[Arquivado] Antes que eu jogue o PC pela janela

[DiMinas 6]

Quem é vivo sempre aparece. Já agradecendo.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:25:30, on 24/06/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\ProgramData\eType Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\etypemngr.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.com?type=888596&fr=spigot-yhp-ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDzz0EtCtB0E0DzytCyD0DtN0D0Tzu0CtBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1851625246

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\7.2\searchmeToolbarIE.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: PescaOferta.BHO - {82a872ec-6558-462e-a886-9d1ba84b26e1} - mscoree.dll (file missing)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\7.2\searchmeToolbarIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)

O3 - Toolbar: SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files\SearchMe Toolbar\IE\7.2\searchmeToolbarIE.dll

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [Google Update] "C:\Users\Computador 01\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-1837951796-2339179544-2921579888-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1837951796-2339179544-2921579888-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\System32\C2MP\UpdateChecker.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\etypem~1\261339~1.144\{16cdf~1\etypem~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: eType Manager - Unknown owner - C:\ProgramData\eType Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\etypemngr.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--

End of file - 8948 bytes

[wings 22]

Olá DiMinas

 

 

:seta: Baixe o Zoek (...de Smeenk) e salve-o no Desktop (Área de Trabalho)

*Clique com o botão direito do mouse no Zoek e selecione Executar como administrador

*Cole as linhas em marrom no espaço

startupall;
autoclean;
filesrcm;
emptyalltemp;

*Clique [Run Script]

*Durante o scan serão apresentadas as seguintes informações:

Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Aguarde o término....Pode demorar! Tenha paciência.

*O relatório final será apresentado. Feche-o.

*Caso a reinicialização do PC seja solicitada, clique [OK] para reiniciar

 

 

 

:seta: Acesse http://cjoint.com/'>este link

*Clique [selecionar arquivo...]

*Localize o relatório C:\zoek-results.txt e clique [Abrir]

*Selecione 4 jours

*Clique [Créer le lien Cjoint]

http://imgbox.com/aby4NIZG'>

*Cole o link criado ao lado de Le lien a été créé:

http://imgbox.com/acrVh6GY'>

 

 

:seta: Baixe o AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o e clique [Remover]



*Salve qualquer trabalho aberto, feche o seu navegador e clique [OK]



*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar

*Cole o relatório apresentado

[DiMinas 6]

wings,

Só não entendi a parte:

*Cole o link criado ao lado de Le lien a été créé:

 

Colar o link aonde?

Sendo assim, segue:

http://cjoint.com/data3/3FzqXVZpLru.htm

# AdwCleaner v2.303 - Relatório criado em 25/06/2013 às 11:52:51

# Atualizado em 08/06/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate (32 bits)

# Usuário : Computador 01 - LANHOUSE07

# Modo de Boot : Normal

# Executado de : C:\Users\Computador 01\Downloads\AdwCleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Removido Durante o reboot : C:\ProgramData\eType Manager

***** [Registro] *****

Chave Removida : HKCU\Software\5a2dddabd3de915

Chave Removida : HKCU\Software\AppDataLow\Software\Crossrider

Chave Removida : HKCU\Software\AppDataLow\Software\Search Settings

Chave Removida : HKCU\Software\BabSolution

Chave Removida : HKCU\Software\Conduit

Chave Removida : HKCU\Software\Cr_Installer

Chave Removida : HKCU\Software\DataMngr

Chave Removida : HKCU\Software\DataMngr_Toolbar

Chave Removida : HKCU\Software\Funmoods

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

Chave Removida : HKCU\Software\Savings Sidekick

Chave Removida : HKCU\Software\Search Settings

Chave Removida : HKCU\Software\Softonic

Chave Removida : HKLM\SOFTWARE\5a2dddabd3de915

Chave Removida : HKLM\Software\Application Updater

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Chave Removida : HKLM\SOFTWARE\Classes\f

Chave Removida : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Chave Removida : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Chave Removida : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Chave Removida : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Chave Removida : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Chave Removida : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Chave Removida : HKLM\Software\DataMngr

Chave Removida : HKLM\Software\Iminent

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Chave Removida : HKLM\Software\Search Settings

Dados Removida : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\etypem~1\261339~1.144\{16cdf~1\etypem~1.dll

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16446

[OK] Registro está limpo.

-\\ Mozilla Firefox v21.0 (pt-BR)

Arquivo : C:\Users\Computador 01\AppData\Roaming\Mozilla\Firefox\Profiles\szdrazno.default\prefs.js

[OK] Arquivo está limpo.

-\\ Google Chrome v27.0.1453.116

Arquivo : C:\Users\Computador 01\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [6709 octets] - [25/06/2013 11:52:51]

########## EOF - C:\AdwCleaner[s1].txt - [6769 octets] ##########

[wings 22]

Você executou o Zoek conforme orientei?

*Clique com o botão direito do mouse no Zoek e selecione Executar como administrador

O relatório não consta isso.

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.