[Resolvido] &nbspPC desligando do nada.

[Edvan 30]

Boa tarde!

 

Minha maquina começou a desligar do nada, resolvir postar um log para analise.

 

P.S: Maquina com 1 Mes de uso.

 

Suspeita de virus.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:33:39, on 10/10/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Blok Master\ablkma.exe

C:\Windows\SysWOW64\sbma.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Edvan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\HiJackThis (1).exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Edvan\AppData\Roaming\Complitly\Complitly.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [blok Master] "C:\Program Files (x86)\Blok Master\ablkma.exe"

O4 - HKLM\..\Run: [sbma] C:\Windows\system32\sbma.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Google Update] "C:\Users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [uTorrent Acceleration Tool] "C:\Program Files (x86)\uTorrent Acceleration Tool\uTorrent Acceleration Tool.lnk" -tray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [abma] "c:\program files (x86)\blok master\ablkma.exe"

O4 - HKCU\..\Run: [sbma] C:\Windows\System32\sbma.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Recurso DVMB (ResDVMB) - Unknown owner - C:\Windows\SysWOW64\dvmb.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: System Logonb (SysLogonb) - Unknown owner - C:\Windows\SysWOW64\1021\lsass.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12131 bytes

[DigRam 144]

Boa Tarde! Edvan

 

|- Baixe: < > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

|- Baixe: | ZHPDiag2 | *ºº* < > *ºº* ( ... de Nicolas Coolman )

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

 

|-

 

|- Clique em "Calendar" e escolha 30 dias!

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Salve-o em um local conveniente! ( ZHPDiag.txt )

|- Ps: Não poste,diretamente,esse arquivo texto.

 

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse:

 

|- Ou acesse:

 

|- Maiores informações: < |Link| >

 

Abraços!

[Edvan 30]

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 18:35:21

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Edvan - EDVAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Edvan\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Program Files (x86)\Complitly

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Edvan\AppData\Local\APN

Folder Deleted : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

Folder Deleted : C:\Users\Edvan\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Edvan\AppData\Roaming\Complitly

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_3712_4&babsrc=HP_ss&mntrId=9c04989b0000000000003085a935c190 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_3712_4&babsrc=NT_ss&mntrId=9c04989b0000000000003085a935c190 --> hxxp://www.google.com

 

-\\ Google Chrome v22.0.1229.79

 

File : C:\Users\Edvan\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [3831 octets] - [10/10/2012 18:35:21]

 

########## EOF - C:\AdwCleaner[s1].txt - [3891 octets] ##########

 

LOg do ZHPDiag.txt.

 

http://cjoint.com/12oc/BJkxR4HArAa.htm

[DigRam 144]

Boa Noite! Edvan

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Dê um duplo clique em ZHPFix.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

O4 - HKCU\..\Run: [uTorrent Acceleration Tool] C:\Program Files (x86)\uTorrent Acceleration Tool\uTorrent Acceleration Tool.lnk" -tray (.not file.)

O4 - HKCU\..\Run: [sbma] C:\Windows\System32\sbma.exe (.not file.)

O4 - HKLM\..\Wow6432Node\Run: [sbma] C:\Windows\system32\sbma.exe (.not file.)

O4 - HKUS\S-1-5-21-4069876537-3619617356-1919562461-1000\..\Run: [uTorrent Acceleration Tool] C:\Program Files (x86)\uTorrent Acceleration Tool\uTorrent Acceleration Tool.lnk" -tray (.not file.)

O4 - HKUS\S-1-5-21-4069876537-3619617356-1919562461-1000\..\Run: [sbma] C:\Windows\System32\sbma.exe (.not file.)

O43 - CFD: 16/08/2012 - 17:08:18 - [0] ----D C:\Users\Edvan\AppData\Local\Histórico

O44 - LFC:[MD5.471F90FECB011C771ACCF572AC3B7C6D] - 10/10/2012 - 13:33:39 ---A- . (...) -- C:\hijackthis.log [12133]

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell =>Hijack.Shell.Gen

 

proxyfix

emptytemp

emptyclsid

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

[Edvan 30]

Rapport de ZHPFix 1.3.04 par Nicolas Coolman, Update du 30/09/2012

Fichier d'export Registre :

Run by Edvan at 10/10/2012 21:58:08

Windows 7 Ultimate Edition, 64-bit (Build 7600)

Web site : http://nicolascoolman.skyrock.com/

 

 

 

========== Registry Value ==========

DELETED RunValue: uTorrent Acceleration Tool

DELETED RunValue: sbma

NOT FOUND RunValue: uTorrent Acceleration Tool

NOT FOUND RunValue: sbma

DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (None) : {49682D97-4670-4D39-8F3D-BC1377FA87F5}

 

========== Registry Data Items ==========

REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL

 

========== Repertory ==========

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: c:\program files (x86)\utorrent acceleration tool\utorrent acceleration tool.lnk" -tray

NOT FOUND File: c:\windows\system32\sbma.exe

DELETED File: c:\hijackthis.log

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

14 : Registry Value

1 : Registry Data Items

1 : Repertory

5 : File

1 : Restoration

 

 

End of clean in 00mn 26s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 10/10/2012 21:58:10 [1572]

 

 

Ainda tem virus DigRam? que tipo de infecção estava na maquina?

[DigRam 144]

Bom Dia! Edvan

 

Ainda tem virus DigRam? que tipo de infecção estava na maquina?

|- Teremos que rodar o Malwarebytes,pois ZHPDiag detectou um spyware ou trojan no PC. ( Hijack.Shell.Gen )

 

|- Baixe: < >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Completo!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!

 

 

|- Ao concluir,clique em "Ok" -> "Ver Resultados" -> "Remover Selecionados".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

|- Indo à janela principal do MBAM,clique na aba Logs para obter o relatório.

 

Abs!

[Edvan 30]

Então amigo, rodei ele ontem, mais nao pegou nada, por isso nao postei o log, rodei o avast em modo de segurança pegou um virus mais já excluir.

 

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.10.10.09

 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Edvan :: EDVAN-PC [administrador]

 

10/10/2012 17:00:02

mbam-log-2012-10-10 (17-00-02).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 392461

Tempo decorrido: 36 minuto(s), 49 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

 

(fim)

[DigRam 144]

Bom Dia! Edvan

 

 

|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".

 

 

|- Abra a ferramenta AdwCleaner e clique em "Uninstall".

 

-/-

 

|- Seus logs estão limpos!

|- Caso deseje nova investigação,sugiro escaneamento com EsetNod32.

 

-/-

 

|- Execute escaneamento online em | |

|- Utilize o navegador "Internet Explorer",para essa tarefa!

 

 

|- Siga,conforme a imagem,essa verificação ou scan.

|- Ao concluir,clique em "List of found threats" >> "Export to text file"

|- Salve esse texto no desktop,com o nome: Esetlog

|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.

|- Poste o relatório que estará no desktop! ( Esetlog.txt )

 

Abs!

[Edvan 30]

Estou fazendo o Scan do EsetNod32 nesse exato momento, estou acessando minha maquina remotamente e fazendo os procedimentos.

 

Desinstale ZHPDiag,clicando em "ZHP_uninstall".

 

Não encontrei o ZHP_uninstall para desinstalar, nao sei pq mais nao criou esse arquivo!

[DigRam 144]

Bom Dia! Edvan

 

Edvan, em 11 outubro 2012 - 11:25 , disse:

Não encontrei o ZHP_uninstall para desinstalar, nao sei pq mais nao criou esse arquivo!

|- Foi engano de minha parte,já que ZHP_uninstall é disponibilizado ao baixar sua versão silent.

|- Desinstale-o pelo CCleaner. ( Ferramentas -> Desinstalar )

|- Selecione-o e clique: "Executar desinstalador"

 

Abs!

[Edvan 30]

|- Foi engano de minha parte,já que ZHP_uninstall é disponibilizado ao baixar sua versão silent.

|- Desinstale-o pelo CCleaner. ( Ferramentas -> Desinstalar )

|- Selecione-o e clique: "Executar desinstalador"

 

Feito. :thumbsup:

 

 

----------------------------xxx----------------------------------------

 

C:\Users\Edvan\Desktop\Programas\Corel VideoStudio Pro X5\CorelDRAW X6 Keygen.rar a variant of Win32/Keygen.AU application deleted - quarantined

C:\Users\Edvan\Desktop\Programas\CorelDRAWGraphicsSuiteX6Installer_BR32Bit\CorelDRAW X6 Keygen.rar a variant of Win32/Keygen.AU application deleted - quarantined

C:\Users\Edvan\Desktop\Programas\N.8.2.8\Nero-8.2.8.0_ptb_br.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

C:\Windows\System32\dvmb.exe probably unknown NewHeur_PE virus deleted - quarantined

[DigRam 144]

Bom Dia! Edvan

 

|- Deixe essas detecções quarantinadas,caso não lhe sejam importantes,já que algumas parecem ser Falso positivo.

|- Caso continue os desligamentos,terás que investigar se houve recente instalação de drivers e que esteja ocasionando conflitos.

 

Abs!

[Edvan 30]

Ok. amigo, obrigado mais uma vez! :grin:

 

Esses desligamentos creio que foram conflitos mesmo, instalei o Blok Free Gratuito e o pago para testar, creio que seja isso, desinstalei o gratuito e ate agora nao desligou.

 

Pode Fechar o tópico!. :thumbsup:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.