Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Segue o LOG DO HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:01, on 19/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
H:\Arquivos de programas\Datasus\CNES\scnes.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usuario\Meus documentos\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\ARQUIV~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.saude.ce.gov.br/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B4B8B87-2284-4B97-BF62-BD752543770B}: NameServer = 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{11AB17D4-F4DF-4D10-B0F3-281EA3D9BFAC}: NameServer = 208.67.222.222
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe
--
End of file - 12298 bytes
Conforme orientacao segue os LOG(s):
ADWCLEANER:
*** [services] ***
*** [Files / Folders] ***
File Found : C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Arquivos de programas\Conduit
Folder Found : C:\DOCUME~1\Usuario\CONFIG~1\Temp\avg@toolbar
Folder Found : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
Folder Found : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Folder Found : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Folder Found : C:\Documents and Settings\Usuario\Dados de aplicativos\Babylon
Folder Found : C:\Documents and Settings\Usuario\Dados de aplicativos\BabylonToolbar
Folder Found : C:\Documents and Settings\Usuario\Dados de aplicativos\PriceGong
*** [Registry] ***
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3238255
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKU\S-1-5-21-527237240-484061587-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [3892 octets] - [19/12/2012 19:29:52]
########## EOF - C:\AdwCleaner[R1].txt - [3952 octets] ##########
Já com respeito ao LOG DO ZHPDIAG_SILENT apareceu a seguinte mensagem: "Seu post está muito grande. Por favor, volte e diminua-o um pouco."
Bom Dia! o_pensador
|- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Suppression.jpg&key=ea7f314988c364d38f61f15aee7583e1c9e325cba8a0d859f1c7cd594582e777" alt="AdwCleaner_Suppression.jpg" />
|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt
-/-
Já com respeito ao LOG DO ZHPDIAG_SILENT apareceu a seguinte mensagem: "Seu post está muito grande. Por favor, volte e diminua-o um pouco."
|- Lhe dei 2 opções para postar o log. ( MyFile.tk ou Cjoint.com )
A+
LOG ADWCLEANER:
*** [services] ***
*** [Files / Folders] ***
File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Arquivos de programas\Conduit
Folder Deleted : C:\DOCUME~1\Usuario\CONFIG~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Ask
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Folder Deleted : C:\Documents and Settings\Usuario\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\Usuario\Dados de aplicativos\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Usuario\Dados de aplicativos\PriceGong
*** [Registry] ***
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3238255
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [4021 octets] - [19/12/2012 19:29:52]
AdwCleaner[s1].txt - [3882 octets] - [20/12/2012 08:44:39]
########## EOF - C:\AdwCleaner[s1].txt - [3942 octets] ##########
LINK DA PAGINA DO RELATORIO DO ZHPDIAG:
Bom Dia! o_pensador
|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />
|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe (.not file.) => Infection Diverse (Trojan.Keygen)
SS - | Auto 8192 | (KMService) . (...) - C:\WINDOWS\system32\srvany.exe => Infection Diverse (Trojan.Keygen)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)O23 - Service: KMService (KMService) . (...) - C:\WINDOWS\system32\srvany.exe => Infection Diverse (Trojan.Keygen)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AutoKMS.job => Infection Diverse (Trojan.Keygen)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Usuario\Configurações locais\Temp\Keygen.exe" [Enabled] .(...) -- C:\Documents and Settings\Usuario\Configurações locais\Temp\Keygen.exe (.not file.) => Crack, KeyGen, Keymaker - Possible MalwareO43 - CFD: 30/10/2012 - 16:02:08 - [0,609] ----D C:\Arquivos de programas\Conduit => Toolbar.Conduit
O43 - CFD: 10/12/2012 - 14:27:42 - [0,431] ----D C:\Documents and Settings\Usuario\Dados de aplicativos\PriceGong => Infection Diverse (Adware.PriceGong)
O47 - AAKE:Key Export SP - "C:\WINDOWS\KMSEmulator.exe" [Enabled] .(...) -- C:\WINDOWS\KMSEmulator.exe (.not file.) => Infection Diverse (Trojan.Keygen)
O53 - SMSR:HKLM\...\startupreg\DriverCD [Key] . (...) -- E:\Run.exe (.not file.) => Infection USB (Trojan.USB)
O64 - Services: CurCS - 31/10/2012 - C:\WINDOWS\system32\srvany.exe - KMService (KMService) .(...) - LEGACY_KMSERVICE => Infection Diverse (Trojan.Keygen)
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (NicePlayer Customized Web Search) - http://search.conduit.com => Toolbar.Conduit[HKCU\Software\Install]
[HKCU\Software\PriceGong] => Infection BT (Adware.PriceGong)
[HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon)
[HKCU\Software\MLSync] => MLSync
[HKCU\Software\Conduit] => Toolbar.Conduit
[HKCU\Software\Smartbar] => Toolbar.Agent
[HKLM\Software\Conduit] => Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}] => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}] => Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] => AVG Security Toolbar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] => Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} => Toolbar.Ask
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection BT (Adware.Agent)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] => Infection BT (Adware.BHO)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\PriceGong] => Infection BT (Adware.PriceGong)
C:\Arquivos de programas\Conduit => Toolbar.Conduit
C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Conduit => Toolbar.Conduitproxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
A+
Eis o LOG:
Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre :
Run by Usuario at 20/12/2012 11:31:01
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://nicolascoolman.skyrock.com/
========== Registry Key ==========
DELETED Key: Service: KMService
DELETED Key: CLSID BHO: {21A88CB9-84D2-4020-A2D1-B25A21034884}
DELETED Key: CLSID BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
DELETED Key: CLSID BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670}
DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
DELETED Key: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
DELETED Key: CLSID BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}
DELETED Key: CLSID BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}
DELETED Key: CLSID BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
DELETED Key: CLSID BHO: {B4F3A835-0E21-4959-BA22-42B3008E02FF}
DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
NOT FOUND Key: Service: KMService
DELETED Key: StartupReg: DriverCD
ERROR Key: Service Legacy: LEGACY_KMSERVICE
NOT FOUND SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
DELETED Key: HKCU\Software\Install
NOT FOUND Key: HKCU\Software\PriceGong
NOT FOUND Key: HKLM\Software\Babylon
DELETED Key: HKCU\Software\MLSync
NOT FOUND Key: HKCU\Software\Conduit
NOT FOUND Key: HKCU\Software\Smartbar
NOT FOUND Key: HKLM\Software\Conduit
NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
NOT FOUND Key: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
NOT FOUND Key: HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
NOT FOUND Key: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}
NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}
NOT FOUND Key: HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
========== Registry Value ==========
DELETED URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
DELETED Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
DELETED RunValue: ctfmon.exe
NOT FOUND RunValue: ctfmon.exe
DELETED RunValue: _nltide_2
DELETED AAKE KeyValue: C:\Documents and Settings\Usuario\Configurações locais\Temp\Keygen.exe
DELETED AAKE KeyValue: C:\Documents and Settings\Usuario\Configurações locais\Temp\43.tmp\KMService.exe
DELETED AAKE KeyValue: C:\WINDOWS\KMSEmulator.exe
NOT FOUND [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
NOT FOUND C:\Arquivos de programas\Conduit
NOT FOUND C:\Documents and Settings\Usuario\Dados de aplicativos\PriceGong
DELETED Folder: c:\documents and settings\usuario\configurações locais\dados de aplicativos\conduit
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
DELETED File: c:\windows\system32\srvany.exe
DELETE on Reboot c:\windows\system32\ctfmon.exe
DELETED File: c:\documents and settings\usuario\desktop\continue ultrasurf installation.lnk
NOT FOUND File: c:\documents and settings\usuario\configurações locais\temp\icreinstall_icreinstall_ultrasurf-1203-baixaki-32-bits.exe
NOT FOUND File: c:\windows\system32\srvany.exe
NOT FOUND File: c:\windows\tasks\autokms.job
NOT FOUND File: c:\documents and settings\usuario\configurações locais\temp\keygen.exe
NOT FOUND File: c:\documents and settings\usuario\configurações locais\temp\43.tmp\kmservice.exe
NOT FOUND File: c:\windows\kmsemulator.exe
NOT FOUND File: e:\run.exe
NOT FOUND Folder/File: c:\arquivos de programas\conduit
DELETED Window Temporary:
DELETED Flash Cookies:
========== Task ==========
DELETED Task: AutoKMS
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
36 : Registry Key
21 : Registry Value
5 : Repertory
13 : File
1 : Task
1 : Restoration
End of clean in 01mn 32s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 20/12/2012 11:31:01 [5331]
Boa Noite! o_pensador
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />
|- Estando na página,clique na seta verde para o download. ( Seta verde! )
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_Suppression.jpg&key=504213ed0fd7c7ffdd71bbc9a8ecfed75d167e84deb27fd5dfec08c0104c80c3" alt="DelFix_Suppression.jpg" />
|- Clique em "Suppression".
|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".
|- Seus logs estão limpos!
|- Tudo Ok?
A+
Fiz exatamente como recomendado e agradeco a ajuda de voces. A maquina voltou a funcionar perfeitamente. Muito obrigado...
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Noite! o_pensador
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/adwcleaner_logo.jpg&key=e2bde0dd8c13fd52e18ca6fc88e8f2d73040a387059f8bc22a53202f0de6f95f" alt="adwcleaner_logo.jpg" /> > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >
|- Salve-o no desktop!
|- Desabilite seu antivírus e execute o arquivo adwcleaner.exe.
|- Ps: Para Windows Vista/7,clique direito em adwcleaner.exe,e escolha /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Dê início ao scan,clicando em "Recherche" < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/AdwCleaner_Recherche.jpg&key=3af10e3152b7182d723ce988a6412cc4b12651b4c56bed0e6755357323538167" alt="AdwCleaner_Recherche.jpg" /> >
|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />
|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abi6rX9e.jpg&key=92c78ea35f87f8eb069ae0f2916f89217f86c2317aef892b27e6440e4dd75740" alt="abi6rX9e.jpg" />
|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.
|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" />
|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />
|- Maiores informações: < |Link| >
A+