Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
jguidi

Analise de Log

12 posts neste tópico

Boa noite,

Prezados, solicito que analisem o meu log, já fiz todos os procedimentos de leia-me do fórum.

O meu problema começou quando acessei o site do PDT, e fui solicitado para que instalasse uma nova versão do flash. Instalei e reiniciei a máquina. Acredito que o JAVA da SUN também restou comprometido, após a execução de um programam daquela plataforma, que não me recordo o nome agora.

Bem, no final das contas, toda vez que minha máquina é iniciada recebo uma mesnsagem "file acces denied", alguns sites param de abrir, realmente, nem a página inicial, ou qualquer subdominio ou página do endereço, como o site do Banco do Brasil, site da Linha Defensiva, nada abre... Quanto ao Banco do Brasil, andei pesquisando na Net e já aviso de antemão, que não é problema com o teclado virtual... o que acontece é que nada do site abre, como se o site não existisse, a mesma coisa acontece com o da linha defensiva... uso a versão mais nova do IE, Google Chrome e Mozila, mas em nenhum deles abrem estes sites... Encontrei um complemento no meu IE chamado "Discutir" (nunca ouvi falar) que usa o arquivo shdocvw.dll .

Enfim, segue meu log, ficarei grato no que puderem me ajudar, abraços:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:12:48, on 28/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system\wuaucldt.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Windows\system32\conime.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\The Cleaner\cleaner6.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 189.126.119.73 bb.com.br

O1 - Hosts: 189.126.119.73 bancodobrasil.com.br

O1 - Hosts: 189.126.119.73 bradesco.com.br

O1 - Hosts: 189.126.119.73 itau.com.br

O1 - Hosts: 189.126.119.73 itaupersonnalite.com.br

O1 - Hosts: 189.126.119.73 itauprivatebank.com.br

O1 - Hosts: 189.126.119.73 santander.com.br

O1 - Hosts: 189.126.119.73 banespa.com.br

O1 - Hosts: 189.126.119.73 santanderbanespa.com.br

O1 - Hosts: 189.126.119.73 citibank.com.br

O1 - Hosts: 189.126.119.73 citibank.com

O1 - Hosts: 189.126.119.73 infoseg.gov.br

O1 - Hosts: 189.126.119.73 real.com.br

O1 - Hosts: 189.126.119.73 bancoreal.com.br

O1 - Hosts: 189.126.119.73 unibanco.com

O1 - Hosts: 189.126.119.73 unibanco.com.br

O1 - Hosts: 189.126.119.73 serasa.com.br

O1 - Hosts: 189.126.119.73 infobusca.informarketing.com

O1 - Hosts: 189.126.119.73 equifax.com.br

O1 - Hosts: 189.126.119.73 sci.com.br

O1 - Hosts: 189.126.119.73 e-tim.timbrasil.com.br

O1 - Hosts: 189.126.119.73 cbp.3dsolution.com.br

O1 - Hosts: 189.126.119.73 visanet.com.br

O1 - Hosts: 189.126.119.73 cetelem.com.br

O1 - Hosts: 189.126.119.73 banrisul.com.br

O1 - Hosts: 189.126.119.73 paypal.com.br

O1 - Hosts: 189.126.119.73 paypal.com

O1 - Hosts: 189.126.97.116 virustotal.com.br

O1 - Hosts: 189.126.97.116 linhadefensiva.com.br

O1 - Hosts: 189.126.97.116 linhadefensiva.org

O1 - Hosts: 189.126.119.73 www.bb.com.br

O1 - Hosts: 189.126.119.73 www.bancodobrasil.com.br

O1 - Hosts: 189.126.119.73 www.bradesco.com.br

O1 - Hosts: 189.126.119.73 www.itau.com.br

O1 - Hosts: 189.126.119.73 www.itaupersonnalite.com.br

O1 - Hosts: 189.126.119.73 www.itauprivatebank.com.br

O1 - Hosts: 189.126.119.73 www.santander.com.br

O1 - Hosts: 189.126.119.73 www.banespa.com.br

O1 - Hosts: 189.126.119.73 www.santanderbanespa.com.br

O1 - Hosts: 189.126.119.73 www.citibank.com.br

O1 - Hosts: 189.126.119.73 www.citibank.com

O1 - Hosts: 189.126.119.73 www.infoseg.gov.br

O1 - Hosts: 189.126.119.73 www.unibanco.com

O1 - Hosts: 189.126.119.73 www.unibanco.com.br

O1 - Hosts: 189.126.119.73 www.real.com.br

O1 - Hosts: 189.126.119.73 www.bancoreal.com.br

O1 - Hosts: 189.126.119.73 www.serasa.com.br

O1 - Hosts: 189.126.119.73 www.equifax.com.br

O1 - Hosts: 189.126.119.73 www.sci.com.br

O1 - Hosts: 189.126.119.73 www.infobusca.informarketing.com

O1 - Hosts: 189.126.119.73 www.e-tim.timbrasil.com.br

O1 - Hosts: 189.126.119.73 www.cbp.3dsolution.com.br

O1 - Hosts: 189.126.119.73 www.visanet.com.br

O1 - Hosts: 189.126.119.73 www.cetelem.com.br

O1 - Hosts: 189.126.119.73 www.banrisul.com.br

O1 - Hosts: 189.126.119.73 www.paypal.com.br

O1 - Hosts: 189.126.119.73 www.paypal.com

O1 - Hosts: 189.126.119.73 www.virustotal.com.br

O1 - Hosts: 189.126.119.73 www.linhadefensiva.com.br

O1 - Hosts: 189.126.119.73 www.linhadefensiva.org

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system\wuaucldt.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/...b?1244960040269

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1248356873049

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! antivírus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11492 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! jguidi

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

Lop_Choix-large.jpg

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

Lop_Lang_en-large.jpg

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, joram. Obrigado ai.

(Y)

Fiz o que você pediu, seguem os logs.

Log do Lop SD:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Basic ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Mobile AMD Sempron Processor 3500+ )

BIOS : PhoenixBIOS 4.0 Release 6.1

USER : Julio Guidi ( Administrator )

BOOT : Normal boot

antivírus : avast! antivírus 4.8.1229 [VPS 090728-0] 4.8.1229 (Activated)

C:\ (Local Disk) - NTFS - Total:69 Go (Free:23 Go)

D:\ (Local Disk) - NTFS - Total:4 Go (Free:1 Go)

E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 28/07/2009|22:16 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Lista de pastas em Local

[17/12/2007|07:24] C:\Users\JULIOG~1\AppData\Local\{C8A2BB40-90D2-4928-AB81-2A84EFB7EA4C}

[16/06/2008|00:01] C:\Users\JULIOG~1\AppData\Local\ABBYY

[12/12/2007|17:01] C:\Users\JULIOG~1\AppData\Local\Adobe

[16/07/2009|11:23] C:\Users\JULIOG~1\AppData\Local\Apps

[12/12/2007|11:40] C:\Users\JULIOG~1\AppData\Local\AtStart.txt

[28/07/2009|18:23] C:\Users\JULIOG~1\AppData\Local\d3d9caps.dat

[12/12/2007|11:30] C:\Users\JULIOG~1\AppData\Local\Dados de aplicativos

[15/06/2009|23:29] C:\Users\JULIOG~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[16/07/2009|11:26] C:\Users\JULIOG~1\AppData\Local\Deployment

[25/10/2008|21:21] C:\Users\JULIOG~1\AppData\Local\DNA

[12/12/2007|11:40] C:\Users\JULIOG~1\AppData\Local\DSwitch.txt

[30/08/2008|10:43] C:\Users\JULIOG~1\AppData\Local\eMule

[26/05/2009|14:35] C:\Users\JULIOG~1\AppData\Local\GDIPFONTCACHEV1.DAT

[16/07/2009|11:27] C:\Users\JULIOG~1\AppData\Local\Google

[12/12/2007|11:30] C:\Users\JULIOG~1\AppData\Local\Hist¢rico

[28/07/2009|19:13] C:\Users\JULIOG~1\AppData\Local\IconCache.db

[29/03/2009|23:36] C:\Users\JULIOG~1\AppData\Local\Microsoft

[02/07/2009|22:53] C:\Users\JULIOG~1\AppData\Local\Microsoft Games

[01/04/2008|19:30] C:\Users\JULIOG~1\AppData\Local\Mozilla

[21/12/2007|20:08] C:\Users\JULIOG~1\AppData\Local\Pando

[12/12/2007|11:40] C:\Users\JULIOG~1\AppData\Local\QSwitch.txt

[15/12/2007|01:37] C:\Users\JULIOG~1\AppData\Local\QuickPlay

[28/07/2009|22:16] C:\Users\JULIOG~1\AppData\Local\Temp

[12/12/2007|11:30] C:\Users\JULIOG~1\AppData\Local\Temporary Internet Files

[25/05/2006|16:52] C:\Users\JULIOG~1\AppData\Local\unrar.dll

[24/02/2008|12:13] C:\Users\JULIOG~1\AppData\Local\VirtualStore

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

[28/07/2009 19:16][--a------] C:\Windows\tasks\AWC Startup.job

[28/07/2009 21:31][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000UA.job

[25/07/2009 11:36][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000Core.job

[28/07/2009 19:16][--ah-----] C:\Windows\tasks\SA.DAT

[28/07/2009 19:14][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Lista de pastas em C:\ProgramData

[15/06/2008|23:53] C:\ProgramData\ABBYY

[11/08/2007|07:58] C:\ProgramData\Adobe

[02/11/2006|09:59] C:\ProgramData\Application Data

[22/05/2008|16:05] C:\ProgramData\CyberLink

[21/11/2006|12:59] C:\ProgramData\Dados de aplicativos

[02/11/2006|09:59] C:\ProgramData\Desktop

[21/11/2006|12:59] C:\ProgramData\Documentos

[02/11/2006|09:59] C:\ProgramData\Documents

[15/12/2007|10:50] C:\ProgramData\eMule

[02/11/2006|09:59] C:\ProgramData\Favorites

[21/11/2006|12:59] C:\ProgramData\Favoritos

[30/06/2009|09:37] C:\ProgramData\GbPlugin

[11/08/2007|08:19] C:\ProgramData\Hewlett-Packard

[05/02/2008|10:39] C:\ProgramData\HotSync

[12/12/2007|15:48] C:\ProgramData\HP

[11/08/2007|07:37] C:\ProgramData\InstallShield

[09/02/2008|08:38] C:\ProgramData\LUUnInstall.LiveUpdate

[21/11/2006|12:59] C:\ProgramData\Menu Iniciar

[21/03/2009|10:46] C:\ProgramData\Microsoft

[21/11/2006|12:59] C:\ProgramData\Modelos

[23/07/2009|10:36] C:\ProgramData\NOS

[23/07/2009|13:50] C:\ProgramData\NVIDIA

[28/07/2009|19:18] C:\ProgramData\nvModes.001

[28/07/2009|18:25] C:\ProgramData\nvModes.dat

[28/07/2009|22:11] C:\ProgramData\pdf995

[26/06/2009|15:56] C:\ProgramData\Roxio

[10/01/2009|21:28] C:\ProgramData\Sonic

[28/07/2009|18:46] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|09:59] C:\ProgramData\Start Menu

[09/02/2008|08:38] C:\ProgramData\Symantec

[02/11/2006|09:59] C:\ProgramData\Templates

[25/10/2008|01:58] C:\ProgramData\WindowsSearch

[12/12/2007|16:59] C:\ProgramData\WLInstaller

--------------------\\ Lista de pastas em C:\Program Files

[15/06/2008|23:55] C:\Program Files\ABBYY FineReader 7.0 Professional Edition

[24/02/2008|11:37] C:\Program Files\Adobe

[09/02/2008|08:39] C:\Program Files\Alwil Software

[21/11/2006|12:59] C:\Program Files\Arquivos Comuns [c:\Program Files\Common Files]

[25/10/2008|21:21] C:\Program Files\BitTorrent

[12/12/2007|16:48] C:\Program Files\BrOffice.org 2.3

[28/07/2009|18:40] C:\Program Files\Common Files

[23/07/2009|12:43] C:\Program Files\CONEXANT

[24/05/2009|13:19] C:\Program Files\Cool2000

[11/05/2009|07:12] C:\Program Files\Copernic Summarizer

[05/06/2008|00:20] C:\Program Files\Corel

[08/10/2008|00:20] C:\Program Files\CyberLink

[11/05/2009|07:10] C:\Program Files\Despertador do Funcion rio P£blico 2.0

[07/04/2009|01:51] C:\Program Files\DivX

[31/01/2009|17:46] C:\Program Files\DNA

[17/08/2008|10:39] C:\Program Files\docPrint v3.3

[30/08/2008|10:43] C:\Program Files\DreMule

[19/07/2009|00:20] C:\Program Files\Easy Text To HTML Converter

[13/12/2007|00:51] C:\Program Files\FTP Commander

[30/06/2009|09:37] C:\Program Files\GbPlugin

[30/11/2008|01:20] C:\Program Files\GoldWave

[11/08/2007|08:16] C:\Program Files\Hewlett-Packard

[11/08/2007|08:00] C:\Program Files\HP

[11/08/2007|08:09] C:\Program Files\HPQ

[14/06/2009|02:26] C:\Program Files\Image Comparer

[28/03/2009|12:34] C:\Program Files\ImTOO

[11/05/2009|10:58] C:\Program Files\InstallShield Installation Information

[28/01/2008|23:19] C:\Program Files\Internet Download Manager

[22/07/2009|03:00] C:\Program Files\Internet Explorer

[28/07/2009|18:35] C:\Program Files\IObit

[28/07/2009|18:53] C:\Program Files\Java

[21/04/2009|06:05] C:\Program Files\K-Lite Codec Pack

[05/04/2008|22:29] C:\Program Files\Macromedia

[23/07/2009|02:49] C:\Program Files\Megacubo

[21/03/2009|10:49] C:\Program Files\Microsoft

[12/12/2007|22:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[07/12/2008|22:30] C:\Program Files\Microsoft FrontPage

[02/11/2006|09:35] C:\Program Files\Microsoft Games

[07/12/2008|22:29] C:\Program Files\Microsoft Office

[23/07/2009|09:57] C:\Program Files\Microsoft Silverlight

[07/12/2008|22:31] C:\Program Files\Microsoft Visual Studio

[11/06/2009|03:02] C:\Program Files\Microsoft Works

[17/09/2008|01:47] C:\Program Files\Movie Maker

[18/07/2009|13:36] C:\Program Files\Mozilla Firefox

[02/11/2006|09:35] C:\Program Files\MSBuild

[12/12/2007|22:10] C:\Program Files\MSXML 4.0

[23/07/2009|10:36] C:\Program Files\NOS

[05/02/2008|10:48] C:\Program Files\Palm

[24/02/2008|12:02] C:\Program Files\pdf995

[06/02/2008|19:30] C:\Program Files\PhotoFiltre

[21/04/2009|11:32] C:\Program Files\Real

[02/11/2006|09:35] C:\Program Files\Reference Assemblies

[11/08/2007|07:43] C:\Program Files\Roxio

[11/08/2007|08:07] C:\Program Files\Servi‡os online

[06/06/2009|00:37] C:\Program Files\SopCast

[28/07/2009|18:37] C:\Program Files\Spybot - Search & Destroy

[09/02/2008|08:37] C:\Program Files\Symantec

[11/08/2007|07:23] C:\Program Files\Synaptics

[28/07/2009|19:49] C:\Program Files\The Cleaner

[28/07/2009|20:00] C:\Program Files\Trend Micro

[27/04/2009|01:20] C:\Program Files\TVUPlayer

[02/11/2006|09:58] C:\Program Files\Uninstall Information

[24/02/2008|12:07] C:\Program Files\Virtual PDF Printer

[24/02/2008|11:52] C:\Program Files\Virtual Pictures

[17/09/2008|01:47] C:\Program Files\Windows Calendar

[17/09/2008|01:47] C:\Program Files\Windows Collaboration

[17/09/2008|01:47] C:\Program Files\Windows Defender

[21/03/2009|10:48] C:\Program Files\Windows Live

[29/03/2009|23:39] C:\Program Files\Windows Live Safety Center

[21/03/2009|10:48] C:\Program Files\Windows Live SkyDrive

[16/07/2009|03:01] C:\Program Files\Windows Mail

[11/03/2009|03:06] C:\Program Files\Windows Media Player

[21/11/2006|12:59] C:\Program Files\Windows NT

[17/09/2008|01:47] C:\Program Files\Windows Photo Gallery

[17/09/2008|01:47] C:\Program Files\Windows Sidebar

[03/01/2008|02:02] C:\Program Files\WinRAR

--------------------\\ Lista de pastas em C:\Program Files\Common Files

[18/10/2008|16:04] C:\Program Files\Common Files\Adobe

[05/06/2008|00:20] C:\Program Files\Common Files\Corel

[07/12/2008|22:31] C:\Program Files\Common Files\Designer

[05/02/2008|10:35] C:\Program Files\Common Files\InstallShield

[11/08/2007|08:08] C:\Program Files\Common Files\LightScribe

[06/03/2009|03:00] C:\Program Files\Common Files\Microsoft shared

[21/04/2009|11:32] C:\Program Files\Common Files\Real

[11/08/2007|07:41] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|08:18] C:\Program Files\Common Files\Services

[21/11/2006|12:59] C:\Program Files\Common Files\Sistema [c:\Program Files\Common Files\System]

[11/08/2007|07:41] C:\Program Files\Common Files\Sonic Shared

[02/11/2006|08:18] C:\Program Files\Common Files\SpeechEngines

[11/08/2007|07:44] C:\Program Files\Common Files\SureThing Shared

[09/02/2008|08:38] C:\Program Files\Common Files\Symantec Shared

[07/12/2008|22:30] C:\Program Files\Common Files\System

[24/02/2008|11:38] C:\Program Files\Common Files\Vbox

[21/03/2009|10:46] C:\Program Files\Common Files\Windows Live

[12/12/2007|17:03] C:\Program Files\Common Files\WindowsLiveInstaller

[21/04/2009|11:32] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 75 Processes )

... OK !

--------------------\\ Procura pelo S_Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

Não foram encontradas pastas com o Lop!

--------------------\\ Procura no Registro

..... OK !

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

Arquivos/Ficheiros Hosts LIMPO

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-28 22:16:59

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------\\ Procurando por outras infecções

--------------------\\ Cracks & Keygens ..

C:\Users\JULIOG~1\Desktop\M£sicas\HIP HOP\March Hits 2009\The Hidden Corner\Eminem - Crack A Bottle.mp3

C:\Users\JULIOG~1\Documents\ImTOO Software Studio\3GP Video Converter\crack.js

C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen

C:\Users\JULIOG~1\Downloads\eMule\Incoming\Tmpgenc Dvd Author 3 With Divx Authoring Crack Full 100% Valid.rar

C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen\file_id.diz

C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen\frp7kg.exe

C:\Users\JULIOG~1\Downloads\eMule\Incoming\Abbyy Finereader Pro v70 Keygen\ssg.nfo

C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus.rar

C:\Users\JULIOG~1\Downloads\Programs\3GP+Video+Converter\keygen.exe

C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\file_id.diz

C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\L33VaNcL33F.nfo

C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TDA3_Retail_3.0.5.149_install_EN.exe

C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.en.lic

C:\Users\JULIOG~1\Downloads\Programs\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.exe

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TDA3_Retail_3.0.5.149_install_EN.exe

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\file_id.diz

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\L33VaNcL33F.nfo

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.en.lic

C:\Users\JULIOG~1\Downloads\Programs\TMPGEnc DVD Author 3 with DivX Authoring 3.0.5.149+Crack+License.by Neus&Zeus\TMPGEnc DVD Author 3.0.5.149\TMPGEnc DVD Author 3.0.5.149\TD.v3.0.5.149.Retail.EN.Crack.Only.L33VaNcL33F\TMPGEncDVDAuthor3.exe

C:\Users\JULIOG~1\Sites\Estudio\busca\EMBRACE\submitwolf-keygen.exe

[F:107][D:12]-> C:\Users\JULIOG~1\AppData\Local\Temp

[F:117][D:1]-> C:\Users\JULIOG~1\AppData\Roaming\MICROS~1\Windows\Cookies

[F:52][D:4]-> C:\Users\JULIOG~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:2][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 28/07/2009|22:21 - Option : [2]

-------------- // -------------------

Log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:32:31, on 28/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system\wuaucldt.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\mobsync.exe

C:\Users\Julio Guidi\msie81xp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 189.126.119.73 bb.com.br

O1 - Hosts: 189.126.119.73 bancodobrasil.com.br

O1 - Hosts: 189.126.119.73 bradesco.com.br

O1 - Hosts: 189.126.119.73 itau.com.br

O1 - Hosts: 189.126.119.73 itaupersonnalite.com.br

O1 - Hosts: 189.126.119.73 itauprivatebank.com.br

O1 - Hosts: 189.126.119.73 santander.com.br

O1 - Hosts: 189.126.119.73 banespa.com.br

O1 - Hosts: 189.126.119.73 santanderbanespa.com.br

O1 - Hosts: 189.126.119.73 citibank.com.br

O1 - Hosts: 189.126.119.73 citibank.com

O1 - Hosts: 189.126.119.73 infoseg.gov.br

O1 - Hosts: 189.126.119.73 real.com.br

O1 - Hosts: 189.126.119.73 bancoreal.com.br

O1 - Hosts: 189.126.119.73 unibanco.com

O1 - Hosts: 189.126.119.73 unibanco.com.br

O1 - Hosts: 189.126.119.73 serasa.com.br

O1 - Hosts: 189.126.119.73 infobusca.informarketing.com

O1 - Hosts: 189.126.119.73 equifax.com.br

O1 - Hosts: 189.126.119.73 sci.com.br

O1 - Hosts: 189.126.119.73 e-tim.timbrasil.com.br

O1 - Hosts: 189.126.119.73 cbp.3dsolution.com.br

O1 - Hosts: 189.126.119.73 visanet.com.br

O1 - Hosts: 189.126.119.73 cetelem.com.br

O1 - Hosts: 189.126.119.73 banrisul.com.br

O1 - Hosts: 189.126.119.73 paypal.com.br

O1 - Hosts: 189.126.119.73 paypal.com

O1 - Hosts: 189.126.97.116 virustotal.com.br

O1 - Hosts: 189.126.97.116 linhadefensiva.com.br

O1 - Hosts: 189.126.97.116 linhadefensiva.org

O1 - Hosts: 189.126.119.73 www.bb.com.br

O1 - Hosts: 189.126.119.73 www.bancodobrasil.com.br

O1 - Hosts: 189.126.119.73 www.bradesco.com.br

O1 - Hosts: 189.126.119.73 www.itau.com.br

O1 - Hosts: 189.126.119.73 www.itaupersonnalite.com.br

O1 - Hosts: 189.126.119.73 www.itauprivatebank.com.br

O1 - Hosts: 189.126.119.73 www.santander.com.br

O1 - Hosts: 189.126.119.73 www.banespa.com.br

O1 - Hosts: 189.126.119.73 www.santanderbanespa.com.br

O1 - Hosts: 189.126.119.73 www.citibank.com.br

O1 - Hosts: 189.126.119.73 www.citibank.com

O1 - Hosts: 189.126.119.73 www.infoseg.gov.br

O1 - Hosts: 189.126.119.73 www.unibanco.com

O1 - Hosts: 189.126.119.73 www.unibanco.com.br

O1 - Hosts: 189.126.119.73 www.real.com.br

O1 - Hosts: 189.126.119.73 www.bancoreal.com.br

O1 - Hosts: 189.126.119.73 www.serasa.com.br

O1 - Hosts: 189.126.119.73 www.equifax.com.br

O1 - Hosts: 189.126.119.73 www.sci.com.br

O1 - Hosts: 189.126.119.73 www.infobusca.informarketing.com

O1 - Hosts: 189.126.119.73 www.e-tim.timbrasil.com.br

O1 - Hosts: 189.126.119.73 www.cbp.3dsolution.com.br

O1 - Hosts: 189.126.119.73 www.visanet.com.br

O1 - Hosts: 189.126.119.73 www.cetelem.com.br

O1 - Hosts: 189.126.119.73 www.banrisul.com.br

O1 - Hosts: 189.126.119.73 www.paypal.com.br

O1 - Hosts: 189.126.119.73 www.paypal.com

O1 - Hosts: 189.126.119.73 www.virustotal.com.br

O1 - Hosts: 189.126.119.73 www.linhadefensiva.com.br

O1 - Hosts: 189.126.119.73 www.linhadefensiva.org

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system\wuaucldt.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/...b?1244960040269

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1248356873049

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! antivírus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11653 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! jguidi

<@> Baixe: < HostsXpert >

<@> Salve-a no Desktop!

<@> Descompacte-a e execute: HostsXpert.exe

<@> Feche todas as janelas e o navegador!

<@> Clique em Restore Microsoft's Hosts file --> Ok.

<@> Ocorrendo algum erro,em sua execução,clique em Make Writable e repita o procedimento.

<@> Finalize o programa e reinicie o computador!

<><><><><><><><><>

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

O ComboFix não está rodando. Já tentei renomea-lo para kombo.exe. Já até rodei em modo de segurança e também, como administrador. Está dando uma mensagem de erro,

"Cuidado:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

ComboFix.exe pode ser baixado em qualquer um dos sites acima. Se você baixou de outro site, é provável que ele esteja infectado. Para sua tranquilidade, recomendo que você delete a cópia atual e baixe uma cópia limpa."

Alguma idéia?

Compartilhar este post


Link para o post
Compartilhar em outros sites

O ComboFix não está rodando. Já tentei renomea-lo para kombo.exe. Já até rodei em modo de segurança e também, como administrador. Está dando uma mensagem de erro,

"Cuidado:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

ComboFix.exe pode ser baixado em qualquer um dos sites acima. Se você baixou de outro site, é provável que ele esteja infectado. Para sua tranquilidade, recomendo que você delete a cópia atual e baixe uma cópia limpa."

Alguma idéia?

<><><><><><><><>

Opa! jguidi

<!> Siga então,com o HostsXpert.

<><><><><><><><>

<@> Baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Terminando,clique em "Remover itens".

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt <--

<><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro amigo,

No final das contas acabou rodando o ComboFix, apenas dei um ok na mensagem que aparecia e o autoscan foi realizado, vou enviar os logs do ComboFix e do Hijack.

Log do ComboFix:

ComboFix 09-07-28.01 - Julio Guidi 28/07/2009 23:46.1.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.1470.537 [GMT -3:00]

Executando de: c:\users\Julio Guidi\Desktop\ComboFix.exe

AV: avast! antivírus 4.8.1229 [VPS 090728-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivírus 4.8.1229 [VPS 090728-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2477048456-252282721-4059469227-500

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-28 to 2009-07-29 ))))))))))))))))))))))))))))

.

2009-07-29 02:54 . 2009-07-29 02:55 -------- d-----w- c:\users\Julio Guidi\AppData\Local\temp

2009-07-29 02:18 . 2009-07-29 02:18 -------- d-s---w- C:\Kombo

2009-07-29 01:15 . 2009-07-29 01:21 -------- d-----w- C:\Lop SD

2009-07-29 01:14 . 2009-07-29 01:14 -------- d-----w- C:\Lop

2009-07-29 00:13 . 2009-07-29 00:13 399360 ---h--w- c:\users\Julio Guidi\msie81xp.exe

2009-07-28 23:00 . 2009-07-28 23:00 -------- d-----w- c:\program files\Trend Micro

2009-07-28 22:32 . 2009-07-28 22:44 -------- d-----w- C:\LinhaDefensiva

2009-07-28 21:53 . 2009-07-28 21:53 -------- d-----w- c:\program files\Java

2009-07-28 21:37 . 2009-07-28 21:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-07-28 21:37 . 2009-07-28 21:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-28 21:35 . 2009-07-28 21:35 -------- d-----w- c:\users\Julio Guidi\AppData\Roaming\IObit

2009-07-28 21:31 . 2009-07-28 22:49 -------- d-----w- c:\program files\The Cleaner

2009-07-23 16:29 . 2007-01-03 14:20 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin

2009-07-23 16:02 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll

2009-07-23 16:02 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-07-23 16:02 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-07-23 16:02 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll

2009-07-23 16:02 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe

2009-07-23 16:02 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-07-23 16:02 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2009-07-23 15:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll

2009-07-23 15:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll

2009-07-23 15:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

2009-07-23 15:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll

2009-07-23 15:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll

2009-07-23 13:29 . 2009-07-23 13:36 -------- d-----w- c:\programdata\NOS

2009-07-23 13:29 . 2009-07-23 13:36 -------- d-----w- c:\program files\NOS

2009-07-20 15:07 . 2009-07-20 15:07 -------- d-----w- c:\users\Julio Guidi\AppData\Roaming\Uniblue

2009-07-19 14:37 . 2009-07-19 14:37 2375680 ----a-w- c:\windows\system\jumpm.exe

2009-07-19 14:37 . 2009-07-19 14:37 214528 ---h--w- c:\windows\system\wuaucldt.exe

2009-07-19 03:20 . 2009-07-19 03:20 -------- d-----w- c:\program files\Easy Text To HTML Converter

2009-07-19 03:04 . 2009-07-19 03:04 -------- d-----w- c:\users\Julio Guidi\.fop

2009-07-19 03:04 . 2009-07-19 03:04 -------- d-----w- c:\users\Julio Guidi\.docx4all

2009-07-19 03:02 . 2009-07-19 03:02 -------- d-----w- c:\users\Julio Guidi\.javafxcache

2009-07-19 03:01 . 2009-07-19 03:01 -------- d-----w- c:\users\Julio Guidi\.vfsjfilechooser

2009-07-16 14:26 . 2009-07-16 14:27 -------- d-----w- c:\users\Julio Guidi\AppData\Local\Google

2009-07-16 14:23 . 2009-07-16 14:23 -------- d-----w- c:\users\Julio Guidi\AppData\Local\Apps

2009-07-16 14:23 . 2009-07-16 14:26 -------- d-----w- c:\users\Julio Guidi\AppData\Local\Deployment

2009-07-15 13:39 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-07-15 13:39 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-15 13:39 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-15 13:39 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-06-30 05:00 . 2009-06-15 22:19 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-29 02:44 . 2008-02-24 15:02 -------- d-----w- c:\programdata\pdf995

2009-07-29 02:44 . 2008-02-24 15:02 60 ----a-w- c:\windows\wpd99.drv

2009-07-29 02:26 . 2006-11-06 01:23 634202 ----a-w- c:\windows\system32\prfh0416.dat

2009-07-29 02:26 . 2006-11-06 01:23 121888 ----a-w- c:\windows\system32\prfc0416.dat

2009-07-28 21:53 . 2009-02-03 00:13 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-28 21:35 . 2008-08-18 23:29 -------- d-----w- c:\program files\IObit

2009-07-28 21:25 . 2009-07-23 16:29 68742 ----a-w- c:\programdata\nvModes.dat

2009-07-28 21:23 . 2008-04-03 23:14 7620 ----a-w- c:\users\Julio Guidi\AppData\Local\d3d9caps.dat

2009-07-23 16:50 . 2007-12-12 19:38 -------- d-----w- c:\programdata\NVIDIA

2009-07-23 15:43 . 2007-08-11 10:20 -------- d-----w- c:\program files\CONEXANT

2009-07-23 12:57 . 2009-03-05 02:41 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-23 05:49 . 2009-04-27 04:19 -------- d-----w- c:\program files\Megacubo

2009-07-16 06:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-06-30 12:37 . 2009-02-28 13:45 -------- d-----w- c:\programdata\GbPlugin

2009-06-30 12:37 . 2009-02-28 13:45 -------- d-----w- c:\program files\GbPlugin

2009-06-26 18:56 . 2009-01-11 01:13 -------- d-----w- c:\programdata\Roxio

2009-06-26 17:20 . 2007-12-12 19:52 1 ----a-w- c:\users\Julio Guidi\AppData\Roaming\BrOffice.org2\user\uno_packages\cache\stamp.sys

2009-06-26 17:20 . 2007-12-12 19:51 -------- d-----w- c:\users\Julio Guidi\AppData\Roaming\BrOffice.org2

2009-06-14 05:26 . 2009-06-14 05:26 -------- d-----w- c:\program files\Image Comparer

2009-06-11 06:02 . 2007-08-11 10:55 -------- d-----w- c:\program files\Microsoft Works

2009-06-06 03:37 . 2009-04-27 04:19 -------- d-----w- c:\program files\SopCast

2009-05-26 17:35 . 2007-12-12 14:40 91728 ----a-w- c:\users\Julio Guidi\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-25 22:05 . 2009-05-25 22:05 10134 ----a-r- c:\users\Julio Guidi\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

2009-05-10 23:54 . 2007-12-12 18:48 38079 ----a-w- c:\users\Julio Guidi\AppData\Roaming\nvModes.dat

2009-05-09 05:50 . 2009-06-14 06:39 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-09 05:34 . 2009-06-14 06:39 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-18 16:36 . 2009-05-11 23:28 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2008-05-01 16:03 . 2008-05-01 16:03 608 --sha-w- c:\windows\System32\winzvprt5.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-16 133104]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-28 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-06-18 21:00 302368 ----a-w- c:\program files\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gerenciador de HotSync.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Gerenciador de HotSync.lnk

backup=c:\windows\pss\Gerenciador de HotSync.lnk.CommonStartup

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\IDMan

[HKEY_LOCAL_MACHINE\software\Microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{F097F5EF-279E-43C9-9853-BBFEE9960587}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP

"{3782F639-7816-402A-B161-4D3AE8190C4B}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP

"TCP Query User{9663C8BE-CA3C-4985-9431-6032BDCF9ADA}c:\\program files\\dremule\\emule.exe"= UDP:c:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F35F484-8446-4B4B-A316-DA2A16D86241}c:\\program files\\dremule\\emule.exe"= TCP:c:\program files\dremule\emule.exe:Dreamule

"TCP Query User{EDB4BC33-C0CB-47C6-8A34-8E2E70F090A4}c:\\program files\\dremule\\emule.exe"= UDP:c:\program files\dremule\emule.exe:Dreamule

"UDP Query User{88C73A6A-4675-49C5-BBBA-91B4A9941D71}c:\\program files\\dremule\\emule.exe"= TCP:c:\program files\dremule\emule.exe:Dreamule

"{1A45DD18-0424-426B-88CD-EB3775A82F2D}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

"{6B318D8D-E71D-4D91-A522-E9DFE2FBA433}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

"{5E89CDCC-48B0-4BDD-B53B-F02B8C3D3171}"= UDP:53541:53541

"{8FBBE789-68BA-4386-A7C8-C74514FBFFEC}"= TCP:14931:14931

"TCP Query User{D491449C-08B7-4AC6-90AD-E2117EC925DF}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{ECD70FA5-A8A6-4C11-8B83-02E946CD528E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{17885EE0-4A51-4906-A1E4-41F7876C08CE}c:\\users\\julio guidi\\program files\\dna\\btdna.exe"= UDP:c:\users\julio guidi\program files\dna\btdna.exe:btdna.exe

"UDP Query User{041BA2AB-1044-4D32-9664-8EFBA726B1BD}c:\\users\\julio guidi\\program files\\dna\\btdna.exe"= TCP:c:\users\julio guidi\program files\dna\btdna.exe:btdna.exe

"{1D9B8AC7-B3FD-4AD4-993A-F9009F9C7471}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{3E550B93-FAFB-4810-8353-6970BAFC6AAD}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{C58791F5-11ED-4247-988E-63C206651F42}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{6C6385B7-1DAD-442A-B95A-5C38542C3ADA}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer

"{19D5721B-7948-40C4-9D1B-11ACF4AA8857}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo

"{A5A38FD4-CB14-40E7-BB64-F3EB3A154FD7}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 GbpKm;Gbp KernelMode;c:\windows\System32\drivers\gbpkm.sys [30/06/2009 02:00 27056]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 01:26 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 01:26 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [09/02/2008 08:39 51280]

R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [28/02/2009 10:45 53552]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28/07/2009 18:37 1153368]

S3 usb2vcom;USB Data Cable;c:\windows\System32\drivers\usb2vcom.sys [04/10/2008 11:46 28704]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\Microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-07-29 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-28 12:55]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000Core.job

- c:\users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-16 14:26]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172417707-4275060026-1713001662-1000UA.job

- c:\users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-16 14:26]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.globo.com/

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FF - ProfilePath - c:\users\Julio Guidi\AppData\Roaming\Mozilla\Firefox\Profiles\yjq2dfmr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\users\Julio Guidi\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-28 23:55

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-2172417707-4275060026-1713001662-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):7e,cc,a4,11,28,5c,79,07,19,75,05,e9,4d,9e,9b,8d,20,5c,3e,dd,24,

0b,5f,85,dc,ef,20,8c,c3,18,22,d6,51,60,f9,51,15,85,d7,7f,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2172417707-4275060026-1713001662-1000_Classes\CLSID\{7a09ffc5-b447-4116-b0b3-5e58888cde6c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000001b

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,62,3b,0d,e0,83,f3,8a,5e,96,94,16,7a,19,d5,dc,a7,3f,cb,c4,3f,5b,b9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (Y) (Users)

@Denied: (Y) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tempo para conclusão: 2009-07-29 23:57

ComboFix-quarantined-files.txt 2009-07-29 02:57

Pré-execução: 24.816.861.184 bytes disponíveis

Pós execução: 24.803.590.144 bytes disponíveis

228 --- E O F --- 2009-07-28 21:36

----------- // -----------------

Log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:03:19, on 29/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Julio Guidi\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Julio Guidi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/...b?1244960040269

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.Microsoft.com/microsoftupdat...b?1248356873049

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! antivírus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7756 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! jguidi

<!> você possui 2 antivírus: Norton + Avast.

<!> Desinstale o Norton,se for do seu agrado.

<><><><><><><><>

<@> Baixe Malwarebytes e poste seu relatório.

Abraços!

Bom dia Amigo,

Segue o log do Malwarebytes:

Malwarebytes' Anti-Malware 1.39

Versão do banco de dados: 2525

Windows 6.0.6001 Service Pack 1

29/07/2009 11:16:28

mbam-log-2009-07-29 (11-16-28).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 266135

Tempo decorrido: 1 hour(s), 19 minute(s), 32 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 3

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

c:\program files\Megacubo\bin\sopcore.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\Windows\system\wuaucldt.exe (Spyware.Banker) -> Quarantined and deleted successfully.

C:\Windows\system\jumpm.exe (Trojan.Banker) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! jguidi

<!> Alguns problemas foram removidos pelo antimalware. ( MBAM )

<!> O log do HijackThis,está limpo! (Y)

°°°°°°°°°°°°°°°°°°°°°°°

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

°°°°°°°°°°°°°°°°°°°°°°°

<!> Tudo Ok?

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! jguidi

<!> Alguns problemas foram removidos pelo antimalware. ( MBAM )

<!> O log do HijackThis,está limpo! (Y)

°°°°°°°°°°°°°°°°°°°°°°°

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

°°°°°°°°°°°°°°°°°°°°°°°

<!> Tudo Ok?

Abraços!

Muito obrigado, o problema acho que foi resolvido, resta saber se vou poder acessar o internet banking com tranquilidade.

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Olá caros leitores, estou a procura de um placa de vídeo para jogar E-sports. Estou em duvida entre a Gigabyte 1050 ti OC 4GB e a EVGA Gerforce GTX 1050 ti SC GAming 4GB  http://www.kabum.com.br/cgi-local/site/produtos/descricao.cgi?codigo=84137&origem=52&gclid=Cj0KEQiA88TFBRDYrOPKuvfY2pIBEiQA97Z8MR3bWfLxyIkX3Ppt1kdeEQZ6-niBm8C_FtAgK6ZYFzIaAv3W8P8HAQ  

    • Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by Silvester on 25/02/2017 at 15:46:10,01.
      Microsoft Windows 10 Home Single Language 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\Silvester\Desktop\zoek.exe [Scan all users] [Script inserted]  ==== Older Logs ====================== C:\zoek-results2016-08-13-201715.log    18059 bytes
      C:\zoek-results2016-08-18-165922.log    20260 bytes
      C:\zoek-results2017-02-25-184339.log    560 bytes ==== System Restore Info ====================== 25/02/2017 15:53:43 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. 

      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

      # This file contains the mappings of IP addresses to host names. Each 
      # entry should be kept on an individual line. The IP address should 
      # be placed in the first column followed by the corresponding host name. 
      # The IP address and the host name should be separated by at least one 
      # space. 

      # Additionally, comments (such as these) may be inserted on individual 
      # lines or following the machine name denoted by a '#' symbol. 

      # For example: 

      #      102.54.94.97     rhino.acme.com          # source server 
      #       38.25.63.10     x.acme.com              # x client host 
       
      127.0.0.1       localhost  ==== Empty Folders Check ====================== C:\PROGRA~3\BlueStacksSetup deleted successfully
      C:\PROGRA~3\Comms deleted successfully
      C:\PROGRA~3\SoftwareDistribution deleted successfully
      C:\Users\Guilherme\AppData\Local\ActiveSync deleted successfully
      C:\Users\Guilherme\AppData\Local\NetworkTiles deleted successfully
      C:\Users\Silvester\AppData\Local\NetworkTiles deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ======================
      ==== Deleting CLSID Registry Values ======================
      ==== Deleting Services ======================
      ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Universe Sandbox not found
      C:\Users\Silvester\AppData\Local\Aplicativo Itau deleted
      C:\PROGRA~3\Package Cache deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
      "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [11/12/2016 13:34]
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
      "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [11/12/2016 13:34] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
      efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
      fhoibnponjcgjgcnfacekaijdbbplhib - https://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib[] Chrome Media Router - Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
      AntiProtetor - Silvester\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggalbojcechgnfflkndfegfffodfmjaj
      Desprotetor de Links - Silvester\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei
      Chrome Media Router - Silvester\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{3865FC38-6166-486E-B661-91934F650698}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3865FC38-6166-486E-B661-91934F650698}] not found New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Guilherme\Desktop\Arquivos - Atalho.lnk - E:\Arquivos 
      C:\Users\Guilherme\Desktop\Kaspersky Secure Connection.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe -navigate ksde://mainwindow
      C:\Users\Guilherme\Desktop\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
      C:\Users\Guilherme\Desktop\mods 1.10.2.lnk - C:\Users\Guilherme\AppData\Roaming\.minecraft\mods 
      C:\Users\Guilherme\Desktop\mods 1.7.10.lnk - C:\Users\Guilherme\AppData\Roaming\Mine1.7.10\mods 
      C:\Users\Guilherme\Desktop\mods 1.8 falso.lnk - C:\Users\Guilherme\AppData\Roaming\newmine\.minecraft\mods 1.8\mods 
      C:\Users\Guilherme\Desktop\mods 1.8.9.lnk - C:\Users\Guilherme\AppData\Roaming\.minecraft\mods 
      C:\Users\Guilherme\Desktop\mods1,8.lnk - C:\Users\Guilherme\AppData\Roaming\.minecraft\mods 
      C:\Users\Guilherme\Desktop\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe 
      C:\Users\Guilherme\Desktop\Universe Sandbox.lnk - C:\Program Files (x86)\ Universe Sandbox\SmartSteamLoader.exe 
      C:\Users\Guilherme\Desktop\Silvio\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Guilherme\Desktop\Silvio\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
      C:\Users\Guilherme\Desktop\Silvio\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe 
      C:\Users\Guilherme\Desktop\Silvio\uTorrent.exe - Atalho.lnk - C:\Users\Guilherme\AppData\Roaming\uTorrent\uTorrent.exe 
      C:\Users\Silvester\Desktop\Aluguel.lnk - E:\Silvester\aluguel 
      C:\Users\Silvester\Desktop\Any Video Converter.lnk - C:\Program Files (x86)\Anvsoft\Any Video Converter\AVCFree.exe 
      C:\Users\Silvester\Desktop\Bella Olinda.lnk - E:\Silvester\Bella Olinda 
      C:\Users\Silvester\Desktop\gg.lnk - C:\Users\Silvester\AppData\Local\Aplicativo Itau\itauaplicativo.exe 
      C:\Users\Silvester\Desktop\µTorrent.lnk -   ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 
      C:\Users\Public\Desktop\Design&Print.lnk - C:\Program Files (x86)\Design&Print\DesktopDPO.exe 
      C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
      C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe -navigate ksde://mainwindow
      C:\Users\Public\Desktop\Quik.lnk - C:\Program Files (x86)\GoPro\GoPro Desktop App\Quik.exe 
      C:\Users\Public\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe 
      C:\Users\Public\Desktop\Sony.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe  ==== shortcuts in Users Start Menu ====================== C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\OneDrive.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Central de Diagnósticos.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Desinstalador.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Itaú.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GEPath 1.4.6\GEPath 1.4.6.LNK - C:\Program Files (x86)\GEPath\GEPath1_4_6.exe  ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Products\Design&Print.lnk - C:\Program Files (x86)\Design&Print\DesktopDPO.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Customer Connect.lnk - C:\Program Files (x86)\Dell Customer Connect\DCCTrayApp.exe shortcut
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Notifications.lnk - C:\Program Files (x86)\Dell\Dell Foundation Services\ShellHelper.exe /FromShortcut
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe  -setDX
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe  -setOGL
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk - C:\Windows\System32\msiexec.exe /x {F6430171-B86B-4639-839E-374913E7911D}
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro\GoPro Studio.lnk - C:\Program Files (x86)\GoPro\tools\GoPro Studio.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro\Quik.lnk - C:\Program Files (x86)\GoPro\GoPro Desktop App\Quik.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_121\bin\javacpl.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_121\bin\javacpl.exe -tab about
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pptico.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\Ajuda do PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe /Help
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\Ferramenta de Inicialização de Configurações do PlayMemories.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Camera Control\Ajuda do Remote Camera Control.lnk - C:\Program Files (x86)\Sony\Remote Camera Control\Help\RCC_Help.html 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Camera Control\Remote Camera Control.lnk - C:\Program Files (x86)\Sony\Remote Camera Control\RemoteCameraControl.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Desinstalar Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller Help.pdf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe  ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d7a6d30ba0cb1b55\ConverttoPDFNow.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=fhejbnkchaapocpeaikmlkciccbhgcaa
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Fraps.lnk - C:\Fraps\fraps.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Shiginima Launcher SE v3.lnk - C:\Users\Guilherme\Desktop\Shiginima Launcher SE v3.100.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CorelDRAW X8.lnk - c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PHOTO-PAINT X8 (64-Bit).lnk - c:\Windows\Installer\{04D8C47E-C0FE-4CA5-8878-91ECD9552109}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -  
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -   ==== Reset IE Proxy ====================== Value(s) before fix:
      "ProxyEnable"=dword:00000000 Value(s) after fix:
      "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=195 folders=113 457364542 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied
      C:\Users\SILVES~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 25/02/2017 at 16:41:41,73 ======================
        _____________________________ Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 16:44:49, on 25/02/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0000)
      Boot mode: Normal Running processes:
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
      C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
      C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe
      C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Users\Silvester\Downloads\HijackThis.exe
      C:\Windows\SysWoW64\DllHost.exe
      C:\Windows\SysWoW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell15.msn.com/?PC=DCTE
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell15.msn.com/?PC=DCTE
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
      O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
      O23 - Service: Serviço do Kaspersky Anti-Virus 17.0.0 (AVP17.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
      O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
      O23 - Service: Dell Help & Support - Unknown owner - C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
      O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) - Unknown owner - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: klvssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe
      O23 - Service: Serviço do Kaspersky Secure Connection 1.0.0 (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: NovaSkinResourcepack - Unknown owner - C:\Users\Guilherme\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\nssm-x86.exe (file missing)
      O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
      O23 - Service: Product Registration - Dell - C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
      O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) --
      End of file - 11522 bytes
       
    • Olá pessoal sou novo aqui no fórum, pois bem depois da atualização que eu fiz para instalar do Windows 10 eu não consigo mais utilizar as teclas de atalho do meu teclado(para não dizer todas apenas a de volume que funciona). Já tentei verificar se tem alguma atualização para essa correção mais não apareceu nada, eu não sei o que fazer(não que isso prejudique, mas os atalhos acabam facilitando um pouco a vida). bom pessoal desde já agradeço.
    • Olá! Possuo um arquivo em excel com duas planilhas diferentes, estas são impressas em duas impressoras diferentes. Gostaria de saber se há alguma macro que eu consiga enviar para impressão as duas planilhas nas suas respectivas impressoras diretamente, sem que eu tenha que selecionar a impressora.
      Obrigado!
    • Editei sua imagem para cobrir o MAC Address do aparelho que estava exposto. Veja este vídeo, nele é mostrado um campo para o MTU: https://www.youtube.com/watch?v=44v_l794N5Y
    • Rede: http://download.msi.com/dvr_exe/Atheros_lan_vx_mb.zip Vídeo: http://dl.msi.com/download_files/mb/dvr_exe/intel_eagle_vga_732_mb.zip Veja se funciona.
    • Boa tarde. Isso é algo que é notório e fará diferença com HD e SSD. Como você vai usar somente HD, a única diferença será no espaço ocupado. As especificações desta fonte apontam apenas para existência de dois cabos SATA, um deles você já deve usar no HD, o outro talvez no DVD. Neste caso mova o cabo do DVD para ser usado no HD e use um adaptador como este: https://solucaocabos.com.br/media/catalog/product/cache/1/image/650x650/9df78eab33525d08d6e5fb8d27136e95/c/a/cabo_adaptador_de_fonte_para_sata.jpg Não é recomendado, mas é a solução de momento.  
    • Obrigado pela ajuda! Tem alguma diferença entre o ST1000DM003 e o ST1000DM010? O primeiro, em uma das lojas do Boadica está R$192,85 e o segundo, que não tem no Boadica, no Kabum está custando R$ 239,00. Obrigado!
    • Boa tarde. Windows + R para abrir o Menu Executar. Digite sem aspas "regedit" e clique em Ok. Navegue até a chave: HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing Clique com o botão direito em "MSLicensing" -> "Permissões". Clique em "Adicionar" -> "Locais" -> "Ok". Em "Digite os nomes de objeto..." digite ou cole sem aspas "ALL APPLICATION PACKAGES". Clique em Ok. De volta a janela de permissões, selecione "ALL APPLICATION PACKAGES", em "Leitura", marque "Permitir". Confirme. Reinicie e teste.
    • 1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções. 2. Faça download do Zoek e execute-o. 3. Copie as linhas abaixo (selecione-as e tecle CTRL+C) e cole (CTRL+V) no espaço do Zoek: createsrpoint;
      autoclean;
      resetieproxy;
      resethosts;
      iedefaults;
      chrdefaults;
      emptyCHRcache;
      ffdefaults;
      firefoxlook;
      emptyalltemp;
      shortcutfix; 4. Feche todos os navegadores e clique em Run Script: Durante o Scan a mensagem abaixo será apresentada. Seja paciente e aguarde o término da execução do script pois a análise pode demorar alguns minutos.. 5. Caso seja solicitada a reinicialização do computador, faça isso clicando em OK 6.  O Zoek abrirá uma janela com o resultado da análise. Poste o conteúdo dessa janela e também um novo Log do HijackThis.
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.