[Arquivado] &nbspPc Estranho

[GildazioJr 0]

Olá, acabo de dar um up em minha maquina, troquei a placa mae, coloquei core i5 e 4gb de ram,

porem a mesma parece ter ficado mais lenta do que era, ate para coisas simples como abrir 'meu computador' ou 'meus documentos'

ela esta com um certo lag, fica travando e abre as pastas como se fosse 'apresentaçao de slides', bem lento, gostaria de saber

se trata-se de algum malware ou de outro fator, fico no aguardo da ajuda de voces, ai vai o log do hijackthis, muito obrigado!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:46:38, on 04/10/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\afwServ.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\MySQL\bin\mysqld-max.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMConfig.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMProcess.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe

C:\Arquivos de programas\Nero\Nero 7\Core\nero.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bradesconetempresa.com.br/

O1 - Hosts: 69.162.112.196 wwwstatic.megavideo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [KMCONFIG] C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iMSS] "C:\Arquivos de programas\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-21-842925246-1580436667-682003330-1004\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" (User '?')

O4 - HKUS\S-1-5-21-842925246-1580436667-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} (DVR4204 Client Control) - http://10.1.1.50:8000/EDVR.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{7895EF23-0CB8-4CD2-A83C-13C50E4EAD4E}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS4\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\afwServ.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MySql - Unknown owner - C:\MySQL\bin\mysqld-max.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 11972 bytes

[wings 22]

Olá GildazioJr

 

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione as opções:

Scan All Users

Company Name

Skip Microsoft

 

*Em Additional Scans selecione:

Reg - NetSvcs

File - Lop Check

File - Purity Scan

 

*Selecione, copie, e cole o código no espaço abaixo de Custom Scans:

/md5start

midimap.dll

ndis.sys

ndistapi.sys

/md5stop

%ALLUSERSPROFILE%\*.*

%ALLUSERSPROFILE%\Dados de aplicativos\*

%ALLUSERSPROFILE%\Dados de aplicativos\*.*

%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.*

%APPDATA%\*

%APPDATA%\*.*

%SYSTEMDRIVE%\*

%SYSTEMDRIVE%\*.*

%USERPROFILE%\*.*

CREATERESTOREPOINT

*Clique [Run Scan]

*Cole o relatório apresentado

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[GildazioJr 0]

Olá GildazioJr

 

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione as opções:

Scan All Users

Company Name

Skip Microsoft

 

*Em Additional Scans selecione:

Reg - NetSvcs

File - Lop Check

File - Purity Scan

 

*Selecione, copie, e cole o código no espaço abaixo de Custom Scans:

/md5start

midimap.dll

ndis.sys

ndistapi.sys

/md5stop

%ALLUSERSPROFILE%\*.*

%ALLUSERSPROFILE%\Dados de aplicativos\*

%ALLUSERSPROFILE%\Dados de aplicativos\*.*

%ALLUSERSPROFILE%\Menu Iniciar\Programas\Inicializar\*.*

%APPDATA%\*

%APPDATA%\*.*

%SYSTEMDRIVE%\*

%SYSTEMDRIVE%\*.*

%USERPROFILE%\*.*

CREATERESTOREPOINT

*Clique [Run Scan]

*Cole o relatório apresentado

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

 

Wings, muito obrigado pela ajuda mais uma vez.

ai vai o link para o arquivo .txt, abraços!

 

http://cjoint.com/?3Jkxqhe1AFR

[wings 22]

*Baixe o AdwCleaner e salve-o no desktop

*Execute-o e clique [supression]

*Cole o relatório apresentado

 

Obs.

Estarei viajando. Antonio Vieira continuará.

 

Um abraço.

[GildazioJr 0]

Certo, obrigado ate entao.

 

Caro Antonio Vieira, ai vai o log do AdwCleaner, obrigado pela ajuda.

 

# AdwCleaner v1.310 - Rapport créé le 11/10/2011 à 09:28:49

# Mis à jour le 07/10/11 à 19h par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : GildazioJr - HOME (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

# Option [suppression]

 

 

***** [KillNav] *****

 

# firefox.exe [PID:2728] -> Tué

 

***** [Processus] *****

 

 

***** [services] *****

 

 

***** [Fichiers / Dossiers] *****

 

Dossier Supprimé : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\Conduit

 

***** [Registre] *****

 

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

 

***** [Navigateurs] *****

 

-\\ Internet Explorer v6.0.2900.5512

 

[OK] Le registre ne contient aucune entrée illégitime.

 

-\\ Mozilla Firefox v7.0.1 (pt-BR)

 

Profil : on8u2f4k.default

Fichier : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\prefs.js

 

Supprimée : user_pref("CT2552374..clientLogIsEnabled", false);

Supprimée : user_pref("CT2552374..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

Supprimée : user_pref("CT2552374..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

Supprimée : user_pref("CT2552374.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Supprimée : user_pref("CT2552374.CTID", "CT2552374");

Supprimée : user_pref("CT2552374.CurrentServerDate", "14-4-2011");

Supprimée : user_pref("CT2552374.DialogsAlignMode", "LTR");

Supprimée : user_pref("CT2552374.DownloadReferralCookieData", "");

Supprimée : user_pref("CT2552374.EMailNotifierPollDate", "Wed Nov 24 2010 08:45:05 GMT-0500");

Supprimée : user_pref("CT2552374.FirstServerDate", "24-11-2010");

Supprimée : user_pref("CT2552374.FirstTime", true);

Supprimée : user_pref("CT2552374.FirstTimeFF3", true);

Supprimée : user_pref("CT2552374.FixPageNotFoundErrors", true);

Supprimée : user_pref("CT2552374.GroupingServerCheckInterval", 1440);

Supprimée : user_pref("CT2552374.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Supprimée : user_pref("CT2552374.HasUserGlobalKeys", true);

Supprimée : user_pref("CT2552374.Initialize", true);

Supprimée : user_pref("CT2552374.InitializeCommonPrefs", true);

Supprimée : user_pref("CT2552374.InstallationAndCookieDataSentCount", 3);

Supprimée : user_pref("CT2552374.InstallationId", "integrated_CT2552374.exe");

Supprimée : user_pref("CT2552374.InstallationType", "ConduitIntegration");

Supprimée : user_pref("CT2552374.InstalledDate", "Wed Nov 24 2010 08:35:02 GMT-0500");

Supprimée : user_pref("CT2552374.InvalidateCache", false);

Supprimée : user_pref("CT2552374.IsGrouping", false);

Supprimée : user_pref("CT2552374.IsMulticommunity", false);

Supprimée : user_pref("CT2552374.IsOpenThankYouPage", false);

Supprimée : user_pref("CT2552374.IsOpenUninstallPage", true);

Supprimée : user_pref("CT2552374.LanguagePackLastCheckTime", "Thu Apr 14 2011 09:37:56 GMT-0500");

Supprimée : user_pref("CT2552374.LanguagePackReloadIntervalMM", 1440);

Supprimée : user_pref("CT2552374.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");

Supprimée : user_pref("CT2552374.LastLogin_3.2.1.3", "Thu Apr 14 2011 16:39:13 GMT-0500");

Supprimée : user_pref("CT2552374.LatestVersion", "3.3.3.2");

Supprimée : user_pref("CT2552374.Locale", "pt-br");

Supprimée : user_pref("CT2552374.MCDetectTooltipHeight", "83");

Supprimée : user_pref("CT2552374.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Supprimée : user_pref("CT2552374.MCDetectTooltipWidth", "295");

Supprimée : user_pref("CT2552374.RadioIsPodcast", false);

Supprimée : user_pref("CT2552374.RadioLastCheckTime", "Wed Nov 24 2010 08:35:02 GMT-0500");

Supprimée : user_pref("CT2552374.RadioLastUpdateIPServer", "3");

Supprimée : user_pref("CT2552374.RadioLastUpdateServer", "129167760619330000");

Supprimée : user_pref("CT2552374.RadioMediaID", "20503635");

Supprimée : user_pref("CT2552374.RadioMediaType", "Media Player");

Supprimée : user_pref("CT2552374.RadioMenuSelectedID", "EBRadioMenu_CT255237420503635");

Supprimée : user_pref("CT2552374.RadioStationName", "BestRadio%20Brasil");

Supprimée : user_pref("CT2552374.RadioStationURL", "hxxp://live.bestradiobrasil.com/wmp_hi.asx");

Supprimée : user_pref("CT2552374.SHRINK_TOOLBAR", 1);

Supprimée : user_pref("CT2552374.SearchBoxWidth", 100);

Supprimée : user_pref("CT2552374.SearchFromAddressBarIsInit", true);

Supprimée : user_pref("CT2552374.SearchInNewTabEnabled", true);

Supprimée : user_pref("CT2552374.SearchInNewTabIntervalMM", 1440);

Supprimée : user_pref("CT2552374.SearchInNewTabLastCheckTime", "Thu Apr 14 2011 09:31:49 GMT-0500");

Supprimée : user_pref("CT2552374.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

Supprimée : user_pref("CT2552374.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

Supprimée : user_pref("CT2552374.ServiceMapLastCheckTime", "Thu Apr 14 2011 09:32:05 GMT-0500");

Supprimée : user_pref("CT2552374.SettingsLastCheckTime", "Thu Apr 14 2011 10:40:11 GMT-0500");

Supprimée : user_pref("CT2552374.SettingsLastUpdate", "1302617622");

Supprimée : user_pref("CT2552374.ThirdPartyComponentsInterval", 504);

Supprimée : user_pref("CT2552374.ThirdPartyComponentsLastCheck", "Fri Apr 01 2011 09:36:26 GMT-0500");

Supprimée : user_pref("CT2552374.ThirdPartyComponentsLastUpdate", "1256047550");

Supprimée : user_pref("CT2552374.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");

Supprimée : user_pref("CT2552374.UserID", "UN75505595014295559");

Supprimée : user_pref("CT2552374.ValidationData_Search", 1);

Supprimée : user_pref("CT2552374.ValidationData_Toolbar", 2);

Supprimée : user_pref("CT2552374.WeatherNetwork", "");

Supprimée : user_pref("CT2552374.WeatherPollDate", "Wed Nov 24 2010 08:35:03 GMT-0500");

Supprimée : user_pref("CT2552374.WeatherUnit", "C");

Supprimée : user_pref("CT2552374.alertChannelId", "945276");

Supprimée : user_pref("CT2552374.backendstorage._fb_dailyactivity", "31333031353831323331393738");

Supprimée : user_pref("CT2552374.backendstorage._fb_lifetimesent", "54525545");

Supprimée : user_pref("CT2552374.backendstorage.facebook_ctid_connect_send", "73656E646564");

Supprimée : user_pref("CT2552374.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");

Supprimée : user_pref("CT2552374.backendstorage.ytapp_dailyactivity", "31333031353830373732323736");

Supprimée : user_pref("CT2552374.backendstorage.ytapp_lifetimesent", "54525545");

Supprimée : user_pref("CT2552374.components.1000034", false);

Supprimée : user_pref("CT2552374.components.1000082", false);

Supprimée : user_pref("CT2552374.components.1000234", false);

Supprimée : user_pref("CT2552374.components.129120793590775883", false);

Supprimée : user_pref("CT2552374.components.129375119490182219", false);

Supprimée : user_pref("CT2552374.components.129460315623725050", false);

Supprimée : user_pref("CT2552374.components.129460315624193801", false);

Supprimée : user_pref("CT2552374.components.129460315624662552", false);

Supprimée : user_pref("CT2552374.components.129460315625131303", false);

Supprimée : user_pref("CT2552374.components.129460315625443804", false);

Supprimée : user_pref("CT2552374.components.129460315625912555", false);

Supprimée : user_pref("CT2552374.components.129460315626850056", false);

Supprimée : user_pref("CT2552374.components.129460315627787558", false);

Supprimée : user_pref("CT2552374.components.129460316404819496", false);

Supprimée : user_pref("CT2552374.components.1414644605548080055", false);

Supprimée : user_pref("CT2552374.components.1556243035664539683", false);

Supprimée : user_pref("CT2552374.components.2609105866122059875", false);

Supprimée : user_pref("CT2552374.components.2769648631074965185", false);

Supprimée : user_pref("CT2552374.components.4046690726474639537", false);

Supprimée : user_pref("CT2552374.components.4609911553645463352", false);

Supprimée : user_pref("CT2552374.components.600828359144359426", false);

Supprimée : user_pref("CT2552374.components.8104453980635985153", false);

Supprimée : user_pref("CT2552374.myStuffEnabled", true);

Supprimée : user_pref("CT2552374.myStuffPublihserMinWidth", 400);

Supprimée : user_pref("CT2552374.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

Supprimée : user_pref("CT2552374.myStuffServiceIntervalMM", 1440);

Supprimée : user_pref("CT2552374.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

Supprimée : user_pref("CT2552374.testingCtid", "");

Supprimée : user_pref("CT2552374.toolbarAppMetaDataLastCheckTime", "Thu Apr 14 2011 09:41:14 GMT-0500");

Supprimée : user_pref("CT2552374.toolbarContextMenuLastCheckTime", "Wed Nov 24 2010 08:35:03 GMT-0500");

Supprimée : user_pref("CT2552374.usagesFlag", 2);

Supprimée : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", "\"1300087136\"");

Supprimée : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634380269302130000\"");

Supprimée : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2552374/CT2552374", "\"1302617622\"");

Supprimée : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"634351849102130000\"");

Supprimée : user_pref("CommunityToolbar.EngineOwner", "CT2552374");

Supprimée : user_pref("CommunityToolbar.EngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");

Supprimée : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_brasil");

Supprimée : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2552374");

Supprimée : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");

Supprimée : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_brasil");

Supprimée : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Supprimée : user_pref("CommunityToolbar.alert.locale", "en");

Supprimée : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Supprimée : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 13 2011 17:31:31 GMT-0500");

Supprimée : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");

Supprimée : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Supprimée : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Supprimée : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Supprimée : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Supprimée : user_pref("CommunityToolbar.alert.userId", "78060628-8d1d-4c71-87e5-53d7eb1a5ae8");

 

*************************

 

AdwCleaner[s1].txt - [11316 octets] - [11/10/2011 09:28:49]

 

*************************

 

Dossier Temporaire : 52 dossier(s) et 96 fichier(s) supprimé(s)

 

########## EOF - C:\AdwCleaner[s1].txt - [11541 octets] ##########

[Power Max 54]

:) Vários problemas foram removidos pelo AdwCleaner.

________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

[GildazioJr 0]

:) Vários problemas foram removidos pelo AdwCleaner.

________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

 

Olá Antonio, ai vao os logs do Eset e Hijackthis respectivamente, o computador ainda continua um pouco estranho para core i5 e 4gb de ram estou achando ele lento.

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=e3889af6e6a63b47b6b37f163f6be616

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-16 03:58:30

# local_time=2010-08-16 10:58:30 (-0500, Hora padrão de Bogotá)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775125 100 98 0 217338123 0 0

# compatibility_mode=1797 16774105 100 100 0 58297009 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=95989

# found=3

# cleaned=3

# scan_time=6560

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\27\38cf81db-11300478 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\52\17acdc34-6ee00510 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Meus documentos\Downloads\MsgPlusLive-479.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e3889af6e6a63b47b6b37f163f6be616

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-02-16 10:54:32

# local_time=2011-02-16 05:54:32 (-0500, Hora padrão de Bogotá)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775125 100 98 0 233260636 0 0

# compatibility_mode=1797 16775125 100 100 0 71836446 0 0

# compatibility_mode=8192 67108863 100 0 15001431 15001431 0 0

# scanned=98347

# found=12

# cleaned=12

# scan_time=6623

C:\Documents and Settings\Administrador\Configurações locais\temp\1899616.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Configurações locais\temp\22474167.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Configurações locais\temp\78423702.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Configurações locais\temp\96470243.tmp probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-388db10d probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-5139d5a5 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-7c4a9263 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\2fad0d11-34cbbca2 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\2fad0d11-48840c89 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\17\2fad0d11-4d8a7379 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\18\720e60d2-75fa8781 Java/Agent.AA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Meus documentos\Downloads\vdownloader.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=e3889af6e6a63b47b6b37f163f6be616

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-02-17 06:31:45

# local_time=2011-02-17 01:31:45 (-0500, Hora padrão de Bogotá)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=769 16775125 100 98 0 233326806 0 0

# compatibility_mode=1797 16775125 100 100 0 71902616 0 0

# compatibility_mode=8192 67108863 100 0 15067601 15067601 0 0

# scanned=131508

# found=7

# cleaned=7

# scan_time=11073

C:\RECYCLER\S-1-5-21-842925246-1580436667-682003330-500\Dc313.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\RECYCLER\S-1-5-21-842925246-1580436667-682003330-500\Dc314.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP306\A0087699.msi multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP306\A0087701.msi multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP315\A0094704.msi multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP332\A0102526.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8E091EE2-7750-4675-8F06-6A8665120B8E}\RP332\A0102527.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e3889af6e6a63b47b6b37f163f6be616

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-10-13 04:34:33

# local_time=2011-10-13 11:34:33 (-0500, Hora padrão de Bogotá)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 19295188 19295188 0 0

# compatibility_mode=768 16777215 100 0 118013451 118013451 0 0

# compatibility_mode=8192 67108863 100 0 35630353 35630353 0 0

# scanned=138688

# found=4

# cleaned=4

# scan_time=4475

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\26\7bac1a-21257cb9 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\26\7bac1a-434631e5 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\47\3e81456f-677022eb probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\57\6f1f4c39-68146fcb probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:02:27, on 17/10/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\afwServ.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\MySQL\bin\mysqld-max.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMConfig.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMProcess.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bradesconetempresa.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 69.162.112.196 wwwstatic.megavideo.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [KMCONFIG] C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iMSS] "C:\Arquivos de programas\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} (DVR4204 Client Control) - http://10.1.1.50:8000/EDVR.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{7895EF23-0CB8-4CD2-A83C-13C50E4EAD4E}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O17 - HKLM\System\CS4\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.1.2,201.10.128.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\afwServ.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MySql - Unknown owner - C:\MySQL\bin\mysqld-max.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 12118 bytes

[wings 22]

Olá GildazioJr

 

 

1.

*Execute o AdwCleaner e clique [Désinstallation] > [sim]

 

2.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

3.

*Execute o OTS, clique [CleanUp] > [Yes]

*O PC será reiniciado

 

4.

*Baixe o TDdump e salve-o no desktop

*Execute-o e cole o relatorio apresentado

 

5.

*Baixe o CheckDiskGUI

*Execute-o e clique [Run]

*Caso receba a mensagem de agendar a verificação na próxima reinicialização do sistema, tecle S, reinicie o PC e aguarde o término.

 

Informe.

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.