Entre para seguir isso  
Seguidores 0
itamar74

Virus que o superantisyware não remove

20 posts neste tópico

Bom dia,

quando abro a net aparecem alguns pop-ups com propaganda do tipo marque o seu signo, charadas, isso acontece quase sempre quando o email do hotmail está aberto. Rodei o antivirus avira, usei o malwarebytes e nada foi encontrado, então utilizei o superantispayware e sempre acha varios arquivos infectados nos cookies, da ultima vez foram achados 19 arquivos infectados e mandei excluir, mas sempre está aparecendo o mesmo problema, com mais ou menos arquivos infectados.

Baixei agora o hijackthis e mandei rodar e ele informa o seguinte como um alerta:

"for some reason your system denied write access to the hosts file. If any hijacked domains are are in this file, hijackthis may not be able to fix this.

If that happens, you need to edit the file yourself. To do this, click start, run and type: notepad C:\windows\system32\drivers\etc\hosts

and press enter. Find the line(s) hijackthis reports and delete them. Save the file as ´hosts´. (with quotes), and reboot.

For vista: simply, exit hijackthis, right click on the hijackthis icon, choose 'run as adminstrator' "

Então abri o hijackthis como administrador e deu o seguinte resultado do log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:40:28, on 12/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.celebrandodeus.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Camera Monitor SD.lnk = ?

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15026 bytes

Grato pela ajuda

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde itamar74.

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em
    o5an81.jpg
    (se localiza no canto superior direito do post principal),e em
    t0kkmq.jpg
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando esta opção, acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nas janelas do pop-up aparece a seguinte inscrição na janela: "ad.adserverplus/st?ad_type=iframe&ad_size=800x440&section=2971503&pub_url=$(pub_url)", isto com informações de você ganhou um iphone, quantas mãos consegue ver, como será seu futuro amoroso, oisas parecendo mais propagandas e jogos.

Depois que entrei em contato com v6 não rodei nenhum antivirus geral.

grato pela ajuda.

Itamar

Segue o log :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:14:14, on 13/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.celebrandodeus.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Camera Monitor SD.lnk = ?

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14900 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

itamar74,

1)

Acesse o Painel de Controle -> Programas a recursos -> procure e desinstale os programas abaixo:

BrowserCompanion

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)

http://download.cnet.com/Malwarebytes-Anti...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

http://linhadefensiva.org/forum/index.php?showtopic=75554

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do MBAM

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Versão da Base de Dados: v2012.06.14.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

DENISE L. MONTEIRO :: DENISELMONTEIRO [administrador]

14/06/2012 18:16:46

mbam-log-2012-06-14 (18-16-46).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 204588

Tempo decorrido: 4 minuto(s), 11 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:26:38, on 14/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.celebrandodeus.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Google Update] "C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Camera Monitor SD.lnk = ?

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13480 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

itamar74,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salve-o na sua área de trabalho.


  1. Feche todas as janelas e programas. Rode o ComboFix.
  2. Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  3. Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  4. Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Faça um novo log do HijackThis e cole na sua resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Ciro,

Está aparecendo uma janela, quando reiniciei o pc, escrito desta forma após ter rodado o combo fix:

" BCHelper.exe - Erro do sistema

x o programa não pode ser iniciado porque está faltando sqlite3.dll no seu computador. Tente reinstalá-lo para resolver esse problema."

é para procurar e instalar mesmo?

Segue o log do Combofix

ComboFix 12-06-15.06 - DENISE L. MONTEIRO 16/06/2012 8:35.1.4 - x64

Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.2807.1550 [GMT -3:00]

Executando de: c:\users\DENISE L. MONTEIRO\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 208 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\programdata\ntuser.dat

c:\windows\security\Database\tmp.edb

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-05-16 to 2012-06-16 ))))))))))))))))))))))))))))

.

.

2012-06-16 11:41 . 2012-06-16 11:41 -------- dc----w- c:\users\Default\AppData\Local\temp

2012-06-15 09:03 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{121CE252-D3AA-4DDA-B8A7-928AF9560994}\mpengine.dll

2012-06-13 14:55 . 2012-06-14 15:16 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 14:55 . 2012-06-14 15:16 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 14:55 . 2012-06-14 15:16 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 14:55 . 2012-06-14 15:11 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 14:55 . 2012-06-14 15:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 14:55 . 2012-06-14 15:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 14:55 . 2012-06-14 15:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 14:55 . 2012-06-14 15:10 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 14:55 . 2012-06-14 15:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 14:55 . 2012-06-14 15:10 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-13 14:55 . 2012-06-14 15:10 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 14:54 . 2012-06-14 15:10 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 14:54 . 2012-06-14 15:10 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 14:54 . 2012-06-14 15:10 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 14:54 . 2012-06-14 15:10 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 14:54 . 2012-06-14 15:10 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 14:54 . 2012-06-14 15:10 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-10 15:22 . 2012-03-07 00:15 258520 -c--a-w- c:\windows\system32\aswBoot.exe

2012-06-10 15:21 . 2012-06-16 11:42 -------- dc----w- c:\programdata\AVAST Software

2012-06-10 15:21 . 2012-06-10 15:21 -------- dc----w- c:\program files\AVAST Software

2012-06-09 23:10 . 2012-06-09 23:10 -------- dc----w- c:\users\DENISE L. MONTEIRO\AppData\Roaming\SUPERAntiSpyware.com

2012-05-30 03:15 . 2012-05-30 03:15 -------- dc----w- c:\users\DENISE L. MONTEIRO\AppData\Roaming\Malwarebytes

2012-05-30 03:14 . 2012-05-30 03:14 -------- dc----w- c:\programdata\Malwarebytes

2012-05-30 03:14 . 2012-04-04 18:56 24904 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-05-30 03:14 . 2012-05-30 03:14 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-29 01:41 . 2012-05-29 01:42 -------- dc----w- c:\users\DENISE L. MONTEIRO\AppData\Roaming\Media Player Classic

2012-05-28 02:08 . 2012-06-14 21:10 -------- dc----w- c:\program files (x86)\BrowserCompanion

2012-05-28 00:52 . 2012-05-28 00:52 -------- dc----w- c:\windows\system32\DRVSTORE

2012-05-28 00:52 . 2012-03-08 21:40 48488 -c--a-w- c:\windows\system32\drivers\fssfltr.sys

2012-05-28 00:51 . 2012-05-28 01:06 -------- dc----w- c:\program files\Windows Live

2012-05-28 00:49 . 2012-05-28 02:08 -------- dc----w- c:\programdata\Messenger Plus!

2012-05-28 00:48 . 2012-05-28 00:48 15712 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9232bd901cd3c6b01\MeshBetaRemover.exe

2012-05-28 00:28 . 2012-06-09 01:53 426184 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-19 15:31 . 2012-05-19 15:32 -------- dc----w- c:\program files\Microsoft Silverlight

2012-05-19 15:31 . 2012-05-19 15:32 -------- dc----w- c:\program files (x86)\Microsoft Silverlight

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-09 01:53 . 2011-06-23 04:17 70344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-10 20:25 . 2012-05-10 13:33 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 20:25 . 2012-05-10 13:33 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 20:15 . 2012-05-10 13:32 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 14:42 . 2012-05-10 13:32 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-04-11 14:01 . 2012-04-11 14:01 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 14:01 . 2012-04-11 14:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 14:01 . 2012-04-11 14:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 14:01 . 2012-04-11 14:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 14:01 . 2012-04-11 14:01 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 14:01 . 2012-04-11 14:01 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 14:01 . 2012-04-11 14:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-05 12:34 . 2011-06-24 02:55 46408 -c--a-w- c:\windows\SysWow64\drivers\gbpkm.sys

2011-06-17 04:08 . 2011-06-17 04:07 8161357 -c--a-w- c:\program files\peditorinst.exe

2011-06-15 05:14 . 2011-06-15 05:08 52676424 -c--a-w- c:\program files\avira_antivir_personal_en.exe

2011-06-15 04:26 . 2011-06-15 04:26 1288552 -c--a-w- c:\program files\wlsetup-web.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-25 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2011-12-16 187696]

.

c:\users\DENISE L. MONTEIRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Camera Monitor SD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2011-6-23 541976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-05-09 12:01 1313864 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-05-09 214088]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 01:53]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 03:55]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 03:55]

.

2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-83505805-2065614792-878293107-1000Core.job

- c:\users\DENISE L. MONTEIRO\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 20:38]

.

2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-83505805-2065614792-878293107-1000UA.job

- c:\users\DENISE L. MONTEIRO\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 20:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.celebrandodeus.com.br/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Enviar para o OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.254.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner64.exe

Toolbar-Locked - (no file)

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-83505805-2065614792-878293107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-83505805-2065614792-878293107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-06-16 08:48:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-06-16 11:48

.

Pré-execução: 250.584.305.664 bytes disponíveis

Pós execução: 250.673.729.536 bytes disponíveis

.

- - End Of File - - 0DB60F1255412DF4AAE3AE55C66DA01C

Segue o log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:09:24, on 16/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.celebrandodeus.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Camera Monitor SD.lnk = ?

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11583 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde itamar74.

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Clique com o direito sobre o arquivo OTL.exe, depois clique em

execadmin.png
.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

drivers32 /all

%systemroot%\system32\drivers\*.* /90

%systemdrive%\drivers\*.exe

%SYSTEMDRIVE%\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

C:\windows\system32\Tasks\*.* /s

C:\windows\system32\Tasks\*.* /s /64

%windir%\tasks\*.* /s

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.com

%systemroot%\*.scr

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão

verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Ciro,

Como os 2 arquivos couberam aqui:

segue o OTL.txt:

OTL logfile created on: 16/06/2012 18:09:25 - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\DENISE L. MONTEIRO\Desktop\Otl

64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,74 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 59,78% Memory free

5,48 Gb Paging File | 3,90 Gb Available in Paging File | 71,09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285,99 Gb Total Space | 233,35 Gb Free Space | 81,59% Space Free | Partition Type: NTFS

Computer Name: DENISELMONTEIRO | User Name: DENISE L. MONTEIRO | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 18:01:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\DENISE L. MONTEIRO\Desktop\Otl\OTL.exe

PRC - [2012/05/09 09:02:12 | 000,214,088 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/06/28 20:37:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/08/10 06:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010/08/10 06:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010/08/10 06:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010/06/28 19:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010/04/13 13:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/04/13 13:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/18 01:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/03/18 01:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Arquivos de Programas\Acer\Acer Updater\UpdaterService.exe

PRC - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2009/08/06 16:56:38 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 19:11:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/14 18:40:32 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/06/14 12:11:31 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012/06/07 05:14:43 | 000,441,880 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

MOD - [2012/06/07 05:14:42 | 003,922,456 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

MOD - [2012/06/07 05:13:27 | 000,553,496 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll

MOD - [2012/06/07 05:13:26 | 000,117,784 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll

MOD - [2012/06/07 05:13:16 | 000,134,696 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll

MOD - [2012/06/07 05:13:15 | 000,250,408 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll

MOD - [2012/06/07 05:13:14 | 002,375,720 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll

MOD - [2012/06/07 04:23:19 | 009,252,040 | ---- | M] () -- C:\Users\DENISE~1.MON\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll

MOD - [2012/06/07 04:23:19 | 009,252,040 | ---- | M] () -- C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

MOD - [2012/06/06 11:19:28 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fa79d708cc3fa75c4672e7647bffa002\System.Runtime.Remoting.ni.dll

MOD - [2012/06/06 11:18:50 | 003,379,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e710104d87885107738303d313efb006\WindowsBase.ni.dll

MOD - [2012/06/06 11:17:28 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e51b389e6d470d6920df51e7bbee6977\System.Xml.ni.dll

MOD - [2012/06/06 10:56:37 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll

MOD - [2012/06/06 10:28:12 | 000,457,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\563e93e26e86ec689cde6e8bf7b26f53\IAStorUtil.ni.dll

MOD - [2012/05/10 21:04:49 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll

MOD - [2012/05/10 21:04:20 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\detour32.dll

MOD - [2010/12/06 14:42:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010/11/12 21:33:11 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/06/28 19:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

MOD - [2009/05/20 03:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

MOD - [2004/09/09 17:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/06/08 22:53:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/05/09 09:02:12 | 000,214,088 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/06/28 20:37:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/10 06:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010/06/11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2010/04/13 13:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 01:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/03/18 01:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Arquivos de Programas\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/11 11:01:48 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/06/28 20:37:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/06/28 20:37:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/06/21 06:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Áudio do vídeo Intel®

DRV:64bit: - [2010/06/03 16:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/05/15 09:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink

DRV:64bit: - [2010/04/28 03:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2010/04/28 03:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010/04/19 05:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/04/13 13:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/26 20:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/03 03:00:18 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/01/27 00:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009/09/17 02:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...rc=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...&ctid=CT1750559

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.celebrandodeus.com.br/

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerm...GGHP_pt-BRBR437

IE - HKCU\..\SearchScopes\{C5CF8AFF-642E-4095-97E5-D7B32D9CF928}: "URL" = http://websearch.ask.com/redirect?client=i...9B-9A418951E98E

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AT_CathKidston = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\

CHR - Extension: Gmail = C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/16 08:43:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de Programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Arquivos de Programas\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Arquivos de Programas\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{828EE819-406A-4E78-A46B-B2BFCC36EEAC}: DhcpNameServer = 192.168.254.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFB515DC-7323-496A-9742-22AF9BFF64E7}: DhcpNameServer = 192.168.254.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)

Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)

Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)

Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - ff_vfw.dll File not found

Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2012/06/16 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\Desktop\Otl

[2012/06/16 16:28:31 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{557EDB4A-9D04-4E42-827E-7AB444FAB18F}

[2012/06/16 16:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egito Secrets

[2012/06/16 16:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guilmour Studio

[2012/06/16 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7CDA6EF5-B8B7-46AC-B39C-75147336504A}

[2012/06/16 09:15:51 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\Desktop\Combofix

[2012/06/16 08:43:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/06/16 08:34:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/16 08:34:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/16 08:34:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/16 08:33:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/16 08:33:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/06/15 22:55:07 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{1BE6FE58-A699-4EB7-967B-A2AFFA56A7C2}

[2012/06/15 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{3ADB118A-C24E-43EE-9D7A-E9117142766D}

[2012/06/14 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{6FE3E477-94FA-4391-8C44-38C948AA04F4}

[2012/06/14 10:46:54 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{41778D87-4465-4A61-A9AA-EE30B84992F3}

[2012/06/14 10:46:41 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{6CF3DCF7-0A9E-4CDD-8633-0F068A48D3B1}

[2012/06/13 18:59:14 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{D2CAD07B-DE2C-40B2-8DAC-803EA4EEF7B0}

[2012/06/13 18:59:02 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{57CBCDEC-C16D-4310-8314-80B64C8EF247}

[2012/06/13 10:34:42 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{0478A093-FC1D-4ACE-A455-AD285CE87D6D}

[2012/06/12 13:04:25 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7F6758A0-C7FF-4EB2-BB50-52B94878D258}

[2012/06/12 13:04:13 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{AC0C2DE3-3E0C-4328-AB9C-7C27E73A1A6C}

[2012/06/12 12:25:51 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\Desktop\Hijackthis

[2012/06/12 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{1AC90146-1E57-46C2-AEC4-54FA86F38E2F}

[2012/06/12 01:03:07 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{07F5700C-CA77-4B13-A1D3-3C2C224A7AF3}

[2012/06/11 08:48:09 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7903C0A2-0C67-434E-A201-68472D5DEA35}

[2012/06/11 08:47:55 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{07BD1D01-2143-4266-B201-A22B9C459E71}

[2012/06/10 20:47:21 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{51773DAC-370D-4D2C-944B-2676389D6F93}

[2012/06/10 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{DEEB875F-5DFE-4F5D-8772-0D369416DA54}

[2012/06/10 12:22:15 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/06/10 12:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/06/10 12:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/06/10 08:46:36 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{49BD55D6-175E-4D62-B543-0A0F922D90DB}

[2012/06/10 08:46:25 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{E47A3EE7-91C2-4C2D-A9EF-71E015A37CA1}

[2012/06/09 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Roaming\SUPERAntiSpyware.com

[2012/06/09 19:00:59 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7EF7A2A2-40C7-4902-8531-562E7E28BF8B}

[2012/06/09 18:51:08 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{820A64FF-7251-418B-8E74-49B5B49B414E}

[2012/06/09 06:04:09 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{6AF38CC9-A042-4629-9D09-C861D7641799}

[2012/06/09 06:03:57 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{31002877-D7CA-47BA-984A-6B3BEE09884C}

[2012/06/08 17:47:45 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7D36F54A-255F-4F7B-8CC8-EF39B420B208}

[2012/06/08 17:47:32 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{A364CD98-D043-44F9-BD4C-B30B73719E90}

[2012/06/07 18:29:40 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{22CA7551-891B-49EB-90D7-0650E12830F2}

[2012/06/07 06:20:01 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{5A9C4CAC-63D7-4FB7-ACA5-CB21B773669D}

[2012/06/06 18:19:47 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{081D8F72-0C55-4F51-B54A-B40B890BAD45}

[2012/06/06 18:19:35 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{636B87B8-ED38-4631-A420-43205DD2DC95}

[2012/06/06 06:19:17 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{9121B828-B856-4771-BB5F-37EB5BEA1C1E}

[2012/06/06 06:19:04 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{F2440434-FA72-4587-AF56-F0CCA314DBBB}

[2012/06/04 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7D0AEF12-EE49-4CE3-985A-8A0BCE1AC872}

[2012/06/04 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{3F9A3B97-0D22-4830-BFDC-559D48728BA3}

[2012/06/04 02:36:04 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{60F9C7D2-DC0B-4141-87EE-9276BC16CCDA}

[2012/06/04 02:35:52 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{F690EECC-3A5C-4EC4-8A67-384C3CC30FFF}

[2012/06/03 11:05:18 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{A518825E-14B5-4C51-AEF1-CB2601FDF245}

[2012/06/02 16:25:10 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{235664C0-9792-4896-A032-FAC9DB6E6133}

[2012/06/02 16:24:58 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{C4F47B99-AD23-4DEC-A23C-D7367C0D2D2E}

[2012/06/02 03:16:30 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{C6CBE360-BB1D-4C8E-BDBC-EAF023E67E32}

[2012/06/02 03:16:19 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{FBA08048-A3A2-468C-BF8B-0FA2B823201D}

[2012/06/01 13:35:41 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{26D93DEE-BABB-4254-A986-84A6429A2A38}

[2012/06/01 01:35:27 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{1E9C3357-3333-4B98-B0D6-4427AC939F46}

[2012/06/01 01:35:15 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{00A83605-F956-432D-9DBE-E550A10544D8}

[2012/05/31 12:17:08 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{BF8E6973-DB9C-416F-A585-6B8E1C6181DC}

[2012/05/31 12:15:58 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{85EE9F43-D621-43D2-8019-A00AD403814E}

[2012/05/30 23:35:49 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{AAF3E4EB-3DC6-4254-B808-7AB2470838C9}

[2012/05/30 11:35:32 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{FD9F89AE-F316-4F04-945D-879FC775A8A0}

[2012/05/30 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{A92F0F55-9330-489F-AAB6-0DD3D063F279}

[2012/05/30 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Roaming\Malwarebytes

[2012/05/30 00:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/30 00:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/30 00:14:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/05/30 00:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/28 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Roaming\Media Player Classic

[2012/05/28 11:09:54 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{CEBBB4D5-BEF0-461B-B0B6-78132F8E87CE}

[2012/05/28 11:09:42 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{9EB35888-7C98-4678-BCED-00C3024CF433}

[2012/05/27 23:09:16 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{5323689C-E7EB-48CE-B521-EB11C0A49DBE}

[2012/05/27 23:09:05 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{CF8FAB76-6FC6-4D51-AB9C-006C63DB67C5}

[2012/05/27 23:08:59 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\Documents\Messenger Plus!

[2012/05/27 23:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion

[2012/05/27 21:52:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2012/05/27 21:52:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2012/05/27 21:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/05/27 21:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!

[2012/05/27 12:24:04 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{C0BEE878-FA36-4775-A366-4571FD6127E6}

[2012/05/27 12:23:52 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{C6309713-359D-4ACD-9F74-EC85F146A436}

[2012/05/25 21:10:55 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{73278F4B-6328-413C-B90D-8DB38F4E977F}

[2012/05/25 21:10:44 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{2EA2AC21-C46D-40A9-957F-4C00E0881A63}

[2012/05/25 09:10:27 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{45BE548C-CC62-4682-8FC4-D4778040BE3A}

[2012/05/25 09:10:15 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{521CC6BC-9E5D-4A9F-8036-0413581E8DFB}

[2012/05/24 20:02:32 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{4BF99DEC-5882-481E-9873-F4A37D1A107A}

[2012/05/24 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{081E6D30-407F-4744-91BE-5F828858AB3C}

[2012/05/24 08:02:04 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{CA3814E6-CE71-4E90-910D-B43ADB0F0579}

[2012/05/24 08:01:47 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{2E8DCD18-6E4C-49AC-A63B-520E26F218A3}

[2012/05/23 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{93FD3D7F-A07E-418C-9B95-5098ACB036A0}

[2012/05/23 13:37:17 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{E8B8433C-58CC-4165-AD39-CDD90495DA62}

[2012/05/23 01:37:01 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{EA88B291-6DE7-4B42-8FBE-C3B73C8B853A}

[2012/05/23 01:36:43 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{578B84F3-1C3F-42A2-92D1-85C79BCCA4B1}

[2012/05/22 12:41:12 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{8A6BB244-2798-42FE-B440-127ABBC6B6A5}

[2012/05/22 12:40:54 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{D54F16FA-3E59-4BEB-AF1D-636C4C4DE676}

[2012/05/22 00:13:41 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{76540192-5C5A-4E0D-897E-0ED0C66CC991}

[2012/05/22 00:13:30 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{F76D8B97-6596-4F93-ACB6-156B04A8A71B}

[2012/05/21 12:13:00 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{204EA030-9965-4F61-AE86-86CDBC5053BD}

[2012/05/21 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{628FA514-B019-4CDD-B0D6-01EB25616C85}

[2012/05/21 00:12:34 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{B3ED1CC5-BADA-4ABA-8774-572574FB8B2B}

[2012/05/21 00:12:22 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{8B475B42-73B1-4B67-8968-203F695BD5A9}

[2012/05/20 10:40:34 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{93661989-0F06-4DC8-ADC5-563050DDE8A5}

[2012/05/20 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{05995621-D78A-42F9-8E46-0B7C96FC62CC}

[2012/05/19 19:27:31 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{CC008314-A57D-4A71-B305-302339CB5A66}

[2012/05/19 19:27:16 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{9F760077-611B-400C-94E5-2CE8ED3FCE74}

[2012/05/19 12:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/05/19 12:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/05/19 12:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/05/19 06:37:11 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{C5AB172B-B490-4690-A411-CC6FF2CFB80A}

[2012/05/19 06:36:59 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7B7DD18F-0B19-419C-ABE7-7E6AACAB7426}

[2012/05/18 18:36:45 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{19C559ED-B56D-43AF-9608-7D480F31806E}

[2012/05/18 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{D7474DC8-4EFE-4072-909B-A0198DD027B1}

[2012/05/18 06:35:45 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{9B1235B0-929A-4D3E-82AF-C4111FAE3F7A}

[2012/05/18 06:35:34 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{7DC3EC10-A61B-421C-8DCB-7EB4E96E2E0B}

[2012/05/17 10:55:00 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{F04F5180-E8D7-466E-9927-B3B6640FD706}

[2012/05/17 10:54:49 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{4D003A2D-D462-408E-9FAF-3AF952819D76}

[2012/05/16 17:01:05 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{6D10B075-3C25-4073-B4D7-189D8E40C1DD}

[2012/05/16 11:22:55 | 000,000,000 | ---D | C] -- C:\Users\DENISE L. MONTEIRO\AppData\Local\{D2B87EB

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite itamar74.

O log OTL.txt está incompleto. Por gentileza compacte o arquivo e anexe o arquivo compactado conforme consta nas instruções acima, ou siga o procedimento abaixo:

Acesse o Pastebin.com:

http://pastebin.com/

  • No campo New Paste cole o conteúdo do log OTL.txt.
  • Clique no botão Submit.
  • Será feita uma verificação de segurança, digite o código correto no campo Enter Captcha: e por fim clique no botão Submit.
  • Será aberta uma nova página, na barra cinza acima a direita clique em RAW.
    pastebin.png

  • Será aberta uma nova página com o log.
  • Copie e poste aqui no tópico o endereço desta página.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde itamar74.

Selecione e copie o texto dentro do QUOTE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":o" de OTL.

:OTL

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...&ctid=CT1750559

IE - HKCU\..\SearchScopes\{C5CF8AFF-642E-4095-97E5-D7B32D9CF928}: "URL" = http://websearch.ask.com/redirect?client=i...9B-9A418951E98E

O4 - HKLM..\Run: [browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)

[2012/05/27 23:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion

@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:93EB7685

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:1A60DE96

:Commands

[createrestorepoint]

[purity]

[emptytemp]

[emptyflash]

Clique com o direito sobre o arquivo OTL.exe, depois clique em

execadmin.png
.

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão

fixotl.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Ciro,

seguem os log do OTL:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5CF8AFF-642E-4095-97E5-D7B32D9CF928}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5CF8AFF-642E-4095-97E5-D7B32D9CF928}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browser companion helper deleted successfully.

C:\Program Files (x86)\BrowserCompanion\BCHelper.exe moved successfully.

C:\Program Files (x86)\BrowserCompanion folder moved successfully.

ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.

ADS C:\ProgramData\Temp:93EB7685 deleted successfully.

ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.

ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.

ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.

ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.

ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.

ADS C:\ProgramData\Temp:798A3728 deleted successfully.

ADS C:\ProgramData\Temp:E3C56885 deleted successfully.

ADS C:\ProgramData\Temp:1A60DE96 deleted successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: DENISE L. MONTEIRO

->Temp folder emptied: 16457571 bytes

->Temporary Internet Files folder emptied: 12473811 bytes

->Java cache emptied: 456083 bytes

->Google Chrome cache emptied: 50315615 bytes

->Flash cache emptied: 517 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 68525 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68140 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DENISE L. MONTEIRO

->Flash cache emptied: 0 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.49.0 log created on 06182012_085506

Files\Folders moved on Reboot...

C:\Users\DENISE L. MONTEIRO\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\DENISE L. MONTEIRO\AppData\Local\Temp\~PI4391.tmp not found!

File\Folder C:\Users\DENISE L. MONTEIRO\AppData\Local\Temp\~PID4E6.tmp not found!

File\Folder C:\Users\DENISE L. MONTEIRO\AppData\Local\Temp\~PIED9.tmp not found!

File\Folder C:\Users\DENISE L. MONTEIRO\AppData\Local\Temp\~PIEF9.tmp not found!

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Segue o log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:06:51, on 18/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\DENISE L. MONTEIRO\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\DENISE L. MONTEIRO\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.celebrandodeus.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Camera Monitor SD.lnk = ?

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11818 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde itamar74.

Faça o download do Kaspersky Virus Removal Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Salve-o em sua área de trabalho.

- Duplo clique no arquivo "setup" e aguarde a instalação;

- Na próxima tela marque I accept the licence agreement e clique em Start

- Clique no botão

f4uZX.png
e marque:

  • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)

- Clique em Actions e desmarque os dois quadros:

Zqewdl.jpg

- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão

rxcHb.png
, em Detected threats e no botão "Save".

- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Ciro,

Não houve nenhum arquivo salvo. A informação foi que não houve nenhuma detecção: "no threats detected". Creio que já deve estar td bem.

Agradeço imensamente a ajuda.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde itamar74.

Para finalizar:


  1. Renomeie o Combofix para uninstall e execute-o.
    IMPORTANTE: Preste atenção na grafia, para não haver erros de digitação!
  2. Execute o OTL.exe
    Clique no botão
    Botao_Limpeza_OTL.png
    .
    Permita que seu computador seja reiniciado.
  3. iconjava.png
    Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u5.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 20.08 MB jre-7u5-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u5-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.

[*]

iconadobe.png
Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Clique aqui e instale a mais nova versão.

[*]

iconflash.png
Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.

[*]

worm.png
Worms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.

Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

Para criar um arquivo autorun.inf protegido no Windows XP:

Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.

  • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
  • Execute o Flash_Disinfector.exe.
  • Vá seguindo os prompts que poderão aparecer.
  • Espere até que o programa conclua a busca e depois saia do programa.

Para Windows Vista e 7: Panda USB Vaccine

[*]

TFC_icon.png
Para manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

Caso não lhe seja solicitado, reinicie manualmente.

[*]

iconwu.png
Visite o Windows Update regularmente e verifique por atualizações.

Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.

Por isso é fundamental manter o seu sistema atualizado.

[*]Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:

http://linhadefensiva.org/artigos/proteja-seu-pc/

[*]Se não há mais nenhum problema relacionado a malwares, clique no botão

ReportButton.png
e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Ciro,

depois que fiz as tarefas 1 e 2 ao ser reiniciado o lap top não mais conseguiu conectar com a internet wireless. Pouco antes de desinstalar o combofix, o mesmo pediu para desinstalar o antivirus antes de continuar e fiz isso, mas mesmo assim o programa continuou informando que eles estavam ativos.

Pensei que você algum problema no wireless , mas a pouco consegui conectar com o smartphone. Será que nesse processo deu algum problema na rede? na barra inferior consta que que a rede tem sinal, mas aparece uma exclamação informando sobre um problema e não consigo conectar.

grato

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde itamar74.

O ComboFix pede apenas para desabilitar, e não desinstalar. Na desinstalação do antivírus é que pode ter ocasionado o problema, caso fosse o ComboFix, poderia ter sido causado quando rodou anteriormente.

Exclua essa conexão wireless e readicione.

http://technet.microsoft.com/pt-br/library...v=ws.10%29.aspx

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vou tentar resolver quando chegar em casa, pode ter havido problema na rede no exato momento que estava providenciando suas instruções.

grato

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  
Seguidores 0

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.