edmls

Membro
  • Content count

    57
  • Joined

  • Last visited

Community Reputation

0 Neutral

About edmls

  • Rank
    Membro

Contact Methods

  • ICQ
    0
  1. Obrigado Elias. Até o momento o Avast não foi mais desativado e o note não desligou aleatoriamente. Você conseguiu um diagnóstico???? Porque o Adwcleaner e o mrb não haviam resolvido o problema.
  2. Boa tarde Elias, peço desculpas mais uma vez. Acho que o Adwcleaner não gerou log porque estava no modo de segurança com rede, hoje tentei ligar o note no modo normal e apareceu o log. Também tentei rodar o mrb no modo normal e ele rodou até o fim, passou pela fase de "análise heurística" e finalizou normal, não desligou o note. Também, no modo normal mandei executar o "conserto" do Avast e ele conseguiu consertar, ou seja, aparentemente, hoje deu tudo certo, neste momento estou com o note ligado há bastante tempo e não desligou (no modo normal). Estou mandando anexos os dois logs de hoje, o que apareceu hoje do Adwcleaner logo que subiu a área de trabalho, e o de hoje do mrb que rodou normal. OBS.: Só lembrando que o Adwcleaner não foi rodado hj, só o log que apareceu hoje, já o mrb foi rodado e gerado log hoje mesmo, ou seja, só o mrb que rodou e gerou log no modo normal, o outro rodou no modo seguro com rede em data anterior e gerou log hoje ao iniciar a área de trabalho no modo normal. Espero estar colaborando para o diagnóstico. Att Edmilson AdwCleanerS1.txt scanlog2.txt
  3. O Adwcleaner pediu prá reiniciar e depois de reiniciado não gerou log. O Malwarebyte não achou nada. Muito estranho!!! O JRT gerou o log anexo. Obs.: Estou trabalhando no modo seguro com rede porque no modo normal o notebook desliga antes da conclusão de qualquer um desses programas. Obs.: O antivírus AVAST ESTÁ INATIVO COM 3 MÓDULOS DESABILITADOS PELA PRAGA, NEM ADIANTA MANDAR "ARRUMAR TUDO" JRT.txt scanlog.txt
  4. https://www.virustotal.com/pt/file/e3fafd0ab43ba5a920b4e10b1d4b4be3b460bb4f6888491c29dcc4648eb2bb3a/analysis/1435331631/
  5. Notebook desliga várias vezes, exceto em modo de segurança, enquanto não roda antivírus ou antimalware. Principalmente quando o AVG tá pra terminar o scaneamento ou o malwarebyte chega na análise heurística, trabalha um pouco dai o note desliga mesmo no modo seguro. Não sei porque criou um arquivo "dump" quando rodou o mbr. Gostaria que solucionassem esse problema, se possível. Obrigado Desculpem, esqueci de informar que o Avast é desativado quando instalado e reinicia-se o note. Me desculpem também pela duplicidade de arquivos, usei o envio múltiplo achando que eliminaria o simples, isso não será repetido nos prox topicos. ZA-Scan.txt FSS.txt MbrScan.log FSS.txt MbrScan.log ZA-Scan.txt
  6. Boa noite. Obrigado Carlos Turco, agora há pouco quando liguei o pc, mais uma vez demorou um tempão para disponibilizar a área de trabalho, porém, como você já analisou o log do hijackthis, e nada constatou de suspeito, acredito que deva ser algum problema do próprio sistema ou do avast. Valeu pelo apoio e atenção, desejo que tenha uma boa carreira e logo chegue a profissional ou melhor, dentro do fórum. Como deixou aberto para pergunta sobre tecnologia, pergunto se os microfones sem fio para celular (bluetooth), servem para notebook? Obrigado.
  7. Boa tarde. Abaixo, novo log do Hijackthis. Observei que sempre o pc disponibiliza a área de trabalho já conectado à web e depois da reinicialização do "repair", ele disponibilizou desconectado. Obrigado. Logfile of HijackThis v1.99.1 Scan saved at 16:42:26, on 13/2/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\dmlsn\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=sft_hp_hao123_br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: WsSVRIEHelper - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Arquivos de programas\Wondershare\vDownloader\SVRIEPlugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Arquivos de programas\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Arquivos de programas\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: wwws.realsecureweb.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: www.santanderempresarial.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: wwws2.santandernet.com.br O15 - Trusted Zone: www.santandernetibe.com.br O15 - Trusted Zone: www.secureweb.com.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Autodesk Content Service - Unknown owner - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
  8. Boa noite. Melhorou bem, só que ainda tá demorando prá responder alguns cliques, exemplo, botão direito sobre um programa na janela de download e abrir pasta, demora abrir a pasta e correr as colunas e aparecer o programa selecionado. Não sei se é importante mas, este pc tá em rede doméstica. Obrigado.
  9. Bom dia. Enquanto rodava o Kaspersky apareceu essa mensagem da pg de vcs e cliquei em "continuar" depois que acabou o escaneamento. O Kaspersky nada detectou e deu essa recomendação: O Hijackthis deu essa mensagem na primeira tentativa e cliquei em "não enviar": Na segunda tentativa deu uma travada mas gerou o log abaixo: Logfile of HijackThis v1.99.1 Scan saved at 09:05:34, on 11/2/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\dmlsn\Desktop\setup_11.0.0.1245.x01_2013_02_11_02_12.exe C:\DOCUME~1\dmlsn\CONFIG~1\Temp\RarSFX0\7144267.exe C:\Documents and Settings\dmlsn\Desktop\HijackThis.exe C:\WINDOWS\system32\verclsid.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: WsSVRIEHelper - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Arquivos de programas\Wondershare\vDownloader\SVRIEPlugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Arquivos de programas\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Arquivos de programas\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - Startup: _uninst_57164763.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: wwws.realsecureweb.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: www.santanderempresarial.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: wwws2.santandernet.com.br O15 - Trusted Zone: www.santandernetibe.com.br O15 - Trusted Zone: www.secureweb.com.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Autodesk Content Service - Unknown owner - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe Obrigado.
  10. Boa tarde. Segue os logs para análise conforme orientado. Obrigado. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Microsoft Windows XP x86 Ran by dmlsn on s b 09/02/2013 at 16:36:29,79 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on s b 09/02/2013 at 16:45:42,56 End of JRT log ComboFix 13-02-07.02 - dmlsn 09/02/2013 17:05:31.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2037.1302 [GMT -2:00] Executando de: c:\documents and settings\dmlsn\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ADS - system32: deleted 4 bytes in 2 streams. ADS - drivers: deleted 310 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dados de aplicativos\TEMP c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin.exe c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_ie_bb_setup.exe c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_mz_abn_setup.xpi c:\documents and settings\dmlsn\WINDOWS c:\windows\IsUn0816.exe c:\windows\system32\ijl11.dll c:\windows\system32\SETF0.tmp c:\windows\system32\SETF5.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . (((((((((((((((( Arquivos/Ficheiros criados de 2013-01-09 to 2013-02-09 )))))))))))))))))))))))))))) . . 2013-02-09 18:23 . 2013-02-09 18:23 -------- d-----w- c:\windows\ERUNT 2013-02-09 18:23 . 2013-02-09 18:36 -------- d-----w- C:\JRT 2013-02-08 04:06 . 2013-02-08 04:06 -------- d-----w- c:\documents and settings\dmlsn\Dados de aplicativos\Malwarebytes 2013-02-08 04:06 . 2013-02-08 04:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2013-02-08 04:06 . 2013-02-08 04:06 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2013-02-08 04:06 . 2012-12-14 18:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-08 02:19 . 2009-02-12 17:11 22312 ----a-w- c:\windows\system32\drivers\rsdrv.sys 2013-02-08 02:18 . 2013-02-08 02:18 -------- d-----w- c:\arquivos de programas\Remo Recover 2013-02-08 02:11 . 2013-02-08 02:11 -------- d-----w- c:\arquivos de programas\Recuva 2013-02-05 00:39 . 2013-02-05 00:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\gas 2013-01-29 19:35 . 2013-01-29 19:35 -------- d-----w- c:\documents and settings\Administrador.PC 2013-01-23 14:30 . 2013-01-23 14:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GAS Tecnologia 2013-01-22 16:57 . 2013-01-22 16:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2013-01-18 17:14 . 2013-01-24 00:26 -------- d-----w- c:\arquivos de programas\BPesq 2013-01-18 17:13 . 2013-01-18 17:13 -------- d-----w- c:\windows\Downloaded Installations 2013-01-17 11:59 . 2012-12-04 17:27 47856 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2013-01-17 11:59 . 2013-02-08 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2013-01-17 11:59 . 2013-01-23 14:32 -------- d-----w- c:\arquivos de programas\GbPlugin 2013-01-16 14:27 . 2013-01-16 14:27 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-16 14:27 . 2013-01-16 14:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-16 14:27 . 2012-05-22 20:54 859552 -c--a-w- c:\windows\system32\npDeployJava1.dll 2013-01-16 14:27 . 2012-05-22 20:54 780192 -c--a-w- c:\windows\system32\deployJava1.dll 2013-01-10 01:38 . 2012-05-22 04:39 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-10 01:38 . 2012-05-22 04:39 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-25 01:08 . 2012-12-25 01:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2012-12-16 12:23 . 2008-04-13 20:18 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-07 17:00 . 2012-12-07 17:00 54048 ----a-w- c:\windows\system32\vrvd5.dll 2012-12-07 17:00 . 2012-12-07 17:00 11296 ----a-w- c:\windows\system32\drivers\vrvd5.sys 2012-12-05 17:20 . 2012-12-05 17:20 564632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\wlidui.dll 2012-12-05 17:20 . 2012-12-05 17:20 19696 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-11-26 15:25 . 2012-11-26 15:25 323584 ------w- c:\windows\Setup1.exe 2012-11-26 15:25 . 2012-11-26 15:25 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-11-16 01:55 . 2012-11-16 01:45 4778932 ----a-w- c:\arquivos de programas\Uninstal.exe 2012-11-13 11:55 . 2008-04-13 19:54 1866496 ----a-w- c:\windows\system32\win32k.sys 2010-01-26 14:11 . 2012-06-03 01:32 444283 -c--a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe 2013-02-06 19:27 . 2013-02-06 19:27 262552 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-06-20 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\arquivos de programas\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2012-12-04 17:21 1718256 ------w- c:\arquivos de programas\GbPlugin\gbiehabn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2012-11-22 18:05 1585768 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HPZRCV01.LNK] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HPZRCV01.LNK backup=c:\windows\pss\HPZRCV01.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 21:43 69632 -c--a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-13 20:20 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 03:47 31016 -c--a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-04-16 22:51 162584 -c--a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2009-11-18 19:13 54576 -c--a-w- c:\arquivos de programas\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-04-16 22:51 142104 -c--a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-05-15 18:55 1057328 -c--a-w- c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-07-17 14:12 288080 ----a-w- c:\arquivos de programas\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar] 2009-11-16 12:27 240992 ----a-w- c:\arquivos de programas\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 18:57 153136 -c--a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2007-12-14 14:36 50472 -c----w- c:\arquivos de programas\CyberLink\PowerDVD8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-04-16 22:51 138008 -c--a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] 2008-03-20 23:23 83240 -c----w- c:\arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-01-09 18:25 16859648 -c--a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-05-15 18:55 1628208 -c--a-w- c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd] 2004-06-10 16:48 286720 -c--a-w- c:\windows\vsnpstd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader] 2012-04-26 20:19 879616 -c--a-w- c:\arquivos de programas\VDownloader\VDownloader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe] 2012-02-28 17:42 1679360 -c--a-w- c:\arquivos de programas\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Arquivos de programas\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"= "c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Arquivos de programas\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Documents and Settings\\dmlsn\\Meus documentos\\jogos\\FlatOut2.exe"= "c:\\Arquivos de programas\\Autodesk\\Backburner\\monitor.exe"= "c:\\Arquivos de programas\\Autodesk\\Backburner\\manager.exe"= "c:\\Arquivos de programas\\Autodesk\\Backburner\\server.exe"= "c:\\Arquivos de programas\\Autodesk\\3ds Max 2009\\3dsmax.exe"= . R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [17/1/2013 09:59 47856] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22/5/2012 01:08 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/5/2012 01:08 361032] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [8/2/2013 00:19 22312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/5/2012 01:08 21256] R2 Autodesk Content Service;Autodesk Content Service;c:\arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 15:08 18656] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [22/5/2012 11:13 24328] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [17/1/2013 09:59 527856] R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [1/1/2013 16:25 4832] R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [1/1/2013 16:25 6816] R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/2/2013 02:06 398184] R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2013 02:06 682344] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/3/2008 00:04 65536] R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [1/1/2013 16:25 6336] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/2/2013 02:06 21104] R3 vrvd5;vrvd5;c:\windows\system32\drivers\vrvd5.sys [7/12/2012 15:00 11296] S2 TinaKey;TinaKey; [x] S3 cpuz134;cpuz134;c:\arquivos de programas\CPUID\PC Wizard 2010\pcwiz_x32.sys [25/6/2012 19:22 20328] . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' . 2013-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 01:38] . 2013-02-09 c:\windows\Tasks\avast! Emergency Update.job - c:\arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-05 22:50] . 2013-02-09 c:\windows\Tasks\User_Feed_Synchronization-{CCC8A855-BFF1-4E56-A062-E1B8DAFA734F}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bancoreal.com.br\www Trusted Zone: bancosantander.com.br\www Trusted Zone: bb.com.br\www Trusted Zone: realsecureweb.com.br\www Trusted Zone: realsecureweb.com.br\www2 Trusted Zone: realsecureweb.com.br\wwws Trusted Zone: santander.com.br\www Trusted Zone: santanderempresarial.com.br\www Trusted Zone: santandernet.com.br\www Trusted Zone: santandernet.com.br\wwws Trusted Zone: santandernet.com.br\wwws2 Trusted Zone: santandernetibe.com.br\www Trusted Zone: secureweb.com.br\www TCP: DhcpNameServer = 200.204.0.10 177.103.50.78 FF - ProfilePath - c:\documents and settings\dmlsn\Dados de aplicativos\Mozilla\Firefox\Profiles\e1yv69v0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=pt-BR FF - ExtSQL: 2013-01-23 12:44; {87F8774F-B485-47E2-A755-A40A8A5E8874}; c:\documents and settings\dmlsn\Dados de aplicativos\Mozilla\Firefox\Profiles\e1yv69v0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} FF - ExtSQL: !HIDDEN! 2012-10-16 23:44; smartwebprinting@hp.com; c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . . ------- Associação de arquivos/ficheiros ------- . .scr=AutoCADScriptFile . - - - - ORFÃOS REMOVIDOS - - - - . MSConfigStartUp-SunJavaUpdateSched - c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe AddRemove-myHouse v9 - c:\windows\IsUn0816.exe AddRemove-FLV Player - c:\arquivos de programas\FLVPlayer\Uninstall\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-09 17:14 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'winlogon.exe'(644) c:\arquivos de programas\GbPlugin\gbieh.dll c:\arquivos de programas\GbPlugin\gbiehabn.dll . - - - - - - - > 'explorer.exe'(2832) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\AcSignIcon.dll c:\arquivos de programas\GbPlugin\gbieh.dll c:\arquivos de programas\GbPlugin\gbiehabn.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\AVAST Software\Avast\AvastSvc.exe c:\arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Tempo para conclusão: 2013-02-09 17:17:31 - Máquina reiniciou ComboFix-quarantined-files.txt 2013-02-09 19:17 . Pré-execução: 12 pasta(s) 105.861.005.312 bytes disponíveis Pós execução: 15 pasta(s) 105.801.904.128 bytes disponíveis . WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 0D059A7C7FEFB511014C114B25748D16
  11. Boa noite. Certeza que anexei, depois do envio percebi que não aparecia os anexos, achei que que era normal. Vou tentar novamente. Aliás, vou colar aqui. Obrigado. Ha! o pc tá esquesito, demorou prá liberar a área de trabalho e depois de alguns cliques no mouse, demora prá responder os comandos. Esse log do adwcleaner não é o primeiro, o primeiro não consegui copiar porque o pc reiniciou bem na hora e depois não achei o log, tive de rodar novamente o programa. # AdwCleaner v2.111 - Logfile created 02/08/2013 at 01:52:42 # Updated 05/02/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : dmlsn - PC # Boot Mode : Normal # Running from : C:\Documents and Settings\dmlsn\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (pt-BR) File : C:\Documents and Settings\dmlsn\Dados de aplicativos\Mozilla\Firefox\Profiles\e1yv69v0.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [4421 octets] - [08/02/2013 01:40:24] AdwCleaner[s2].txt - [760 octets] - [08/02/2013 01:52:42] ########## EOF - C:\AdwCleaner[s2].txt - [819 octets] ########## Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Versão da Base de Dados: v2013.02.08.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 dmlsn :: PC [administrador] Proteção: Permitir 8/2/2013 02:09:38 mbam-log-2013-02-08 (02-09-38).txt Tipo de Verificação: Verificação Completa (C:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 417234 Tempo decorrido: 1 hora(s), 36 minuto(s), 48 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 3 C:\Arquivos de programas\CyberLink\ciberlink2\cyberlink-powerdvd 8\Keymaker.Only-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Enviado para a Quarentena e deletado com sucesso. C:\Arquivos de programas\DesignSoft\myHouse v9\authmgr.exe (Spyware.Zbot) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{1879503A-296D-46C0-9BF5-1EED1636EB94}\RP136\A0024865.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso. (fim) MBRScan v1.1.1 OS : Windows XP Home Service Pack 3 (32 bit) PROCESSOR : x86 Family 6 Model 15 Stepping 11, GenuineIntel BOOT : Normal Boot DATE : 2013/02/08 (ISO 8601) at 03:55:16 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __WDC WD1600AAJS-75PSA0 (05.06H05) BUS_TYPE : (0x03) P-ATA USE_PIO : YES MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 149.0 Go [Fixed] ==> XP MBR Code MBR_MD5 : 140D50A139C277DFC234ADCC210A9627 MBR_SHA1 : 9F88A0BF296D1C625A0D8FAC5C3455A8ECA0C1A4 Device\Harddisk0\Partition1 148.9 Go 0x07 NTFS / HPFS __ BOOTABLE __ ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk ADDRESS : 0xA83EA000 SIZE : 96.0 Ko DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk ADDRESS : 0xBA646000 SIZE : 8.0 Ko SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.| 0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±. 0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ 0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´.. 0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò. 0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t. 0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F... 0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë 0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ. 0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V 0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü 0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V 0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».| 0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä. 0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ 0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a` 0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j 0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot. 0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 54 61 62 65 2ä.V.Í.ëÖaùÃTabe 0x00000130 6C 61 20 64 65 20 70 61 72 74 69 87 E4 65 73 20 la de parti.äes 0x00000140 69 6E 76 A0 6C 69 64 61 00 45 72 72 6F 20 61 6F inv.lida.Erro ao 0x00000150 20 63 61 72 72 65 67 61 72 20 6F 20 73 69 73 74 carregar o sist 0x00000160 65 6D 61 20 6F 70 65 72 61 63 69 6F 6E 61 6C 00 ema operacional. 0x00000170 53 69 73 74 65 6D 61 20 6F 70 65 72 61 63 69 6F Sistema operacio 0x00000180 6E 61 6C 20 61 75 73 65 6E 74 65 00 00 00 00 00 nal ausente..... 0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001B0 00 00 00 00 00 2C 49 70 00 00 00 B8 00 00 80 01 .....,Ip...¸.... 0x000001C0 01 00 07 EF FF FF 3F 00 00 00 91 E9 9C 12 00 00 ...ï..?....é.... 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª MBRScan v1.1.1 OS : Windows XP Home Service Pack 3 (32 bit) PROCESSOR : x86 Family 6 Model 15 Stepping 11, GenuineIntel BOOT : Normal Boot DATE : 2013/02/08 (ISO 8601) at 04:03:17 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __WDC WD1600AAJS-75PSA0 (05.06H05) BUS_TYPE : (0x03) P-ATA USE_PIO : YES MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 149.0 Go [Fixed] ==> XP MBR Code MBR_MD5 : 140D50A139C277DFC234ADCC210A9627 MBR_SHA1 : 9F88A0BF296D1C625A0D8FAC5C3455A8ECA0C1A4 Device\Harddisk0\Partition1 148.9 Go 0x07 NTFS / HPFS __ BOOTABLE __ ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk ADDRESS : 0xA83EA000 SIZE : 96.0 Ko DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk ADDRESS : 0xBA646000 SIZE : 8.0 Ko SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.| 0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±. 0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ 0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´.. 0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò. 0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t. 0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F... 0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë 0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ. 0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V 0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü 0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V 0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».| 0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä. 0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ 0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a` 0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j 0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot. 0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 54 61 62 65 2ä.V.Í.ëÖaùÃTabe 0x00000130 6C 61 20 64 65 20 70 61 72 74 69 87 E4 65 73 20 la de parti.äes 0x00000140 69 6E 76 A0 6C 69 64 61 00 45 72 72 6F 20 61 6F inv.lida.Erro ao 0x00000150 20 63 61 72 72 65 67 61 72 20 6F 20 73 69 73 74 carregar o sist 0x00000160 65 6D 61 20 6F 70 65 72 61 63 69 6F 6E 61 6C 00 ema operacional. 0x00000170 53 69 73 74 65 6D 61 20 6F 70 65 72 61 63 69 6F Sistema operacio 0x00000180 6E 61 6C 20 61 75 73 65 6E 74 65 00 00 00 00 00 nal ausente..... 0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001B0 00 00 00 00 00 2C 49 70 00 00 00 B8 00 00 80 01 .....,Ip...¸.... 0x000001C0 01 00 07 EF FF FF 3F 00 00 00 91 E9 9C 12 00 00 ...ï..?....é.... 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
  12. Boa noite. Ao rodar o Adwcleaner, ele gerou um log e quando eu tava selecionando para copiar, o pc desligou sozinho e travou na tela "o windows esta sendo encerrado", aguardei vários minutos, uns dez minutos, daí forçei o desligamento e quando liguei, demorou para abrir a área de trabalho, que era o que estava acontecendo, daí abriu e o Adwcleaner abriu outro log que é o que colei no anexo aí. Daí o pc desligou do nada, sozinho, e travou novamente na tela acima citada, então forcei o desligamento, segurando 5 segundos o liga/desliga. Daí liguei, apareceu só o fundo do XP, paisagem do pasto, e demorou bastante, daí apareceram os ícones da área de trabalho. Segue anexos os logs do Adwcleaner, do mbam e do mbr. To achando que a coisa não tá muito boa não. Obrigado, aguardo orientações.
  13. Bom dia. Meu pc tá lento para liberar sua utilização, sempre faço limpeza de disco e desfragmentação, pelo menos a cada 15 dias, dá impressão que é o antivirus avast, porém, uso ele há vários anos e nunca ficou tão demorado prá liberar a área de trabalho. Também retiro todas as inicializações automáticas, deixo só o antivirus inicializar com o Windows XP. Segue o log do Hijack, por favor, façam uma avaliação, tá com cara de vírus ou spyware. Logfile of HijackThis v1.99.1 Scan saved at 07:46:02, on 7/2/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\dmlsn\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: WsSVRIEHelper - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Arquivos de programas\Wondershare\vDownloader\SVRIEPlugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Arquivos de programas\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Arquivos de programas\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: wwws.realsecureweb.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: www.santanderempresarial.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: wwws2.santandernet.com.br O15 - Trusted Zone: www.santandernetibe.com.br O15 - Trusted Zone: www.secureweb.com.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Autodesk Content Service - Unknown owner - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
  14. Boa noite, Ciro. Muito obrigado, apaguei o PCheats e o pc está ok. Valeu pelo apoio e pode fechar o tópico.
  15. Boa noite, Ciro. Infelizmente foi encontrado alguma coisa. O trem é mais complicado do esperava. Segue o relatório do Kaspersky. Obs.: O Kaspersky abriu numa interface bem diferente do exemplo que você deu. A 1ª opção não abria a pg então na 2ª opção escolhi em Português mas acredito que tenha dado certo. Muito obrigado. Verificação automática: concluído 17 minutos atrás (eventos: 4, objetos: 1157403, hora: 02:15:38) 10/07/2012 17:07:45 Tarefa iniciada Ação padrão selecionada 10/07/2012 19:20:55 Detectados: Trojan.Win32.Pasta.pdb D:\larissa\documentos\Meus arquivos recebidos\PCheats Elite Chaos v1.0.zip/PCheats Elite Chaos v1.0.exe Ação padrão selecionada 10/07/2012 19:20:55 Não neutralizado: Trojan.Win32.Pasta.pdb D:\larissa\documentos\Meus arquivos recebidos\PCheats Elite Chaos v1.0.zip/PCheats Elite Chaos v1.0.exe Registrado 10/07/2012 19:23:23 Tarefa concluída Ação padrão selecionada