Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

GildazioJr

[Arquivado] Pc Infectado

Recommended Posts

Bom dia amigos, gostaria que se possivel fizessem uma analize de meu log,

minha maquina esta com virus, avast identificou mais nao tomou nenhuma açao, fiz o escaneamento

ao reiniciar tambem nao foi encontrado nada, mas o pc esta travando, fico no aguardo, desde ja, obrigado!

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:49:41, on 27/7/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Java\jre1.5.0_15\bin\jucheck.exe

C:\Arquivos de programas\Microsoft\BingBar\7.1.382.0\SeaPort.exe

C:\Documents and Settings\Cliente\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\regsvr32.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Arquivos de programas\Microsoft\BingBar\7.1.382.0\BingExt.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Arquivos de programas\Microsoft\BingBar\7.1.382.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background

O4 - HKCU\..\Run: [Control Panel] C:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Windows\DeployWinRE_x86.cpl

O4 - HKCU\..\Run: [wx2] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx2.cpl

O4 - HKCU\..\Run: [wx3] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx3.cpl

O4 - HKCU\..\Run: [wx7] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx7.cpl

O4 - HKCU\..\Run: [systema] C:\hudson2802b9b9\syscda.cpl

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted IP range: http://10.1.1.50

O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} (DVR4204 Client Control) - http://10.1.1.50:8000/EDVR.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2FBF37EF-FE9B-41F6-A904-4EF431BEB198}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{41B986BA-2A30-4ACC-8A2C-ACAFCADEB60B}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{71CC186B-4889-4F1B-8EE2-36BA7B8E7CB3}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{77B76B09-AD8C-4626-A83B-6A2283C5FB80}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{EF360602-EBFE-4F18-ACE1-C052FDBD6284}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 11769 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! GildazioJr

 

Bom dia amigos, gostaria que se possivel fizessem uma analize de meu log,

minha maquina esta com virus, avast identificou mais nao tomou nenhuma açao, fiz o escaneamento

|- Poste um "Print" dessa detecção,pelo seu antivírus.

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe --> Executar: c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

 

OTL_Configuracao.jpg >> OTL_Padrao.jpg

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

OTL_SemExt2.jpg

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

netsvcs

%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_64\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

uninst.exe

/md5stop

regedit /e c:\registrybackup.reg /c

%systemroot%\system32\tasks\*.* /s /64

%systemroot%\system32\Tasks\*.* /s

%windir%\tasks\*.* /s

6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar: OTL_Verificar.jpg

 

|- Concluindo,poste o relatório: OTL.txt

|- Para grandes relatórios,acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro DigRam, muito obrigado pela ajuda, em relaçao ao print nao apareceu mais a mensagem do avast, apenas do lado da seta fica como se tivesse carregando algo todo tempo, aquela ampulheta fica piscando.

 

Ai vai o log http://cjoint.com/?0GEqKshWYgG

 

Abraço.

 

Boa Noite! GildazioJr

 

 

|- Poste um "Print" dessa detecção,pelo seu antivírus.

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe --> Executar: c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

 

OTL_Configuracao.jpg >> OTL_Padrao.jpg

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

OTL_SemExt2.jpg

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

 

6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar: OTL_Verificar.jpg

 

|- Concluindo,poste o relatório: OTL.txt

|- Para grandes relatórios,acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! GildazioJr

 

Módulo arquivos do Avast,trava ao escanear plugins de segurança bancária.( Ampulheta piscando! )

Avast_Sf_bin.jpg

 

|- Neste caso,teremos o "sf.bin" causando consumo excessivo de memória,tal como indicado na screenshot.

|- A solução pode ter 2 caminhos:

 

|- <1> Desmarcar a opção: "Utilizar Emulação de Código"

|- <2> Colocar o arquivo que está ocasionando o problema,nas exclusões do Avast. ( Módulos residentes -> Módulo Arquivos -> Último arquivo escaneado )

 

Maiores detalhes: Sf.bin usando muito processador

 

-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Suppression.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108380&tt=111110_def&babsrc=SP_ss&mntrId=2802b9b9000000000000001bfc0cbf9d

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..extensions.enabledItems: {12fc3d37-2a42-4fe3-8489-81296878cba5}:2.5.8.6

FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=108380&tt=111110_def&babsrc=adbartrp&mntrId=2802b9b9000000000000001bfc0cbf9d&q="

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

[2011/12/20 12:06:23 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011/06/27 12:19:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com

[2012/01/11 11:25:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com

[2011/12/20 12:06:27 | 000,002,350 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\babylon.xml

[2011/12/20 12:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

[2011/12/20 12:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Babylon

[2011/12/27 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\BabylonToolbar

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll File not found

3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O3 - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [systema] C:\hudson2802b9b9\syscda.cpl File not found

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [wx2] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx2.cpl File not found

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [wx3] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx3.cpl File not found

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [wx7] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx7.cpl File not found

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

:reg

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1746A03-D32B-4F6E-8D81-777964E6FE90}]

 

:Commands

[CREATERESTOREPOINT]

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

OTL_RunFix.jpg

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde DigRam, tentei as duas alternativas para o problema da 'ampulheta', porem nao obtive sucesso, ai vao os logs.

 

Abaixo o Log do ADWCLEANER

 

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 15:57:34

# Updated 20/07/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Cliente - HUDSON

# Running from : C:\Documents and Settings\Cliente\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Documents and Settings\Cliente\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\Cliente\Dados de aplicativos\BabylonToolbar

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\DealPly

Folder Deleted : C:\Arquivos de programas\Babylon

Folder Deleted : C:\Arquivos de programas\BabylonToolbar

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Arquivos de programas\DealPly

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2552374

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKLM\SOFTWARE\Wise Solutions

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.5730.13

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_Prot --> hxxp://www.google.com

 

*************************

 

AdwCleaner[s1].txt - [7799 octets] - [30/07/2012 15:57:34]

 

########## EOF - C:\AdwCleaner[s1].txt - [7927 octets] ##########

 

Log do OTL

 

All processes killed

========== OTL ==========

HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!

HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588" removed from browser.search.defaulturl

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: {12fc3d37-2a42-4fe3-8489-81296878cba5}:2.5.8.6 removed from extensions.enabledItems

Prefs.js: "http://search.babylon.com/?AF=108380&tt=111110_def&babsrc=adbartrp&mntrId=2802b9b9000000000000001bfc0cbf9d&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com folder moved successfully.

File C:\Arquivos de programas\mozilla firefox\searchplugins\babylon.xml not found.

Folder C:\Documents and Settings\All Users\Dados de aplicativos\Babylon\ not found.

Folder C:\Documents and Settings\Cliente\Dados de aplicativos\Babylon\ not found.

Folder C:\Documents and Settings\Cliente\Dados de aplicativos\BabylonToolbar\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Systema deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wx2 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wx3 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wx7 deleted successfully.

C:\WINDOWS\002881_.tmp deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\SET201.tmp deleted successfully.

C:\WINDOWS\System32\SET3A.tmp deleted successfully.

C:\WINDOWS\System32\SET3C.tmp deleted successfully.

C:\WINDOWS\System32\SET40.tmp deleted successfully.

C:\WINDOWS\System32\SET48.tmp deleted successfully.

C:\WINDOWS\System32\SET85.tmp deleted successfully.

C:\WINDOWS\System32\SET86.tmp deleted successfully.

C:\WINDOWS\System32\SET87.tmp deleted successfully.

C:\WINDOWS\System32\SET8F.tmp deleted successfully.

C:\WINDOWS\System32\SET95.tmp deleted successfully.

C:\WINDOWS\System32\SET97.tmp deleted successfully.

C:\WINDOWS\System32\SET98.tmp deleted successfully.

C:\WINDOWS\System32\SET9E.tmp deleted successfully.

C:\WINDOWS\System32\SET9F.tmp deleted successfully.

C:\WINDOWS\System32\SETA0.tmp deleted successfully.

C:\WINDOWS\System32\SETA4.tmp deleted successfully.

C:\WINDOWS\System32\SETA7.tmp deleted successfully.

C:\WINDOWS\System32\SETA8.tmp deleted successfully.

C:\WINDOWS\System32\SETAA.tmp deleted successfully.

C:\WINDOWS\System32\SETAF.tmp deleted successfully.

C:\WINDOWS\System32\SETB3.tmp deleted successfully.

C:\WINDOWS\System32\SETE.tmp deleted successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1746A03-D32B-4F6E-8D81-777964E6FE90}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1746A03-D32B-4F6E-8D81-777964E6FE90}\ not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 588548 bytes

->Temporary Internet Files folder emptied: 112094 bytes

->FireFox cache emptied: 8648893 bytes

->Flash cache emptied: 456 bytes

 

User: All Users

 

User: Cliente

->Temp folder emptied: 541605856 bytes

->Temporary Internet Files folder emptied: 15866174 bytes

->Java cache emptied: 1572285 bytes

->FireFox cache emptied: 359509769 bytes

->Flash cache emptied: 1446 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 8265934 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 333909 bytes

RecycleBin emptied: 138564 bytes

 

Total Files Cleaned = 893,00 mb

 

 

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_160223

 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

[2012/07/30 16:09:26 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

 

Registry entries deleted on Reboot...

 

 

 

Boa Tarde! GildazioJr

 

 

Avast_Sf_bin.jpg

 

|- Neste caso,teremos o "sf.bin" causando consumo excessivo de memória,tal como indicado na screenshot.

|- A solução pode ter 2 caminhos:

 

|- <1> Desmarcar a opção: "Utilizar Emulação de Código"

|- <2> Colocar o arquivo que está ocasionando o problema,nas exclusões do Avast. ( Módulos residentes -> Módulo Arquivos -> Último arquivo escaneado )

 

Maiores detalhes: Sf.bin usando muito processador

 

-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Suppression.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

 

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

OTL_RunFix.jpg

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! GildazioJr

 

Boa tarde DigRam, tentei as duas alternativas para o problema da 'ampulheta', porem nao obtive sucesso, ai vao os logs.

|- Qual a versão do seu Avast?

 

|- Baixe: < ZHPDiag_Silent.jpg > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam

 

Versão do Meu avast é 6.0.1289

Versão de Definiçoes de virus 120730-0

 

Link gerado:

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120730_r6u9q5x146

 

Abraços

 

 

Boa Noite! GildazioJr

 

 

|- Qual a versão do seu Avast?

 

|- Baixe: < ZHPDiag_Silent.jpg > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! GildazioJr

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_logo.jpg >> Administrador_Exec.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\rundll32.exe [0] [PID.]

O4 - Global Startup: C:\Documents And Settings\Cliente\Desktop\Atalho para Ajuda e suporte.lnk - Orphean Key

O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)

O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)

O42 - Logiciel: Optimization System Earnforfun. - (.Unknown owner.) [HKLM] -- uiqweswordfinxvjk

O43 - CFD: 27/9/2011 - 09:21:53 - [0] ----D C:\Arquivos de programas\rkfree => Infection Keylog (Keylogger.Logixoft)

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\drivers\Descompacx.exe" [Enabled] .(...) -- C:\WINDOWS\system32\drivers\Descompacx.exe (.not file.)

O47 - AAKE:Key Export DP - "C:\WINDOWS\system32\drivers\Descompacx.exe" [Enabled] .(...) -- C:\WINDOWS\system32\drivers\Descompacx.exe (.not file.)

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKCU\Software\eMule] => eMule PeerToPeer

 

C:\Arquivos de programas\rkfree => Infection Keylog (Keylogger.Logixoft)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Conduit => Toolbar.Conduit

 

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro DigRam, ai vai o log do ZhpFIX,

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Cliente at 31/7/2012 12:18:05

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

NOT FOUND Uninstall Process: c:\windows\system32\uiqweswordfinxvjk.exe

 

========== Registry Key ==========

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uiqweswordfinxvjk]

DELETED Driver Key: InCDPass

DELETED Driver Key: InCDRm

DELETED Key*: HKCU\Software\eMule

 

========== Registry Value ==========

DELETED AAKE KeyValue: C:\WINDOWS\system32\drivers\Descompacx.exe

NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : C:\Arquivos de programas\MSN Messenger\livecall.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETED Folder: C:\Arquivos de programas\rkfree

DELETED Folder: c:\documents and settings\cliente\configurações locais\dados de aplicativos\conduit

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: c:\documents and settings\cliente\desktop\atalho para ajuda e suporte.lnk

NOT FOUND File: c:\windows\system32\drivers\descompacx.exe

NOT FOUND Folder/File: c:\arquivos de programas\rkfree

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

========== Other ==========

NOT SUPPORTED ystem32\rundll32.exe

 

 

========== Summary ==========

4 : Registry Key

14 : Registry Value

4 : Repertory

5 : File

1 : Software

1 : Restoration

1 : Other

 

 

End of clean in 00mn 41s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 31/7/2012 12:18:05 [2264]

 

 

Ps.: ô ampulhetazinha chata. rsrsrs

Abraços.

 

Boa Noite! GildazioJr

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_logo.jpg >> Administrador_Exec.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

 

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! GildazioJr

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

-/-

 

|- Seus logs estão limpos!

|- Quanto ao Avast,faça aqui seu registro,e relate esses sintomas que ocorre com seu AV. Ou mude de antivírus,até que venha uma solução definitiva para o Avast e seu Emulador de código problemático.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde DigRam, muito obrigado pela ajuda, a respeito da 'ampulheta' creio que descobri do que se trata, como seguem as imagens, ao analisar os processos vigentes constatei que ao 'Finalizar o Processo': 'rundll32.exe' a ampulheta parava de piscar, fiz ainda uma pesquisa de onde se encontrava o suposto arquivo, o que poderia ser?

 

Imagens:

 

http://cjoint.com/?0GFvNcsaWqL

 

http://cjoint.com/?0GFvTrREBcu

 

 

 

 

Abaixo um novo log do hijackthis para efeito de conclusao:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:38:26, on 31/7/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Documents and Settings\Cliente\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\regsvr32.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Control Panel] C:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Windows\DeployWinRE_x86.cpl

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted IP range: http://10.1.1.50

O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} (DVR4204 Client Control) - http://10.1.1.50:8000/EDVR.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2FBF37EF-FE9B-41F6-A904-4EF431BEB198}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{41B986BA-2A30-4ACC-8A2C-ACAFCADEB60B}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{71CC186B-4889-4F1B-8EE2-36BA7B8E7CB3}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{77B76B09-AD8C-4626-A83B-6A2283C5FB80}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{EF360602-EBFE-4F18-ACE1-C052FDBD6284}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 9419 bytes

 

 

Abraços!

 

Boa Tarde! GildazioJr

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

-/-

 

|- Seus logs estão limpos!

|- Quanto ao Avast,faça aqui seu registro,e relate esses sintomas que ocorre com seu AV. Ou mude de antivírus,até que venha uma solução definitiva para o Avast e seu Emulador de código problemático.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! GildazioJr

 

|- Vamos,então,investigá-los pelo Jotti.

 

|- Acesse: 5ddd15a0a515ee4d2c0ec8b4dcd87f0892b31334364ee054c605f091c3a9d7ad6g.jpg

 

83e4aac23f4afef13a3ebabeac5a83a9c3d09bc26d01ffd8e9659b806fce2f476g.jpg

 

|- Em "Arquivo para verificar",coloque:

 

|- <1> C:\WINDOWS\system32\rundll32.exe

 

|- Ao concluir,coloque:

 

|- <2> C:\WINDOWS\ServicePackFiles\i386\rundll32.exe

 

|- Ao conclui,coloque:

 

|- <3> C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\rundll32.exe

 

|- Clique em "Enviar".

|- Ps: Copie e poste,o resultado destes exames.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam, ai vao os resultados

- <1> C:\WINDOWS\system32\rundll32.exe

[ArcaVir]

2012-08-01 Nada encontrado

[Frisk F-Prot Antivirus]

2012-08-01 Nada encontrado

[Avast! antivirus]

2012-08-01 Nada encontrado

[F-Secure Anti-Virus]

2012-08-01 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-08-01 Nada encontrado

[G DATA]

2012-08-01 Nada encontrado

[Avira AntiVir]

2012-08-01 Nada encontrado

[ikarus]

2012-08-01 Nada encontrado

[softwin BitDefender]

2012-08-01 Nada encontrado

[Kaspersky Anti-Virus]

2012-08-01 Nada encontrado

[ClamAV]

2012-08-01 PUA.Win32.Packer.SetupExeSection

[Panda Antivirus]

2012-08-01 Nada encontrado

[CPsecure]

2012-07-30 Nada encontrado

[Quick Heal]

2012-08-01 Nada encontrado

[Dr.Web]

2012-08-01 Nada encontrado

[sophos]

2012-08-01 Nada encontrado

[Emsisoft Anti-Malware]

2012-08-01 Nada encontrado

[VirusBlokAda VBA32]

2012-08-01 Nada encontrado

[ESET]

2012-08-01 Nada encontrado

[VirusBuster]

2012-08-01 Nada encontrado

 

|- <2> C:\WINDOWS\ServicePackFiles\i386\rundll32.exe

 

[ArcaVir]

2012-08-01 Nada encontrado

[Frisk F-Prot Antivirus]

2012-08-01 Nada encontrado

[Avast! antivirus]

2012-08-01 Nada encontrado

[F-Secure Anti-Virus]

2012-08-01 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-08-01 Nada encontrado

[G DATA]

2012-08-01 Nada encontrado

[Avira AntiVir]

2012-08-01 Nada encontrado

[ikarus]

2012-08-01 Nada encontrado

[softwin BitDefender]

2012-08-01 Nada encontrado

[Kaspersky Anti-Virus]

2012-08-01 Nada encontrado

[ClamAV]

2012-08-01 PUA.Win32.Packer.SetupExeSection

[Panda Antivirus]

2012-08-01 Nada encontrado

[CPsecure]

2012-07-30 Nada encontrado

[Quick Heal]

2012-08-01 Nada encontrado

[Dr.Web]

2012-08-01 Nada encontrado

[sophos]

2012-08-01 Nada encontrado

[Emsisoft Anti-Malware]

2012-08-01 Nada encontrado

[VirusBlokAda VBA32]

2012-08-01 Nada encontrado

[ESET]

2012-08-01 Nada encontrado

[VirusBuster]

2012-08-01 Nada encontrado

 

|- <3> C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\rundll32.exe

 

[ArcaVir]

2012-08-01 Nada encontrado

[Frisk F-Prot Antivirus]

2012-08-01 Nada encontrado

[Avast! antivirus]

2012-08-01 Nada encontrado

[F-Secure Anti-Virus]

2012-08-01 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-08-01 Nada encontrado

[G DATA]

2012-08-01 Nada encontrado

[Avira AntiVir]

2012-08-01 Nada encontrado

[ikarus]

2012-08-01 Nada encontrado

[softwin BitDefender]

2012-08-01 Nada encontrado

[Kaspersky Anti-Virus]

2012-08-01 Nada encontrado

[ClamAV]

2012-08-01 PUA.Win32.Packer.SetupExeSection

[Panda Antivirus]

2012-08-01 Nada encontrado

[CPsecure]

2012-07-30 Nada encontrado

[Quick Heal]

2012-08-01 Nada encontrado

[Dr.Web]

2012-08-01 Nada encontrado

[sophos]

2012-08-01 Nada encontrado

[Emsisoft Anti-Malware]

2012-08-01 Nada encontrado

[VirusBlokAda VBA32]

2012-08-01 Nada encontrado

[ESET]

2012-08-01 Nada encontrado

[VirusBuster]

2012-08-01 Nada encontrado

Apos fazer a pesquisa, apareceu mais um arquivo, ai vai a verificaçao do mesmo.

Caminho do novo arquivo :

C:\Arquivos de Programas\Malwarebytes' Anti-Malware\Chameleon

 

[ArcaVir]

2012-07-29 Nada encontrado

[Frisk F-Prot Antivirus]

2012-07-28 Nada encontrado

[Avast! antivirus]

2012-07-29 Nada encontrado

[F-Secure Anti-Virus]

2012-07-29 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-07-29 Nada encontrado

[G DATA]

2012-07-29 Nada encontrado

[Avira AntiVir]

2012-07-29 Nada encontrado

[ikarus]

2012-07-29 Nada encontrado

[softwin BitDefender]

2012-07-29 Nada encontrado

[Kaspersky Anti-Virus]

2012-07-29 Nada encontrado

[ClamAV]

2012-07-29 Nada encontrado

[Panda Antivirus]

2012-07-29 Nada encontrado

[CPsecure]

2012-07-29 Nada encontrado

[Quick Heal]

2012-07-29 Nada encontrado

[Dr.Web]

2012-07-29 Nada encontrado

[sophos]

2012-07-29 Nada encontrado

[Emsisoft Anti-Malware]

2012-07-29 Nada encontrado

[VirusBlokAda VBA32]

2012-07-27 Nada encontrado

[ESET]

2012-07-29 Nada encontrado

[VirusBuster]

2012-07-28 Nada encontrado

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! GildazioJr

 

|- As análises aos arquivos,no site Jotti,não encontraram infecções.

 

|- Baixe: < desktopicon.png > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador.

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

 

etapas.jpg

 

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.