[Arquivado] Pc Infectado

[GildazioJr 0]

Bom dia amigos, gostaria que se possivel fizessem uma analize de meu log,

minha maquina esta com virus, avast identificou mais nao tomou nenhuma açao, fiz o escaneamento

ao reiniciar tambem nao foi encontrado nada, mas o pc esta travando, fico no aguardo, desde ja, obrigado!

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:49:41, on 27/7/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Java\jre1.5.0_15\bin\jucheck.exe

C:\Arquivos de programas\Microsoft\BingBar\7.1.382.0\SeaPort.exe

C:\Documents and Settings\Cliente\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\regsvr32.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Arquivos de programas\Microsoft\BingBar\7.1.382.0\BingExt.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Arquivos de programas\Microsoft\BingBar\7.1.382.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background

O4 - HKCU\..\Run: [Control Panel] C:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Windows\DeployWinRE_x86.cpl

O4 - HKCU\..\Run: [wx2] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx2.cpl

O4 - HKCU\..\Run: [wx3] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx3.cpl

O4 - HKCU\..\Run: [wx7] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx7.cpl

O4 - HKCU\..\Run: [systema] C:\hudson2802b9b9\syscda.cpl

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted IP range: http://10.1.1.50

O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} (DVR4204 Client Control) - http://10.1.1.50:8000/EDVR.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2FBF37EF-FE9B-41F6-A904-4EF431BEB198}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{41B986BA-2A30-4ACC-8A2C-ACAFCADEB60B}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{71CC186B-4889-4F1B-8EE2-36BA7B8E7CB3}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{77B76B09-AD8C-4626-A83B-6A2283C5FB80}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{EF360602-EBFE-4F18-ACE1-C052FDBD6284}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 11769 bytes

[DigRam 144]

Boa Noite! GildazioJr

 

Bom dia amigos, gostaria que se possivel fizessem uma analize de meu log,

minha maquina esta com virus, avast identificou mais nao tomou nenhuma açao, fiz o escaneamento

|- Poste um "Print" dessa detecção,pelo seu antivírus.

 

|- Baixe: < > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < >

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe --> Executar:

 

>>

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

netsvcs

%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_64\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

uninst.exe

/md5stop

regedit /e c:\registrybackup.reg /c

%systemroot%\system32\tasks\*.* /s /64

%systemroot%\system32\Tasks\*.* /s

%windir%\tasks\*.* /s

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar:

 

|- Concluindo,poste o relatório: OTL.txt

|- Para grandes relatórios,acesse: < >

 

|- Maiores informações: < |Link| >

 

Abraços!

[GildazioJr 0]

Caro DigRam, muito obrigado pela ajuda, em relaçao ao print nao apareceu mais a mensagem do avast, apenas do lado da seta fica como se tivesse carregando algo todo tempo, aquela ampulheta fica piscando.

 

Ai vai o log http://cjoint.com/?0GEqKshWYgG

 

Abraço.

 

Boa Noite! GildazioJr

 

 

|- Poste um "Print" dessa detecção,pelo seu antivírus.

 

|- Baixe: < > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < >

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe --> Executar:

 

>>

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

 

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar:

 

|- Concluindo,poste o relatório: OTL.txt

|- Para grandes relatórios,acesse: < >

 

|- Maiores informações: < |Link| >

 

Abraços!

[DigRam 144]

Boa Tarde! GildazioJr

 

Módulo arquivos do Avast,trava ao escanear plugins de segurança bancária.( Ampulheta piscando! )

 

|- Neste caso,teremos o "sf.bin" causando consumo excessivo de memória,tal como indicado na screenshot.

|- A solução pode ter 2 caminhos:

 

|- <1> Desmarcar a opção: "Utilizar Emulação de Código"

|- <2> Colocar o arquivo que está ocasionando o problema,nas exclusões do Avast. ( Módulos residentes -> Módulo Arquivos -> Último arquivo escaneado )

 

Maiores detalhes: Sf.bin usando muito processador

 

-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108380&tt=111110_def&babsrc=SP_ss&mntrId=2802b9b9000000000000001bfc0cbf9d

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..extensions.enabledItems: {12fc3d37-2a42-4fe3-8489-81296878cba5}:2.5.8.6

FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=108380&tt=111110_def&babsrc=adbartrp&mntrId=2802b9b9000000000000001bfc0cbf9d&q="

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

[2011/12/20 12:06:23 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011/06/27 12:19:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com

[2012/01/11 11:25:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com

[2011/12/20 12:06:27 | 000,002,350 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\babylon.xml

[2011/12/20 12:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

[2011/12/20 12:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Babylon

[2011/12/27 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\BabylonToolbar

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll File not found

3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O3 - HKU\S-1-5-21-1614895754-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [systema] C:\hudson2802b9b9\syscda.cpl File not found

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [wx2] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx2.cpl File not found

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [wx3] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx3.cpl File not found

O4 - HKU\S-1-5-21-1614895754-651377827-725345543-1003..\Run: [wx7] C:\Documents and Settings\Cliente\Dados de aplicativos\HUDSON\wx7.cpl File not found

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

:reg

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1746A03-D32B-4F6E-8D81-777964E6FE90}]

 

:Commands

[CREATERESTOREPOINT]

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

[GildazioJr 0]

Boa tarde DigRam, tentei as duas alternativas para o problema da 'ampulheta', porem nao obtive sucesso, ai vao os logs.

 

Abaixo o Log do ADWCLEANER

 

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 15:57:34

# Updated 20/07/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Cliente - HUDSON

# Running from : C:\Documents and Settings\Cliente\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Documents and Settings\Cliente\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\Cliente\Dados de aplicativos\BabylonToolbar

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\DealPly

Folder Deleted : C:\Arquivos de programas\Babylon

Folder Deleted : C:\Arquivos de programas\BabylonToolbar

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Arquivos de programas\DealPly

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2552374

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKLM\SOFTWARE\Wise Solutions

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.5730.13

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_Prot --> hxxp://www.google.com

 

*************************

 

AdwCleaner[s1].txt - [7799 octets] - [30/07/2012 15:57:34]

 

########## EOF - C:\AdwCleaner[s1].txt - [7927 octets] ##########

 

Log do OTL

 

All processes killed

========== OTL ==========

HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!

HKU\S-1-5-21-1614895754-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588" removed from browser.search.defaulturl

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: {12fc3d37-2a42-4fe3-8489-81296878cba5}:2.5.8.6 removed from extensions.enabledItems

Prefs.js: "http://search.babylon.com/?AF=108380&tt=111110_def&babsrc=adbartrp&mntrId=2802b9b9000000000000001bfc0cbf9d&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\engine@conduit.com folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\0x2a7vfm.default\extensions\ffxtlbr@babylon.com folder moved successfully.

File C:\Arquivos de programas\mozilla firefox\searchplugins\babylon.xml not found.

Folder C:\Documents and Settings\All Users\Dados de aplicativos\Babylon\ not found.

Folder C:\Documents and Settings\Cliente\Dados de aplicativos\Babylon\ not found.

Folder C:\Documents and Settings\Cliente\Dados de aplicativos\BabylonToolbar\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540008}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Systema deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wx2 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wx3 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1614895754-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wx7 deleted successfully.

C:\WINDOWS\002881_.tmp deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\SET201.tmp deleted successfully.

C:\WINDOWS\System32\SET3A.tmp deleted successfully.

C:\WINDOWS\System32\SET3C.tmp deleted successfully.

C:\WINDOWS\System32\SET40.tmp deleted successfully.

C:\WINDOWS\System32\SET48.tmp deleted successfully.

C:\WINDOWS\System32\SET85.tmp deleted successfully.

C:\WINDOWS\System32\SET86.tmp deleted successfully.

C:\WINDOWS\System32\SET87.tmp deleted successfully.

C:\WINDOWS\System32\SET8F.tmp deleted successfully.

C:\WINDOWS\System32\SET95.tmp deleted successfully.

C:\WINDOWS\System32\SET97.tmp deleted successfully.

C:\WINDOWS\System32\SET98.tmp deleted successfully.

C:\WINDOWS\System32\SET9E.tmp deleted successfully.

C:\WINDOWS\System32\SET9F.tmp deleted successfully.

C:\WINDOWS\System32\SETA0.tmp deleted successfully.

C:\WINDOWS\System32\SETA4.tmp deleted successfully.

C:\WINDOWS\System32\SETA7.tmp deleted successfully.

C:\WINDOWS\System32\SETA8.tmp deleted successfully.

C:\WINDOWS\System32\SETAA.tmp deleted successfully.

C:\WINDOWS\System32\SETAF.tmp deleted successfully.

C:\WINDOWS\System32\SETB3.tmp deleted successfully.

C:\WINDOWS\System32\SETE.tmp deleted successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1746A03-D32B-4F6E-8D81-777964E6FE90}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1746A03-D32B-4F6E-8D81-777964E6FE90}\ not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 588548 bytes

->Temporary Internet Files folder emptied: 112094 bytes

->FireFox cache emptied: 8648893 bytes

->Flash cache emptied: 456 bytes

 

User: All Users

 

User: Cliente

->Temp folder emptied: 541605856 bytes

->Temporary Internet Files folder emptied: 15866174 bytes

->Java cache emptied: 1572285 bytes

->FireFox cache emptied: 359509769 bytes

->Flash cache emptied: 1446 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 8265934 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 333909 bytes

RecycleBin emptied: 138564 bytes

 

Total Files Cleaned = 893,00 mb

 

 

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_160223

 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

[2012/07/30 16:09:26 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

 

Registry entries deleted on Reboot...

 

 

 

Boa Tarde! GildazioJr

 

 

 

|- Neste caso,teremos o "sf.bin" causando consumo excessivo de memória,tal como indicado na screenshot.

|- A solução pode ter 2 caminhos:

 

|- <1> Desmarcar a opção: "Utilizar Emulação de Código"

|- <2> Colocar o arquivo que está ocasionando o problema,nas exclusões do Avast. ( Módulos residentes -> Módulo Arquivos -> Último arquivo escaneado )

 

Maiores detalhes: Sf.bin usando muito processador

 

-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

 

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

[DigRam 144]

Boa Noite! GildazioJr

 

Boa tarde DigRam, tentei as duas alternativas para o problema da 'ampulheta', porem nao obtive sucesso, ai vao os logs.

|- Qual a versão do seu Avast?

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

[GildazioJr 0]

Boa noite DigRam

 

Versão do Meu avast é 6.0.1289

Versão de Definiçoes de virus 120730-0

 

Link gerado:

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120730_r6u9q5x146

 

Abraços

 

 

Boa Noite! GildazioJr

 

 

|- Qual a versão do seu Avast?

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

[DigRam 144]

Boa Noite! GildazioJr

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

>>

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

[MD5.E715412E47D20EB0EBF77B65F9157343] - (...) -- ystem32\rundll32.exe [0] [PID.]

O4 - Global Startup: C:\Documents And Settings\Cliente\Desktop\Atalho para Ajuda e suporte.lnk - Orphean Key

O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)

O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)

O42 - Logiciel: Optimization System Earnforfun. - (.Unknown owner.) [HKLM] -- uiqweswordfinxvjk

O43 - CFD: 27/9/2011 - 09:21:53 - [0] ----D C:\Arquivos de programas\rkfree => Infection Keylog (Keylogger.Logixoft)

O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\drivers\Descompacx.exe" [Enabled] .(...) -- C:\WINDOWS\system32\drivers\Descompacx.exe (.not file.)

O47 - AAKE:Key Export DP - "C:\WINDOWS\system32\drivers\Descompacx.exe" [Enabled] .(...) -- C:\WINDOWS\system32\drivers\Descompacx.exe (.not file.)

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKCU\Software\eMule] => eMule PeerToPeer

 

C:\Arquivos de programas\rkfree => Infection Keylog (Keylogger.Logixoft)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Conduit => Toolbar.Conduit

 

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[GildazioJr 0]

Caro DigRam, ai vai o log do ZhpFIX,

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Cliente at 31/7/2012 12:18:05

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

NOT FOUND Uninstall Process: c:\windows\system32\uiqweswordfinxvjk.exe

 

========== Registry Key ==========

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uiqweswordfinxvjk]

DELETED Driver Key: InCDPass

DELETED Driver Key: InCDRm

DELETED Key*: HKCU\Software\eMule

 

========== Registry Value ==========

DELETED AAKE KeyValue: C:\WINDOWS\system32\drivers\Descompacx.exe

NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : C:\Arquivos de programas\MSN Messenger\livecall.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETED Folder: C:\Arquivos de programas\rkfree

DELETED Folder: c:\documents and settings\cliente\configurações locais\dados de aplicativos\conduit

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: c:\documents and settings\cliente\desktop\atalho para ajuda e suporte.lnk

NOT FOUND File: c:\windows\system32\drivers\descompacx.exe

NOT FOUND Folder/File: c:\arquivos de programas\rkfree

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

========== Other ==========

NOT SUPPORTED ystem32\rundll32.exe

 

 

========== Summary ==========

4 : Registry Key

14 : Registry Value

4 : Repertory

5 : File

1 : Software

1 : Restoration

1 : Other

 

 

End of clean in 00mn 41s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 31/7/2012 12:18:05 [2264]

 

 

Ps.: ô ampulhetazinha chata. rsrsrs

Abraços.

 

Boa Noite! GildazioJr

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

>>

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

 

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[DigRam 144]

Boa Tarde! GildazioJr

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

-/-

 

|- Seus logs estão limpos!

|- Quanto ao Avast,faça aqui seu registro,e relate esses sintomas que ocorre com seu AV. Ou mude de antivírus,até que venha uma solução definitiva para o Avast e seu Emulador de código problemático.

 

Abraços!

[GildazioJr 0]

Boa Tarde DigRam, muito obrigado pela ajuda, a respeito da 'ampulheta' creio que descobri do que se trata, como seguem as imagens, ao analisar os processos vigentes constatei que ao 'Finalizar o Processo': 'rundll32.exe' a ampulheta parava de piscar, fiz ainda uma pesquisa de onde se encontrava o suposto arquivo, o que poderia ser?

 

Imagens:

 

http://cjoint.com/?0GFvNcsaWqL

 

http://cjoint.com/?0GFvTrREBcu

 

 

 

 

Abaixo um novo log do hijackthis para efeito de conclusao:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:38:26, on 31/7/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Documents and Settings\Cliente\Meus documentos\Downloads\HiJackThis.exe

C:\WINDOWS\system32\regsvr32.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_15\bin\jusched.exe"

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Control Panel] C:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Windows\DeployWinRE_x86.cpl

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted IP range: http://10.1.1.50

O16 - DPF: {7E866715-C9B6-4C64-AAB8-342E0D137213} (DVR4204 Client Control) - http://10.1.1.50:8000/EDVR.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2FBF37EF-FE9B-41F6-A904-4EF431BEB198}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{41B986BA-2A30-4ACC-8A2C-ACAFCADEB60B}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{71CC186B-4889-4F1B-8EE2-36BA7B8E7CB3}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{77B76B09-AD8C-4626-A83B-6A2283C5FB80}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{EF360602-EBFE-4F18-ACE1-C052FDBD6284}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 9419 bytes

 

 

Abraços!

 

Boa Tarde! GildazioJr

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

-/-

 

|- Seus logs estão limpos!

|- Quanto ao Avast,faça aqui seu registro,e relate esses sintomas que ocorre com seu AV. Ou mude de antivírus,até que venha uma solução definitiva para o Avast e seu Emulador de código problemático.

 

Abraços!

[DigRam 144]

Boa Tarde! GildazioJr

 

|- Vamos,então,investigá-los pelo Jotti.

 

|- Acesse:

 

 

|- Em "Arquivo para verificar",coloque:

 

|- <1> C:\WINDOWS\system32\rundll32.exe

 

|- Ao concluir,coloque:

 

|- <2> C:\WINDOWS\ServicePackFiles\i386\rundll32.exe

 

|- Ao conclui,coloque:

 

|- <3> C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\rundll32.exe

 

|- Clique em "Enviar".

|- Ps: Copie e poste,o resultado destes exames.

 

Abraços!

[GildazioJr 0]

Bom dia DigRam, ai vao os resultados

- <1> C:\WINDOWS\system32\rundll32.exe

[ArcaVir]

2012-08-01 Nada encontrado

[Frisk F-Prot Antivirus]

2012-08-01 Nada encontrado

[Avast! antivirus]

2012-08-01 Nada encontrado

[F-Secure Anti-Virus]

2012-08-01 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-08-01 Nada encontrado

[G DATA]

2012-08-01 Nada encontrado

[Avira AntiVir]

2012-08-01 Nada encontrado

[ikarus]

2012-08-01 Nada encontrado

[softwin BitDefender]

2012-08-01 Nada encontrado

[Kaspersky Anti-Virus]

2012-08-01 Nada encontrado

[ClamAV]

2012-08-01 PUA.Win32.Packer.SetupExeSection

[Panda Antivirus]

2012-08-01 Nada encontrado

[CPsecure]

2012-07-30 Nada encontrado

[Quick Heal]

2012-08-01 Nada encontrado

[Dr.Web]

2012-08-01 Nada encontrado

[sophos]

2012-08-01 Nada encontrado

[Emsisoft Anti-Malware]

2012-08-01 Nada encontrado

[VirusBlokAda VBA32]

2012-08-01 Nada encontrado

[ESET]

2012-08-01 Nada encontrado

[VirusBuster]

2012-08-01 Nada encontrado

 

|- <2> C:\WINDOWS\ServicePackFiles\i386\rundll32.exe

 

[ArcaVir]

2012-08-01 Nada encontrado

[Frisk F-Prot Antivirus]

2012-08-01 Nada encontrado

[Avast! antivirus]

2012-08-01 Nada encontrado

[F-Secure Anti-Virus]

2012-08-01 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-08-01 Nada encontrado

[G DATA]

2012-08-01 Nada encontrado

[Avira AntiVir]

2012-08-01 Nada encontrado

[ikarus]

2012-08-01 Nada encontrado

[softwin BitDefender]

2012-08-01 Nada encontrado

[Kaspersky Anti-Virus]

2012-08-01 Nada encontrado

[ClamAV]

2012-08-01 PUA.Win32.Packer.SetupExeSection

[Panda Antivirus]

2012-08-01 Nada encontrado

[CPsecure]

2012-07-30 Nada encontrado

[Quick Heal]

2012-08-01 Nada encontrado

[Dr.Web]

2012-08-01 Nada encontrado

[sophos]

2012-08-01 Nada encontrado

[Emsisoft Anti-Malware]

2012-08-01 Nada encontrado

[VirusBlokAda VBA32]

2012-08-01 Nada encontrado

[ESET]

2012-08-01 Nada encontrado

[VirusBuster]

2012-08-01 Nada encontrado

 

|- <3> C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\rundll32.exe

 

[ArcaVir]

2012-08-01 Nada encontrado

[Frisk F-Prot Antivirus]

2012-08-01 Nada encontrado

[Avast! antivirus]

2012-08-01 Nada encontrado

[F-Secure Anti-Virus]

2012-08-01 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-08-01 Nada encontrado

[G DATA]

2012-08-01 Nada encontrado

[Avira AntiVir]

2012-08-01 Nada encontrado

[ikarus]

2012-08-01 Nada encontrado

[softwin BitDefender]

2012-08-01 Nada encontrado

[Kaspersky Anti-Virus]

2012-08-01 Nada encontrado

[ClamAV]

2012-08-01 PUA.Win32.Packer.SetupExeSection

[Panda Antivirus]

2012-08-01 Nada encontrado

[CPsecure]

2012-07-30 Nada encontrado

[Quick Heal]

2012-08-01 Nada encontrado

[Dr.Web]

2012-08-01 Nada encontrado

[sophos]

2012-08-01 Nada encontrado

[Emsisoft Anti-Malware]

2012-08-01 Nada encontrado

[VirusBlokAda VBA32]

2012-08-01 Nada encontrado

[ESET]

2012-08-01 Nada encontrado

[VirusBuster]

2012-08-01 Nada encontrado

Apos fazer a pesquisa, apareceu mais um arquivo, ai vai a verificaçao do mesmo.

Caminho do novo arquivo :

C:\Arquivos de Programas\Malwarebytes' Anti-Malware\Chameleon

 

[ArcaVir]

2012-07-29 Nada encontrado

[Frisk F-Prot Antivirus]

2012-07-28 Nada encontrado

[Avast! antivirus]

2012-07-29 Nada encontrado

[F-Secure Anti-Virus]

2012-07-29 Nada encontrado

[Grisoft AVG Anti-Virus]

2012-07-29 Nada encontrado

[G DATA]

2012-07-29 Nada encontrado

[Avira AntiVir]

2012-07-29 Nada encontrado

[ikarus]

2012-07-29 Nada encontrado

[softwin BitDefender]

2012-07-29 Nada encontrado

[Kaspersky Anti-Virus]

2012-07-29 Nada encontrado

[ClamAV]

2012-07-29 Nada encontrado

[Panda Antivirus]

2012-07-29 Nada encontrado

[CPsecure]

2012-07-29 Nada encontrado

[Quick Heal]

2012-07-29 Nada encontrado

[Dr.Web]

2012-07-29 Nada encontrado

[sophos]

2012-07-29 Nada encontrado

[Emsisoft Anti-Malware]

2012-07-29 Nada encontrado

[VirusBlokAda VBA32]

2012-07-27 Nada encontrado

[ESET]

2012-07-29 Nada encontrado

[VirusBuster]

2012-07-28 Nada encontrado

 

Abraços

[DigRam 144]

Bom Dia! GildazioJr

 

|- As análises aos arquivos,no site Jotti,não encontraram infecções.

 

|- Baixe: < > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador.

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

 

 

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

 

Abraços!

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.