03:41 . 2013-04-29 03:41 8646 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2013-04-29 03:41 . 2013-04-29 03:41 6429 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2013-04-29 03:41 . 2013-04-29 03:41 5927 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2013-04-29 03:41 . 2013-04-29 03:41 4599 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2013-04-29 03:41 . 2013-04-29 03:41 8613 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2013-04-29 03:41 . 2013-04-29 03:41 1651 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2013-04-29 03:41 . 2013-04-29 03:41 6910 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2013-04-29 03:41 . 2013-04-29 03:41 8288 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2013-04-29 03:41 . 2013-04-29 03:41 6208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2013-04-29 03:41 . 2013-04-29 03:41 18541 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2013-04-29 03:40 . 2013-04-29 03:40 51852 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2013-04-29 03:40 . 2013-04-29 03:40 23327 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2013-04-29 03:40 . 2013-04-29 03:40 20719 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2013-04-29 03:40 . 2013-04-29 03:40 8782 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2013-04-29 03:40 . 2013-04-29 03:40 7271 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2013-04-28 03:35 . 2013-04-28 03:35 388608 ----a-w- C:\HijackThis.exe 2013-04-28 03:14 . 2013-04-28 03:14 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-27 01:14 . 2012-12-14 14:42 32720 ----a-w- c:\windows\system32\TURegOpt.exe 2013-04-27 01:14 . 2013-04-27 01:14 -------- d-----w- c:\documents and settings\Guto\Dados de aplicativos\AVG 2013-04-27 01:13 . 2013-04-27 01:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG 2013-04-27 01:13 . 2013-04-27 01:13 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-04-27 00:33 . 2013-04-27 00:33 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Java 2013-04-27 00:33 . 2013-04-04 08:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-26 15:24 . 2013-04-26 15:24 -------- d-----w- c:\documents and settings\Inalda\Dados de aplicativos\TuneUp Software 2013-04-26 14:42 . 2013-04-26 14:42 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\IObit 2013-04-26 14:42 . 2013-04-26 14:42 -------- d-----w- c:\documents and settings\Inalda\Dados de aplicativos\IObit 2013-04-26 03:24 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-04-26 03:24 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-26 03:19 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll 2013-04-26 00:58 . 2013-01-15 21:49 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2013-04-23 23:03 . 2013-04-23 23:03 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Application Updater 2013-04-23 23:01 . 2013-04-28 04:06 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Spigot 2013-04-23 23:00 . 2013-04-23 23:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-04-23 23:00 . 2013-04-23 23:00 -------- d-----w- c:\documents and settings\Guto\AppData 2013-04-23 23:00 . 2013-04-23 23:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IObit 2013-04-23 23:00 . 2013-04-23 23:18 -------- d-----w- c:\documents and settings\Guto\Dados de aplicativos\IObit 2013-04-23 22:48 . 2013-04-23 22:48 -------- d-----w- c:\documents and settings\Guto\Dados de aplicativos\0B1T1L2V1T1J1L 2013-04-22 17:14 . 2013-04-22 17:14 -------- d-----w- C:\found.000 2013-04-20 15:08 . 2013-04-20 15:08 -------- d-----w- c:\documents and settings\Inalda\Dados de aplicativos\Malwarebytes 2013-04-19 23:49 . 2013-04-27 23:55 -------- d-----w- c:\documents and settings\Guto\Configurações locais\Dados de aplicativos\DoNotTrackPlus 2013-04-03 02:41 . 2013-04-04 01:52 -------- d-----w- c:\arquivos de programas\Steam . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-19 02:04 . 2012-04-13 22:33 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-19 02:04 . 2011-05-29 22:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 17:50 . 2010-10-12 02:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-30 02:37 . 2012-03-29 00:09 861088 -c--a-w- c:\windows\system32\npdeployJava1.dll 2013-03-30 02:37 . 2010-06-13 02:45 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-10 02:45 . 2012-12-28 15:22 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-03-08 08:36 . 2004-08-04 02:45 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2004-08-04 02:40 2153984 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56 . 2004-08-04 00:40 2032640 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:07 . 2004-08-04 02:45 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2004-08-04 02:45 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2004-08-04 02:45 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:58 . 2004-08-04 02:38 1867392 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2004-08-04 02:37 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:58 . 2009-03-23 23:53 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2009-05-01 01:27 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-04 01:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-04-11 18:24 . 2013-04-11 18:24 263064 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-03-10 02:45 1929392 ----a-w- c:\arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-03-10 1929392] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-04-11 16861184] "ZoneAlarm"="c:\arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832] "AVG_UI"="c:\arquivos de programas\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "vProt"="c:\arquivos de programas\AVG Secure Search\vprot.exe" [2013-03-10 1151152] "TkBellExe"="d:\real player\update\realsched.exe" [2013-01-07 295072] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . c:\documents and settings\Inalda\Menu Iniciar\Programas\Inicializar\ OpenOffice.org 3.3.lnk - c:\arquivos de programas\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Guto^Menu Iniciar^Programas^Inicializar^OpenOffice.org 3.3.lnk] path=c:\documents and settings\Guto\Menu Iniciar\Programas\Inicializar\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 -c--a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 00:28 59240 -c--a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-08-05 00:04 136176 ----atw- c:\documents and settings\Guto\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-01-13 12:47 163840 -c--a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-01-12 15:21 49208 ----a-w- d:\arquivos de programas\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware] 2013-04-04 17:50 532040 ----a-w- d:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 23:56 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 16:33 17418928 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2013-03-29 19:53 1631144 ----a-w- c:\arquivos de programas\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-03-12 10:32 253816 -c--a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2013-01-07 20:35 295072 ----a-w- d:\real player\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-08-28 09:41 247768 ----a-w- c:\arquivos de programas\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol] 2012-01-02 16:14 325728 ------w- d:\arquivos de programas\BillP Studios\WinPatrol\WinPatrol.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Persistence"=c:\windows\system32\igfxpers.exe "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Guto\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "d:\\Arquivos de programas\\Shareaza\\Shareaza.exe"= "d:\\Arquivos de programas\\IAHGames\\Counter-Strike Online\\Bin\\cstrike-online.exe"= "d:\\Arquivos de programas\\IAHGames\\Counter-Strike Online\\Bin\\NMService.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\AVG\\AVG2013\\avgmfapx.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "d:\\Arquivos de programas\\HP\\HP Software Update\\hpwucli.exe"= "d:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Arquivos de programas\\AVG\\AVG2013\\avgnsx.exe"= "c:\\Arquivos de programas\\AVG\\AVG2013\\avgdiagex.exe"= "c:\\Arquivos de programas\\AVG\\AVG2013\\avgemcx.exe"= "c:\\Arquivos de programas\\Steam\\Steam.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 02:48 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/9/2012 02:46 177376] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/9/2012 02:05 35552] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 12:02 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/9/2012 02:45 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/10/2012 02:30 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/9/2012 02:46 164832] R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2013\avgwdsvc.exe [22/10/2012 12:05 196664] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\arquivos de programas\CheckPoint\ZAForceField\ISWKL.sys [2/11/2012 15:17 27056] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\arquivos de programas\CheckPoint\ZAForceField\ISWSVC.exe [2/11/2012 15:17 497320] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 19:31 38608] R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [14/12/2012 11:42 1532880] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [9/3/2013 23:45 968880] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [4/7/2012 14:26 10088] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;d:\arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe --> d:\arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe [?] S2 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2013\avgidsagent.exe [15/11/2012 22:34 5814904] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?] S4 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [13/7/2012 13:28 160944] S4 TomTomHOMEService;TomTomHOMEService;d:\arquivos de programas\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 08:31 92008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' . 2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:04] . 2013-04-28 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-448539723-839522115-1009.job - c:\arquivos de programas\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29 22:33] . 2013-04-29 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1644491937-448539723-839522115-1009.job - c:\arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29 22:31] . 2013-04-27 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-448539723-839522115-1009.job - c:\arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29 22:31] . 2013-04-29 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-448539723-839522115-1006.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . 2013-04-29 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-448539723-839522115-1009.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . 2013-04-26 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-448539723-839522115-1006.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . 2013-04-29 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-448539723-839522115-1009.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . 2013-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-448539723-839522115-1006.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . 2013-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-448539723-839522115-1009.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . 2013-03-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-448539723-839522115-1006.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . 2013-02-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-448539723-839522115-1009.job - c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-11-30 17:30] . . ------- Scan Suplementar ------- . uStart Page = about:blank mStart Page = hxxp://find.localstrike.net/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Download with &Shareaza - d:\arquivos de programas\Shareaza\RazaWebHook32.dll/3000 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: caixa.gov.br\internetbanking TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Guto\Dados de aplicativos\Mozilla\Firefox\Profiles\drldfez7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF - ExtSQL: 2013-04-18 23:55; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\arquivos de programas\CheckPoint\ZAForceField\TrustChecker FF - ExtSQL: 2013-04-27 13:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Guto\Dados de aplicativos\Mozilla\Firefox\Profiles\drldfez7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: !HIDDEN! 2011-02-28 19:49; smartwebprinting@hp.com; d:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: extensions.shownSelectionUI - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 . - - - - ORFÃOS REMOVIDOS - - - - . HKLM-Run-ISW - (no file) MSConfigStartUp-Advanced SystemCare 6 - d:\arquivos de programas\IObit\Advanced SystemCare 6\ASCTray.exe MSConfigStartUp-SearchSettings - c:\arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-29 00:59 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*] "6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'winlogon.exe'(1380) c:\arquivos de programas\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(1468) c:\arquivos de programas\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . Tempo para conclusão: 2013-04-29 01:02:07 ComboFix-quarantined-files.txt 2013-04-29 04:02 . Pré-execução: 9 pasta(s) 12.182.519.808 bytes disponíveis Pós execução: 12 pasta(s) 12.180.156.416 bytes disponíveis . - - End Of File - - 167182B398452EF8A737B53847EE318B Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:15:08, on 29/4/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe C:\Arquivos de programas\AVG\AVG2013\avgrsx.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe C:\Arquivos de programas\AVG\AVG2013\avgui.exe C:\Arquivos de programas\AVG Secure Search\vprot.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\Arquivos de programas\Shareaza\RazaWebHook32.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ZoneAlarm] "C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [TkBellExe] "D:\real player\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iSW] C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download with &Shareaza - res://D:\Arquivos de programas\Shareaza\RazaWebHook32.dll/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - Unknown owner - D:\Arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- End of file - 9807 bytes
  13. Solicitação de análise de log

    Prezado Mr Million, Apesar de ter desativado o AVG, o mesmo detectou o Combofix como um vírus e paralisou toda a operação do Combofix. Devo repetir o mesmo procedimento ou tentar outra alternativa?
  14. Solicitação de análise de log

    Prezado Mr. Million, Depois de análise do MBAM segue os novos logs: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2013.04.28.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Guto :: EXPERT [administrador] 28/4/2013 10:32:02 mbam-log-2013-04-28 (10-32-02).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 338291 Tempo decorrido: 15 minuto(s), 36 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> Enviado para a Quarentena e deletado com sucesso. Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:53:48, on 28/4/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe C:\Arquivos de programas\AVG\AVG2013\avgrsx.exe C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\AVG\AVG2013\avgui.exe C:\Arquivos de programas\AVG Secure Search\vprot.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\notepad.exe C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\Arquivos de programas\Shareaza\RazaWebHook32.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ZoneAlarm] "C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [iSW] C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" O4 - HKLM\..\Run: [TkBellExe] "D:\real player\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download with &Shareaza - res://D:\Arquivos de programas\Shareaza\RazaWebHook32.dll/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - Unknown owner - D:\Arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- End of file - 9990 bytes
  15. Prezados, Há mais ou menos 1 semana atrás o meu computador teve uma considerável queda de desempenho na inicialização e no fechamento do sistema. Inclusive não estava conseguindo inicializar o sistema (o computador não abria o Windows). Para resolver este problema, levei o computador para o conserto e ele voltou a funcionar. O problema é que a lentidão para a inicialização e o fechamento do sistema persistem. Segui todas as instruções e encaminho o log para análise. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:51:14, on 28/4/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre7\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe C:\Arquivos de programas\AVG\AVG2013\avgrsx.exe C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe C:\Arquivos de programas\AVG\AVG2013\avgui.exe C:\Arquivos de programas\AVG Secure Search\vprot.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.localstrike.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.localstrike.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.localstrike.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.localstrike.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Arquivos de programas\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Arquivos de programas\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - D:\Arquivos de programas\Shareaza\RazaWebHook32.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Arquivos de programas\Java\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Arquivos de programas\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Arquivos de programas\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ZoneAlarm] "C:\Arquivos de programas\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [iSW] C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" O4 - HKLM\..\Run: [TkBellExe] "D:\real player\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download with &Shareaza - res://D:\Arquivos de programas\Shareaza\RazaWebHook32.dll/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - Unknown owner - D:\Arquivos de programas\IObit\Advanced SystemCare 6\ASCService.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Arquivos de programas\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Arquivos de programas\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- End of file - 10225 bytes
×