[Arquivado] problemas em criar atalhos e fazer pesquisa

Manain · Novembro 23, 2011

Solicito analise de log, pois não esta sendo possivel criar atalhos na area de trabalho e nem fazer pesquisa de arquivos e pastas utilizando o Windows explorer

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 07:44:56, on 23/11/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll

O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6695 bytes

Felipe_88 · Novembro 24, 2011

Manain,

Verifique se o seu Windows está configurado para pesquisar...

Veja exemplo:

http://tinypic.com/r/2s0y8sz/7

Vamos verificar se o problema está relacionado a vírus.

1.

*Baixe o ATF Cleaner e salve-o no desktop

*Execute-o

*Selecione:

[X] Select All

*Clique [Empty Selected]

*Feche o ATF-Cleaner

2.

*Baixe e instale o CCleaner Slim

*Clique [Executar Limpeza]

*Clique [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

*Feche o CCleaner

3.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado (C:\Documents and settings\Nome_do_Usuário\Dados de aplicativos\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam.txt)

Caso já tenhas o Malwarebytes instalado....

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione [x] Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Fico no aguardo!

Manain · Novembro 27, 2011

Segue relatorio do

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 8251

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

27/11/2011 07:43:02

mbam-log-2011-11-27 (07-43-02).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 1002466

Tempo decorrido: 4 hora(s), 29 minuto(s), 37 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

c:\program files\vdownloader\vdownloader.exe (VirTool.DelfInject) -> Quarantined and deleted successfully.

' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Versão da Base de Dados: 8251

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

27/11/2011 07:43:02

mbam-log-2011-11-27 (07-43-02).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 1002466

Tempo decorrido: 4 hora(s), 29 minuto(s), 37 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

c:\program files\vdownloader\vdownloader.exe (VirTool.DelfInject) -> Quarantined and deleted successfully.

Felipe_88 · Novembro 27, 2011

Manain,

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]. O PC poderá ser reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

2.

*Baixe o USBFix e salve-o no desktop

*Conecte o pen drive no PC, execute-o e clique [Pesquisa]

*Cole o relatório apresentado

Fico no aguardo!

Manain · Novembro 28, 2011

Segue relatorio do AD-REMOVER

Quanto ao USBFIX em todos os link tentado baixar ocorre a mensagem, NÃO É POSSIVEL LOCALIZAR A PAGINA.

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:34:34 on 27/11/2011, Normal boot

Microsoft Windows 7 Ultimate (X86)

nando@ACER5920 (Acer, inc. Aspire 5920)

============== ACTION(S) ==============

Folder deleted: C:\Users\Nando\AppData\LocalLow\Conduit

Folder deleted: C:\Users\Nando\AppData\LocalLow\ConduitEngine

Folder deleted: C:\Users\Nando\AppData\LocalLow\PriceGong

(!) -- Temporary files deleted.

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT2567694

Key deleted: HKLM\Software\Classes\Toolbar.CT2719261

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\AppDataLow\Toolbar

Key deleted: HKCU\Software\AppDataLow\Software\Conduit

Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine

Key deleted: HKCU\Software\AppDataLow\Software\PriceGong

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D77EEFE0-AED2-41F5-B005-811961F889B0}

============== ADDITIONNAL SCAN ==============

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKLM_URLSearchHooks|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll)

HKLM_URLSearchHooks|{c69650dc-9644-4580-aa86-0ea329ee6c60} - "MessengerPlusLive Brazil TB Toolbar" (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll)

HKCU_Toolbar\WebBrowser|{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll)

HKCU_Toolbar\WebBrowser|{C69650DC-9644-4580-AA86-0EA329EE6C60} (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll)

HKLM_Toolbar|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll)

HKLM_Toolbar|{c69650dc-9644-4580-aa86-0ea329ee6c60} (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll)

HKLM_ElevationPolicy\f5dea037-4ccf-424f-8ed7-61ad39d2eb3a - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5} - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)

HKLM_ElevationPolicy\{6FA8DB7B-83F8-44A3-A86A-7E91C18299CA} - C:\Program Files\MessengerPlusLive_Brazil_TB\MessengerPlusLive_Brazil_TBToolbarHelper.exe (?)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)

HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210)

HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)

BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{c69650dc-9644-4580-aa86-0ea329ee6c60} - "MessengerPlusLive Brazil TB Toolbar" (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll)

BHO\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - "Free Download Manager" (C:\Program Files\Free Download Manager\iefdm2.dll)

BHO\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 54 File(s)

C:\Program Files\Ad-Remover\Backup: 13 File(s)

C:\Ad-Report-CLEAN[1].txt - 27/11/2011 23:35:06 (4553 Byte(s))

End at: 23:36:51, 27/11/2011

============== E.O.F ==============

Manain · Dezembro 7, 2011

Segue Relatorio do USBFIX

############################## | UsbFix V 7.072 | [Research]

User: nando (Administrator) # ACER5920

Updated 04/12/2011 by El Desaparecido

Started at 21:40:12 | 07/12/2011

Website: http://eldesaparecido.com

Suspicious file ? : http://eldesaparecido.com/support.php

Contact: contact@eldesaparecido.com

PC: Acer, inc. (Aspire 5920 ) (X86-based PC) # Desktop Computer

CPU: Intel® Core2 Duo CPU T5450 @ 1.66GHz (1667)

RAM -> [ Total : 2038 | Free : 989 ]

BIOS: ZD1 v1.3710 3G10

BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #

WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [ Enabled ]

WU: Windows Update Service [ Enabled ]

AV: avast! Antivirus [ Enabled | Updated ]

FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Fixed drive # 149 Gb (26 Mb free - 17%) [] # NTFS

D:\ -> CD-ROM

F:\ -> Removable drive # 984 Mb (850 Mb free - 86%) [KINGSTON] # FAT

################## | Active Processes |

C:\Windows\system32\csrss.exe (476)

C:\Windows\system32\wininit.exe (532)

C:\Windows\system32\csrss.exe (540)

C:\Windows\system32\services.exe (588)

C:\Windows\system32\winlogon.exe (620)

C:\Windows\system32\lsass.exe (648)

C:\Windows\system32\lsm.exe (660)

C:\Windows\system32\svchost.exe (764)

C:\Windows\system32\svchost.exe (848)

C:\Windows\System32\svchost.exe (904)

C:\Windows\System32\svchost.exe (960)

C:\Windows\system32\svchost.exe (992)

C:\Windows\system32\svchost.exe (1260)

C:\Windows\system32\svchost.exe (1408)

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1488)

C:\Windows\System32\spoolsv.exe (1828)

C:\Windows\system32\svchost.exe (1856)

C:\Windows\system32\svchost.exe (1952)

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (2032)

C:\Windows\system32\IoctlSvc.exe (780)

C:\Windows\system32\svchost.exe (1204)

C:\Windows\system32\DRIVERS\xaudio.exe (1876)

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2180)

C:\Windows\system32\svchost.exe (2416)

C:\Windows\system32\svchost.exe (2592)

C:\Windows\system32\taskhost.exe (3232)

C:\Windows\system32\svchost.exe (3500)

C:\Windows\system32\Dwm.exe (3612)

C:\Windows\Explorer.EXE (3636)

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3740)

C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3872)

C:\Program Files\Windows Sidebar\sidebar.exe (3880)

C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3892)

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (4088)

C:\Windows\system32\SearchIndexer.exe (2872)

C:\Program Files\Windows Media Player\wmpnetwk.exe (196)

C:\Windows\system32\svchost.exe (408)

C:\Windows\System32\svchost.exe (3492)

C:\Windows\System32\svchost.exe (2504)

C:\Program Files\Internet Explorer\iexplore.exe (5140)

C:\Program Files\Internet Explorer\iexplore.exe (5188)

C:\Windows\system32\WUDFHost.exe (2580)

C:\Windows\system32\SearchProtocolHost.exe (3988)

C:\Windows\system32\SearchFilterHost.exe (4236)

C:\Windows\system32\wbem\wmiprvse.exe (5820)

C:\UsbFix\UsbFix.exe (5636)

################## | Files # Infected Folders |

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

Felipe_88 · Dezembro 13, 2011

Manain,

Desculpe a demora...

* Execute o UsbFix e clique [supressão]

*Ao finalizar, cole o relatório apresentado

E informe situação atual do PC;

Manain · Dezembro 17, 2011

Segue relatorio USBfix, ja consigo criar atalhos, mas ainda não consigo fazer pesquisa de arquivos e documentos.

############################## | UsbFix V 7.072 | [Deletion]

User: nando (Administrator) # ACER5920

Updated 04/12/2011 by El Desaparecido

Started at 21:42:14 | 16/12/2011

Website: http://eldesaparecido.com

Suspicious file ? : http://eldesaparecido.com/support.php

Contact: contact@eldesaparecido.com

PC: Acer, inc. (Aspire 5920 ) (X86-based PC) # Desktop Computer

CPU: Intel® Core2 Duo CPU T5450 @ 1.66GHz (1667)

RAM -> [ Total : 2038 | Free : 1104 ]

BIOS: ZD1 v1.3710 3G10

BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #

WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [ Enabled ]

WU: Windows Update Service [ Enabled ]

AV: avast! Antivirus [ Enabled | Updated ]

FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Fixed drive # 149 Gb (27 Mb free - 18%) [] # NTFS

D:\ -> CD-ROM

################## | Active Processes |

C:\Windows\system32\csrss.exe (432)

C:\Windows\system32\csrss.exe (488)

C:\Windows\system32\wininit.exe (496)

C:\Windows\system32\services.exe (564)

C:\Windows\system32\winlogon.exe (572)

C:\Windows\system32\lsass.exe (608)

C:\Windows\system32\lsm.exe (620)

C:\Windows\system32\svchost.exe (716)

C:\Windows\system32\svchost.exe (804)

C:\Windows\System32\svchost.exe (856)

C:\Windows\System32\svchost.exe (924)

C:\Windows\system32\svchost.exe (952)

C:\Windows\system32\svchost.exe (1220)

C:\Windows\system32\svchost.exe (1364)

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1464)

C:\Windows\System32\spoolsv.exe (1764)

C:\Windows\system32\svchost.exe (1792)

C:\Windows\system32\svchost.exe (1884)

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (1944)

C:\Windows\System32\svchost.exe (2012)

C:\Windows\system32\IoctlSvc.exe (324)

C:\Windows\System32\svchost.exe (444)

C:\Windows\system32\DRIVERS\xaudio.exe (604)

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2252)

C:\Windows\system32\svchost.exe (2412)

C:\Windows\system32\svchost.exe (2532)

C:\Windows\system32\svchost.exe (2964)

C:\Windows\system32\svchost.exe (3100)

C:\Windows\System32\svchost.exe (3268)

C:\Program Files\Windows Media Player\wmpnetwk.exe (3308)

C:\Windows\system32\SearchIndexer.exe (3356)

C:\Windows\system32\taskhost.exe (2320)

C:\Windows\system32\Dwm.exe (1140)

C:\Windows\Explorer.EXE (2692)

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3136)

C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3184)

C:\Program Files\Windows Sidebar\sidebar.exe (3124)

C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3284)

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1132)

C:\Windows\System32\svchost.exe (3748)

C:\Program Files\Internet Explorer\iexplore.exe (1400)

C:\Program Files\Internet Explorer\iexplore.exe (3092)

C:\UsbFix\UsbFix.exe (2224)

C:\Windows\system32\wbem\wmiprvse.exe (2244)

C:\Program Files\Internet Explorer\iexplore.exe (1340)

C:\Windows\system32\SearchProtocolHost.exe (2360)

C:\Windows\system32\SearchFilterHost.exe (2840)

################## | Stopped processes |

Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1464)

Stopped! C:\Windows\System32\spoolsv.exe (1764)

Stopped! C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (1944)

Stopped! C:\Windows\system32\IoctlSvc.exe (324)

Stopped! C:\Windows\system32\DRIVERS\xaudio.exe (604)

Stopped! C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2252)

Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3308)

Stopped! C:\Windows\system32\SearchIndexer.exe (3356)

Stopped! C:\Windows\system32\taskhost.exe (2320)

Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3136)

Stopped! C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3184)

Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (3124)

Stopped! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3284)

Stopped! C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1132)

Stopped! C:\Program Files\Internet Explorer\iexplore.exe (1400)

Stopped! C:\Program Files\Internet Explorer\iexplore.exe (3092)

Stopped! C:\Program Files\Internet Explorer\iexplore.exe (1340)

Stopped! C:\Windows\system32\SearchProtocolHost.exe (2360)

Stopped! C:\Windows\system32\SearchFilterHost.exe (2840)

################## | Files # Infected Folders |

Deleted ! C:\$RECYCLE.BIN\S-1-5-20

Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1593618484-1684749056-4021839093-1000

Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1593618484-1684749056-4021839093-501

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Listing |

[27/01/2010 - 21:11:47 | D ] C:\$AVG

[16/12/2011 - 21:50:26 | SHD ] C:\$RECYCLE.BIN

[27/11/2011 - 23:36:52 | N | 4692] C:\Ad-Report-CLEAN[1].txt

[29/04/2011 - 11:58:14 | D ] C:\Arquivos de Programas

[10/06/2009 - 19:42:20 | N | 24] C:\autoexec.bat

[06/09/2011 - 16:28:13 | N | 87] C:\baixadll_log_terça-feira.log

[22/04/2011 - 03:09:02 | D ] C:\BKPHDEXTERNO

[15/03/2010 - 16:33:36 | D ] C:\Boot

[18/01/2010 - 18:13:20 | N | 211] C:\Boot.BAK

[19/01/2010 - 01:49:17 | N | 355] C:\Boot.ini.saved

[28/10/2001 - 10:06:10 | N | 4952] C:\Bootfont.bin

[13/07/2009 - 23:38:58 | RASH | 383562] C:\bootmgr

[15/03/2010 - 16:33:40 | N | 8192] C:\BOOTSECT.BAK

[22/09/2011 - 19:14:42 | D ] C:\ComboFix

[22/09/2011 - 19:14:37 | N | 13324] C:\ComboFix.txt

[18/01/2010 - 18:18:17 | N | 0] C:\CONFIG.001

[10/06/2009 - 19:42:20 | N | 10] C:\CONFIG.002

[16/11/2011 - 22:48:33 | D ] C:\Config.Msi

[08/11/2011 - 06:50:15 | N | 2590] C:\CONFIG.SYS

[09/11/2010 - 10:18:23 | D ] C:\contratos

[14/07/2009 - 02:53:55 | SHD ] C:\Documents and Settings

[21/09/2011 - 17:46:07 | D ] C:\Downloads

[14/03/2010 - 13:01:15 | D ] C:\found.000

[15/03/2010 - 18:42:29 | N | 203372] C:\grldr

[16/12/2011 - 21:18:40 | ASH | 1603084288] C:\hiberfil.sys

[23/11/2011 - 07:44:22 | N | 388608] C:\HiJackThis.exe

[23/11/2011 - 07:44:56 | N | 6696] C:\hijackthis.log

[22/01/2010 - 12:02:48 | D ] C:\Intel

[18/01/2010 - 18:18:17 | N | 0] C:\IO.SYS

[15/03/2010 - 22:47:30 | N | 7] C:\ISACER.id

[18/01/2010 - 18:18:17 | N | 0] C:\MSDOS.SYS

[20/01/2010 - 11:51:37 | RD ] C:\MSOCache

[05/01/2002 - 04:37:28 | N | 344064] C:\msvcr70.dll

[03/08/2004 - 23:38:34 | N | 47564] C:\NTDETECT.COM

[03/08/2004 - 23:59:34 | N | 251168] C:\ntldr

[30/04/2010 - 17:12:53 | N | 36746] C:\P1005.log

[16/12/2011 - 21:18:44 | ASH | 2137448448] C:\pagefile.sys

[29/05/2010 - 17:32:49 | D ] C:\PARTIDOS_ELEITORAIS_2008

[14/07/2009 - 00:37:05 | D ] C:\PerfLogs

[23/04/2011 - 02:50:29 | D ] C:\PFiles

[04/12/2011 - 22:13:09 | D ] C:\Program Files

[22/04/2011 - 03:01:52 | D ] C:\Program Files (x86)

[04/12/2011 - 21:53:06 | D ] C:\ProgramData

[22/09/2011 - 19:14:40 | D ] C:\Qoobox

[15/03/2010 - 16:05:02 | D ] C:\Recovery

[14/04/2011 - 20:53:07 | D ] C:\relatorios

[09/04/2011 - 17:48:47 | D ] C:\SPCP

[15/12/2011 - 08:34:17 | SHD ] C:\System Volume Information

[31/03/2011 - 07:17:15 | D ] C:\Temp

[09/07/2010 - 16:56:43 | D ] C:\trat_erro

[06/07/2011 - 14:22:03 | D ] C:\UniScan

[16/12/2011 - 21:50:26 | D ] C:\UsbFix

[16/12/2011 - 21:42:53 | A | 7513] C:\UsbFix.txt

[24/07/2011 - 14:43:03 | D ] C:\Users

[09/07/2010 - 16:56:43 | D ] C:\webmatic

[15/03/2010 - 18:42:30 | N | 12] C:\win7.ld

[16/12/2011 - 21:18:40 | D ] C:\Windows

[20/11/2011 - 10:52:58 | D ] D:\Musicas para Ensaiar

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_ACER5920.zip

http://eldesaparecido.com/upload.html

Thank you for your contribution.

################## | Reboot |

(!) The computer was restarted.

################## | E.O.F |

Manain · Dezembro 17, 2011

Ratificando a ultima resposta.

Ainda não consigo criar atalhos e nem efetuar pesqisas.

Manain

DigRam · Janeiro 18, 2012

Ratificando a ultima resposta.

Ainda não consigo criar atalhos e nem efetuar pesqisas.

Manain

Boa Tarde! Manain

|- O colega Felipe_88,devido aos seus estudos,encontra-se impossibilitado de dar prosseguimento ao Tópico. Caso queira continuar a análise,poste um novo log do HijackThis.

Abraços!

Manain · Janeiro 28, 2012

Segue novo Log para continuação

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:32:42, on 28/01/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll

O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe