Elizabeth

Conexão cai, Windows Media Player parou de funcionar, está muito lento

30 posts neste tópico

Por favor analisem meu log.

Tenho internet sem fio e embora esteja conectado, cai constantemente a conexão. Tenho um LINKSYS Wireless G - Broadband Router

Outro problema é com WPM que não abre mais.

Logfile of HijackThis v1.99.1

Scan saved at 13:17:16, on 12/12/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Running processes:

C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files (x86)\Cobian Backup 10\Cobian.exe

C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Avant Browser\avant.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Program Files (x86)\v8200\DMMultiView\MultiView.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)

O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll

O2 - BHO: Digmyweb - {C77451B0-1E53-48db-9692-12ED498889C9} - C:\Program Files (x86)\Digmyweb\digmyweb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Cobian Backup 10] "C:\Program Files (x86)\Cobian Backup 10\Cobian.exe"

O4 - HKLM\..\Run: [KBDriver] C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files (x86)\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\SysWOW64\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe

O4 - HKCU\..\Run: [4B9B38AE4C8290791A3BEA919FBE62CB47D281A8._service_run] "C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://fiorizze.ddns.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritag...geUploader5.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://fiorizze.ddns...hecker_8198.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab

O16 - DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} (DownloadCenter Control) - http://187.39.97.138...Center_8200.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: mhtb - (no CLSID) - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe

O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files (x86)\PSafe\PSafesvc.exe

O23 - Service: PSafeWD - PSafe - C:\Program Files (x86)\PSafe\PSafeWD.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Seagate Replica System Monitor (ReplicaSysMon) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: Seagate Replica Service (Seagate-Replica-Svc) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Obrigada

Compartilhar este post


Link para o post
Compartilhar em outros sites

Elizabeth,

Vá em Iniciar > Painel de controle > Programas > Programas e Recursos e desinstale o(s) seguinte(s) software(s):

  • PSafe

1)

Baixe o Malwarebytes' Anti-Malware (MBAM)

http://www.malwareby...am-download.php

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Completa e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

http://linhadefensiv...showtopic=75554

2)

Baixe o MbrScan.exe e salve no desktop.

http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em execadmin.png

Selecione, copie e cole o seu conteúdo na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, Carlos

Aqui vai o primeiro log:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Versão da Base de Dados: v2012.12.13.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Admin :: ADMIN-PC [administrador]

13/12/2012 08:34:55

mbam-log-2012-12-13 (08-34-55).txt

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 527189

Tempo decorrido: 1 hora(s), 32 minuto(s), 17 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1

C:\Users\Admin\Downloads\advanced-systemcare-608182-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Agora o log do HijachThis

Um observação: quando ele começa a rodar aparece a seguinte msg:

For some reason your system denied write access to the Host file. If any hijacked domains are in this file. HijackThis may NOT be able to fix this. If that happens, you need to edit the filhe yourself. To do this, click Star, Run and Type:Notepad "C/Windows/System32?/drivers/etc/hosts" and press enter. Find the line (s) HijackThis reports and delete them. Save the file as "hosts" (with quotes), and reboot.

Dei o enter e apareceu a msg:

An unexpected error has occurred at procedure: modMain_CheckOther1Item()

Error #75 - Path/File access error

Please email me at merijn@spywareinfo.com, reporting the following:

* What you were trying to fix when the error occurred, if applicable

* How you can reproduce the error

* A complete HijackThis scan log, if possible

Windows version: Windows NT 6.01.3505

MSIE version: 9.0.8112.16421

HijackThis version: 1.99.1

This message has been copied to your clipboard.

Click OK to continue the rest of the scan.

Finalmente o log abaixo:

Logfile of HijackThis v1.99.1

Scan saved at 17:23:06, on 13/12/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:

C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files (x86)\Cobian Backup 10\Cobian.exe

C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Windows\SysWOW64\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe

C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\Admin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=742df3f8000000000000e0cb4e9a9b85&tlver=1.4.19.19&affID=17160

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)

O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll (file missing)

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll

O2 - BHO: Digmyweb - {C77451B0-1E53-48db-9692-12ED498889C9} - C:\Program Files (x86)\Digmyweb\digmyweb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Cobian Backup 10] "C:\Program Files (x86)\Cobian Backup 10\Cobian.exe"

O4 - HKLM\..\Run: [KBDriver] C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\SysWOW64\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe

O4 - HKCU\..\Run: [4B9B38AE4C8290791A3BEA919FBE62CB47D281A8._service_run] "C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://fiorizze.ddns.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/67.11/uploader2.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com.br/Genoogle/Components/ActiveX/SearchEngineQuery.dll

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://fiorizze.ddns.com.br:2222/cab/OCXChecker_8198.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O16 - DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} (DownloadCenter Control) - http://187.39.97.138:2224/cab/DownloadCenter_8200.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: mhtb - (no CLSID) - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Seagate Replica System Monitor (ReplicaSysMon) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: Seagate Replica Service (Seagate-Replica-Svc) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

e agora o log do NbrScan

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/12/13 (ISO 8601) at 17:45:11
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD10EADS-65M2B1 (01.00A01)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 931.5 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 6570E2049F63EFC9B5E7B17469D2E026
MBR_SHA1  : 0ADF89956BDC467AC1C47363ABD1498420E5468F

Device\Harddisk0\Partition1 100.0 Mo   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 931.4 Go   0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02E02000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BA1000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CC8000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D2B000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E8B000
SIZE    : 776.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F4D000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F5D000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FB4000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FBD000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00FC7000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E0D000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E22000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00D89000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\system32\drivers\intelide.sys => Invisible on the disk
ADDRESS : 0x00E37000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00E3F000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00E4F000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\pavboot64.sys => Invisible on the disk
ADDRESS : 0x00E69000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmbus.sys => Invisible on the disk
ADDRESS : 0x01068000
SIZE    : 240.0 Ko

DRIVER  : C:\Windows\system32\drivers\winhv.sys => Invisible on the disk
ADDRESS : 0x010A4000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x010B8000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x010C1000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x010EB000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x010F6000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x01142000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0121E000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01156000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x013C1000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01479000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x014EB000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x014FC000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01506000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x011B4000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x0163E000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x0183F000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\epfwwfp.sys => Invisible on the disk
ADDRESS : 0x01889000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x0189E000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x018AE000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x018FA000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01902000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x0193C000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x0194E000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01957000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01991000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x019A7000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x01613000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\eamonm.sys => Invisible on the disk
ADDRESS : 0x03C2C000
SIZE    : 912.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x03D10000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03D19000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ehdrv.sys => Invisible on the disk
ADDRESS : 0x03D20000
SIZE    : 164.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03D49000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x03D57000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03D7C000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03D8C000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x03D95000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x03D9E000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x03DA7000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03DB2000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x03DC3000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03DE5000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x03A4D000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x03AD6000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x03B1B000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x03B24000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\EpfwLWF.sys => Invisible on the disk
ADDRESS : 0x03B4A000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x03B57000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x03B66000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x03B83000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x03B9E000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x03BB2000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03BBE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x03BC9000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x03EC0000
SIZE    : 524.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x03F43000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03F61000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x03F72000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x03F98000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04845000
SIZE    : 10.13 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x05266000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0535A000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x053A0000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x053C4000
SIZE    : 200.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x04800000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x0480D000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x0481E000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x03E56000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x03E73000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x0482A000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x03E91000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x03EA1000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x03FAE000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x04839000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x03A00000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x03FD2000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x03BD8000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x03A2F000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\teamviewervpn.sys => Invisible on the disk
ADDRESS : 0x03FED000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tap0901.sys => Invisible on the disk
ADDRESS : 0x03DF2000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x03C0B000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x053F6000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x042FC000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x0433F000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x04351000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x043AB000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x05A66000
SIZE    : 2.36 Mo

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x05CC3000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x05D00000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x05D22000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the disk
ADDRESS : 0x05D28000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x05D45000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x05D53000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x05D5F000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x05D68000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x05D7B000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x05D89000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x05DA2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x05DAB000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x05DAD000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x05DBA000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk
ADDRESS : 0x05DD7000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk
ADDRESS : 0x05DE8000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\dot4usb.sys => Invisible on the disk
ADDRESS : 0x05A00000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Dot4.sys => Invisible on the disk
ADDRESS : 0x05A10000
SIZE    : 160.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Dot4Prt.sys => Invisible on the disk
ADDRESS : 0x05A38000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000A0000
SIZE    : 3.09 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x05A42000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ZS211.sys => Invisible on the disk
ADDRESS : 0x0203D000
SIZE    : 1.43 Mo

DRIVER  : C:\Windows\System32\Drivers\STREAM.SYS => Invisible on the disk
ADDRESS : 0x021AA000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\vvftav211.sys => Invisible on the disk
ADDRESS : 0x04200000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x021BB000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x021C9000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00530000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00660000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x02000000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\epfw.sys => Invisible on the disk
ADDRESS : 0x0424C000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x02023000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x021E4000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03477000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03540000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x0355E000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03576000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x035A3000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x03400000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\npf.sys => Invisible on the disk
ADDRESS : 0x0343C000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x054C2000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x05568000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x05573000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x055A4000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x05400000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x06CCC000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x06D64000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x06DB7000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x480A0000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 99 CD 08 00 00 00 80 20   em...c{..Í..... 
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 38 6D 74 00 00   ...þ...(...8mt..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Muito obrigada

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Agora o log do HijachThis

Um observação: quando ele começa a rodar aparece a seguinte msg:

Para o HijackThis não dar esse erro, clique com o direito sobre o hijackthis.exe e selecione run_as_adm1.png

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:

http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:

Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png .

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs /all

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%(x86)\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

%appdata%\*.*

%programdata%\*.*

%programdata%\*.exe /s

%programdata%\*.dll /s

%PROGRAMFILES%\Internet Explorer\*.*

C:\windows\system32\Tasks\*.* /64

%windir%\tasks\*.*

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP

HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp

/md5start

services.*

/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip e anexe-os à sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Carlos

segue o novo log do Hijack

Logfile of HijackThis v1.99.1

Scan saved at 13:39:27, on 14/12/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:

C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe

C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files (x86)\Cobian Backup 10\Cobian.exe

C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Windows\SysWOW64\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe

C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe

C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Tray.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\v8200\DMMultiView\MultiView.exe

C:\Program Files (x86)\Avant Browser\avant.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Users\Admin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)

O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll (file missing)

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll

O2 - BHO: Digmyweb - {C77451B0-1E53-48db-9692-12ED498889C9} - C:\Program Files (x86)\Digmyweb\digmyweb.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Cobian Backup 10] "C:\Program Files (x86)\Cobian Backup 10\Cobian.exe"

O4 - HKLM\..\Run: [KBDriver] C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\SysWOW64\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe

O4 - HKCU\..\Run: [4B9B38AE4C8290791A3BEA919FBE62CB47D281A8._service_run] "C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://fiorizze.ddns.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.goo...1/uploader2.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritag...geUploader5.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://fiorizze.ddns...hecker_8198.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab

O16 - DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} (DownloadCenter Control) - http://187.39.97.138...Center_8200.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: mhtb - (no CLSID) - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Seagate Replica System Monitor (ReplicaSysMon) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: Seagate Replica Service (Seagate-Replica-Svc) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

OTL.rar

Extras.rar

Editado por Elizabeth

Compartilhar este post


Link para o post
Compartilhar em outros sites

Elizabeth,

  • Configure seu windows para mostrar todos os Arquivos Ocultos <-link
  • Por favor, clique neste link -> Virustotal
  • Quando a página VirusTotal terminar de carregar, clique no botão chosefile.png.
    Na janela para escolher o arquivo, na caixa Nome do Arquivo cole esta linha abaixo:
    C:\Windows\system32\drivers\gbpkm.sys
    Atente para o nome correto do arquivo
  • Após ter carregado o arquivo na caixa de dialogo, clique em scanit.png
  • Note, se o VirusTotal informar que esses arquivos já foram analisados, certifique-se de clicar em reanalyse.png
  • Após o término da análise, copie o link/URL e/ou o Endereço da barra de endereços do Navegador, e cole no Próximo Post.
  • Por favor, repita o processo para o arquivo abaixo:
    • C:\Users\Admin\Desktop\gbpluginabnsetup.exe

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O"

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=742df3f8000000000000e0cb4e9a9b85&tlver=1.4.19.19&affID=17160
IE - HKLM\..\SearchScopes,DefaultScope = {92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
IE - HKLM\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851643
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={9877CC5E-329C-471F-A4E8-68B43C0E4A23}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{77DAF60F-BE7B-467F-87A6-CEF3D28DE7FB}: "URL" =
IE - HKCU\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
IE - HKCU\..\SearchScopes\{ABF9D662-3C12-414A-B22D-C68EA43146AA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=S-PV&o=10151&src=kw&q={searchTerms}&locale=pt_BR&apn_ptnrs=A3&apn_dtid=YYYYYYYYBR&apn_uid=E9887353-BAC2-408D-8B4D-96EC878E276D&apn_sauid=F9BB4A09-6A20-4705-BF0C-C21DF6BE131D
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851643
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92822961544476004
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={9877CC5E-329C-471F-A4E8-68B43C0E4A23}
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "PSafe ClikSeguro"
FF - prefs.js..browser.startup.homepage: "http://clikseguro.com/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.10.0.1
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.12.0.10.60
FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.8.0.2.60
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=S-PV&o=10151&locale=pt_BR&apn_uid=E9887353-BAC2-408D-8B4D-96EC878E276D&apn_ptnrs=A3&apn_sauid=F9BB4A09-6A20-4705-BF0C-C21DF6BE131D&apn_dtid=YYYYYYYYBR&&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110823&tt=120912_nocpc_3912_1&babsrc=HP_ss&mntrId=742df3f800000000000000ff6acbb116"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\clikseguro@psafe.com: C:\Program Files (x86)\PSafe\ClikSeguro\\ffext
[2012/11/06 09:20:05 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2012/11/06 09:19:43 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2012/10/01 19:51:32 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/11/21 20:28:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com
[2012/11/27 11:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\crossriderapp12687@crossrider.com\chrome\content\extensionCode
[2012/11/09 08:09:38 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/11/21 20:28:07 | 000,002,324 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\askcom.xml
[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\browsemngr.xml
[2012/11/29 10:07:47 | 000,000,769 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\clikseguro.xml
[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\mngr.xml
[2011/09/10 16:57:29 | 000,002,207 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\MyStart Search.xml
[2012/11/03 12:40:27 | 000,004,002 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\sweetim.xml
[2012/06/20 09:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/11/21 18:40:50 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: Ask Toolbar = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\
O2 - BHO: (no name) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - No CLSID value found.
O2 - BHO: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - No CLSID value found.
O2 - BHO: (PSafe ClikSeguro) - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll File not found
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Digmyweb) - {C77451B0-1E53-48db-9692-12ED498889C9} - C:\Program Files (x86)\Digmyweb\digmyweb.dll (Digmyweb)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8560
[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8530
[2012/11/21 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/11/21 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\APN
[2012/11/21 20:11:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/20 09:57:41 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\PSafe.lnk
[2012/09/25 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon[2012/09/18 19:36:58 | 000,003,310 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate
[2012/11/21 20:28:00 | 000,003,818 | ---- | M] () -- C:\Windows\SysNative\Tasks\Scheduled Update for Ask Toolbar

:Files
ipconfig /flushdns /c

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClickMeIn Packages" =-
"{79A765E1-C399-405B-85AF-466F52E918B0}" =-

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix

http://download.blee...Bs/ComboFix.exe

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Carlos,

Não foi possível colar C:\Windows\system32\drivers\gbpkm.sys no virus total, aparece que o arquivo não foi encontrado. O arquivo aparece na pasta mas não está acessível, a assinatura digital é do Itaú e foi modificado

em outubro, daí não consegui realizar os outros procedimentos.

Aguardo novas instruções

Obrigada

Elizabeth

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Aguardo novas instruções

Prossiga com as outras instruções. :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Carlos

estou com um problemão

fiz todos os procedimentos,inclusive o combofix, o Pc reiniciou e dai não consigo abrir nada, aparece a msg

Tentativa de operação ilegal em uma chave de registro marcada para exclusão,

Aguardo suas instruções

Obrigada

Elizabeth (estou em outro PC)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Carlos

estou com um problemão

fiz todos os procedimentos,inclusive o combofix, o Pc reiniciou e dai não consigo abrir nada, aparece a msg

Tentativa de operação ilegal em uma chave de registro marcada para exclusão,

Aguardo suas instruções

Obrigada

Elizabeth (estou em outro PC)

Ao ocorrer este erro,basta reiniciar o computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, obrigada

https://www.virustot...ename=gbpkm.sys

https://www.virustot...uginabnsetup.ex

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

IE - HKLM\..\SearchScopes,DefaultScope = {92001F8A-C36B-473A-91E7-5BE0C81CF2B3}

IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKLM\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.co...q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2851643

IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-68B43C0E4A23}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found

IE - HKCU\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No CLSID value found

IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{77DAF60F-BE7B-467F-87A6-CEF3D28DE7FB}: "URL" =

IE - HKCU\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.co...q={searchTerms}

IE - HKCU\..\SearchScopes\{ABF9D662-3C12-414A-B22D-C68EA43146AA}: "URL" = http://websearch.ask...0C-C21DF6BE131D

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2851643

IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...822961544476004

IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...8-68B43C0E4A23}

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "PSafe ClikSeguro"

FF - prefs.js..browser.startup.homepage: "http://clikseguro.com/"

FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0

FF - prefs.js..extensions.enabledAddons: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.10.0.1

FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0

FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216

FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.12.0.10.60

FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.8.0.2.60

FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYBR&&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://search.babylo...0000ff6acbb116"

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\clikseguro@psafe.com: C:\Program Files (x86)\PSafe\ClikSeguro\\ffext

[2012/11/06 09:20:05 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

[2012/11/06 09:19:43 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}

[2012/10/01 19:51:32 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2012/11/21 20:28:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com

[2012/11/27 11:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\crossriderapp12687@crossrider.com\chrome\content\extensionCode

[2012/11/09 08:09:38 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2012/11/21 20:28:07 | 000,002,324 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\askcom.xml

[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\browsemngr.xml

[2012/11/29 10:07:47 | 000,000,769 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\clikseguro.xml

[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\mngr.xml

[2011/09/10 16:57:29 | 000,002,207 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\MyStart Search.xml

[2012/11/03 12:40:27 | 000,004,002 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\sweetim.xml

[2012/06/20 09:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/11/21 18:40:50 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

CHR - Extension: Ask Toolbar = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\

O2 - BHO: (no name) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - No CLSID value found.

O2 - BHO: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - No CLSID value found.

O2 - BHO: (PSafe ClikSeguro) - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll File not found

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Digmyweb) - {C77451B0-1E53-48db-9692-12ED498889C9} - C:\Program Files (x86)\Digmyweb\digmyweb.dll (Digmyweb)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8560

[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8530

[2012/11/21 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

[2012/11/21 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\APN

[2012/11/21 20:11:01 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/11/20 09:57:41 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\PSafe.lnk

[2012/09/25 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon[2012/09/18 19:36:58 | 000,003,310 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate

[2012/11/21 20:28:00 | 000,003,818 | ---- | M] () -- C:\Windows\SysNative\Tasks\Scheduled Update for Ask Toolbar

:Files

ipconfig /flushdns /c

:reg

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ClickMeIn Packages" =-

"{79A765E1-C399-405B-85AF-466F52E918B0}" =-

:Commands

[createrestorepoint]

[purity]

[emptytemp]

All processes killed

Error: Unable to interpret <:OTLIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo...9&affID=17160IE - HKLM\..\SearchScopes,DefaultScope = {92001F8A-C36B-473A-91E7-5BE0C81CF2B3}IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....{searchTerms}IE - HKLM\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.co...{searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...tid=CT2851643IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...{searchTerms}IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-0> in the current context!

Error: Unable to interpret <01320C79847}: "URL" = http://search.sweeti...68B43C0E4A23}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value foundIE - HKCU\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No CLSID value foundIE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKCU\..\SearchScopes\{77DAF60F-BE7B-467F-87A6-CEF3D28DE7FB}: "URL" =IE - HKCU\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.co...l5v6i2u&ie=ISO> in the current context!

Error: Unable to interpret <-8859-1&q={searchTerms}IE - HKCU\..\SearchScopes\{ABF9D662-3C12-414A-B22D-C68EA43146AA}: "URL" = http://websearch.ask...-C21DF6BE131DIE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...tid=CT2851643IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...2961544476004IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...68B43C0E4A23}FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.selectedEngine: "PSafe ClikSeguro"FF - prefs.js..browser.startup.homepage: "http://clikseguro.com/"FF - prefs.js..extens> in the current context!

Error: Unable to interpret <ions.enabledAddons: ffxtlbr@babylon.com:1.5.0FF - prefs.js..extensions.enabledAddons: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.10.0.1FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.12.0.10.60FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.8.0.2.60FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYBR&&q="FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"FF - prefs.js..browser.startup.homepage: "http://search.babylo...12_1&babsrc=HP> in the current context!

Error: Unable to interpret <_ss&mntrId=742df3f800000000000000ff6acbb116"FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\clikseguro@psafe.com: C:\Program Files (x86)\PSafe\ClikSeguro\\ffext[2012/11/06 09:20:05 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}[2012/11/06 09:19:43 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}[2012/10/01 19:51:32 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}[2012/11/21 20:28:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\t> in the current context!

Error: Unable to interpret <oolbar@ask.com[2012/11/27 11:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\crossriderapp12687@crossrider.com\chrome\content\extensionCode[2012/11/09 08:09:38 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi[2012/11/21 20:28:07 | 000,002,324 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\askcom.xml[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\browsemngr.xml[2012/11/29 10:07:47 | 000,000,769 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\clikseguro.xml[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\mngr.> in the current context!

Error: Unable to interpret <xml[2011/09/10 16:57:29 | 000,002,207 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\MyStart Search.xml[2012/11/03 12:40:27 | 000,004,002 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\sweetim.xml[2012/06/20 09:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions[2012/11/21 18:40:50 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xmlCHR - Extension: Ask Toolbar = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\O2 - BHO: (no name) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - No CLSID value found.O2 - BHO: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - No CLSID value found.O2 - BHO: (PSafe ClikSeguro) - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll File not foundO2 - BHO: (DealPly) > in the current context!

Error: Unable to interpret <- {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)O2 - BHO: (Digmyweb) - {C77451B0-1E53-48db-9692-12ED498889C9} - C:\Program Files (x86)\Digmyweb\digmyweb.dll (Digmyweb)O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (no name) > in the current context!

Error: Unable to interpret <- {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8560[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8530[2012/11/21 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com[2012/11/21 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\APN[2012/11/21 20:11:01 | 000,000,000 | ---D | C] -- C:\Windows\pss[2012/11/20 09:57:41 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\PSafe.lnk[2012/09/25 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon[2012/09/18 19:36:58 | 000,003,310 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate[2012/11/21 20:28:00 | 000,003,818 | ---- | M] () -- C:\Windows\SysNative\Tasks\Scheduled Update for Ask Toolbar:Filesipconfig /flushdns /c:reg[-HKEY_CURRENT_USER\> in the current context!

Error: Unable to interpret <Software\Microsoft\Windows\CurrentVersion\Policies\Associations][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"ClickMeIn Packages" =-"{79A765E1-C399-405B-85AF-466F52E918B0}" =-:Commands[createrestorepoint][purity][emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12162012_091742

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

combofix 1612.rar

Editado por Elizabeth

Compartilhar este post


Link para o post
Compartilhar em outros sites

Elizabeth,

Você não rodou o OTL corretamente. Repita novamente conforme abaixo:

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O"

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=742df3f8000000000000e0cb4e9a9b85&tlver=1.4.19.19&affID=17160
IE - HKLM\..\SearchScopes,DefaultScope = {92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
IE - HKLM\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851643
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={9877CC5E-329C-471F-A4E8-68B43C0E4A23}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{77DAF60F-BE7B-467F-87A6-CEF3D28DE7FB}: "URL" =
IE - HKCU\..\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}: "URL" = http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}
IE - HKCU\..\SearchScopes\{ABF9D662-3C12-414A-B22D-C68EA43146AA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=S-PV&o=10151&src=kw&q={searchTerms}&locale=pt_BR&apn_ptnrs=A3&apn_dtid=YYYYYYYYBR&apn_uid=E9887353-BAC2-408D-8B4D-96EC878E276D&apn_sauid=F9BB4A09-6A20-4705-BF0C-C21DF6BE131D
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851643
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92822961544476004
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={9877CC5E-329C-471F-A4E8-68B43C0E4A23}
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "PSafe ClikSeguro"
FF - prefs.js..browser.startup.homepage: "http://clikseguro.com/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.10.0.1
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.12.0.10.60
FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.8.0.2.60
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=S-PV&o=10151&locale=pt_BR&apn_uid=E9887353-BAC2-408D-8B4D-96EC878E276D&apn_ptnrs=A3&apn_sauid=F9BB4A09-6A20-4705-BF0C-C21DF6BE131D&apn_dtid=YYYYYYYYBR&&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110823&tt=120912_nocpc_3912_1&babsrc=HP_ss&mntrId=742df3f800000000000000ff6acbb116"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\clikseguro@psafe.com: C:\Program Files (x86)\PSafe\ClikSeguro\\ffext
[2012/11/06 09:20:05 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2012/11/06 09:19:43 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2012/10/01 19:51:32 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/11/21 20:28:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com
[2012/11/27 11:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\crossriderapp12687@crossrider.com\chrome\content\extensionCode
[2012/11/09 08:09:38 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/11/21 20:28:07 | 000,002,324 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\askcom.xml
[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\browsemngr.xml
[2012/11/29 10:07:47 | 000,000,769 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\clikseguro.xml
[2012/11/20 09:56:25 | 000,002,536 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\mngr.xml
[2011/09/10 16:57:29 | 000,002,207 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\MyStart Search.xml
[2012/11/03 12:40:27 | 000,004,002 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\sweetim.xml
[2012/06/20 09:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/11/21 18:40:50 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: Ask Toolbar = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\
O2 - BHO: (no name) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - No CLSID value found.
O2 - BHO: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - No CLSID value found.
O2 - BHO: (PSafe ClikSeguro) - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll File not found
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Digmyweb) - {C77451B0-1E53-48db-9692-12ED498889C9} - C:\Program Files (x86)\Digmyweb\digmyweb.dll (Digmyweb)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8560
[2012/12/04 22:03:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\v8530
[2012/11/21 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/11/21 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\APN
[2012/11/21 20:11:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/20 09:57:41 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\PSafe.lnk
[2012/09/25 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon[2012/09/18 19:36:58 | 000,003,310 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate
[2012/11/21 20:28:00 | 000,003,818 | ---- | M] () -- C:\Windows\SysNative\Tasks\Scheduled Update for Ask Toolbar

:Files
ipconfig /flushdns /c

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClickMeIn Packages" =-
"{79A765E1-C399-405B-85AF-466F52E918B0}" =-

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, aqui está o log:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e0301295-ab3e-4af3-979f-3d453c5f9f48} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77DAF60F-BE7B-467F-87A6-CEF3D28DE7FB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77DAF60F-BE7B-467F-87A6-CEF3D28DE7FB}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABF9D662-3C12-414A-B22D-C68EA43146AA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABF9D662-3C12-414A-B22D-C68EA43146AA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "PSafe ClikSeguro" removed from browser.search.selectedEngine

Prefs.js: "http://clikseguro.com/" removed from browser.startup.homepage

Prefs.js: ffxtlbr@babylon.com:1.5.0 removed from extensions.enabledAddons

Prefs.js: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.10.0.1 removed from extensions.enabledAddons

Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledAddons

Prefs.js: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3 removed from extensions.enabledAddons

Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216 removed from extensions.enabledAddons

Prefs.js: {87F8774F-B485-47E2-A755-A40A8A5E8874}:2.12.0.10.60 removed from extensions.enabledAddons

Prefs.js: {87F8774F-B485-47E2-A755-A40A8A5E886C}:2.8.0.2.60 removed from extensions.enabledAddons

Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=S-PV&o=10151&locale=pt_BR&apn_uid=E9887353-BAC2-408D-8B4D-96EC878E276D&apn_ptnrs=A3&apn_sauid=F9BB4A09-6A20-4705-BF0C-C21DF6BE131D&apn_dtid=YYYYYYYYBR&&q=" removed from keyword.URL

Prefs.js: "Search the web (Babylon)" removed from sweetim.toolbar.previous.browser.search.selectedEngine

Prefs.js: "http://search.babylon.com/?affID=110823&tt=120912_nocpc_3912_1&babsrc=HP_ss&mntrId=742df3f800000000000000ff6acbb116" removed from browser.startup.homepage

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\clikseguro@psafe.com deleted successfully.

File C:\Program Files (x86)\PSafe\ClikSeguro\\ffext not found.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\plugins folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\META-INF folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\searchplugin folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\modules folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\META-INF folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\defaults folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\chrome folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\toolbar@ask.com folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\r5o8avol.default\extensions\crossriderapp12687@crossrider.com\chrome\content\extensionCode folder moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\askcom.xml moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\browsemngr.xml moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\clikseguro.xml moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\mngr.xml moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\MyStart Search.xml moved successfully.

C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\r5o8avol.default\searchplugins\sweetim.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions folder moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\tb_ux folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\lib folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\content_script\hack folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\content_script folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\config\skin\js folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\config\skin\images folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\config\skin\css folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\config\skin folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\config\locales\en folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\config\locales folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\config folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0\background folder moved successfully.

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapjanjmpekndokbeikcfkglmcedkn\7.15.9.31406_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{802D2971-E7C7-4219-8D5C-AFDCD0DA939E}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.

File C:\Program Files (x86)\DealPly\DealPlyIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C77451B0-1E53-48db-9692-12ED498889C9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C77451B0-1E53-48db-9692-12ED498889C9}\ deleted successfully.

C:\Program Files (x86)\Digmyweb\digmyweb.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.

File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.

File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.

C:\Windows\SysWow64\v8560\GEO-MPEG4-ASP\2012.9.6.18.14 folder moved successfully.

C:\Windows\SysWow64\v8560\GEO-MPEG4-ASP folder moved successfully.

C:\Windows\SysWow64\v8560\GEO-H264-V2\2012.9.6.10.37 folder moved successfully.

C:\Windows\SysWow64\v8560\GEO-H264-V2 folder moved successfully.

C:\Windows\SysWow64\v8560 folder moved successfully.

C:\Windows\SysWow64\v8530\GEO-JPEG\2011.12.19.20.40 folder moved successfully.

C:\Windows\SysWow64\v8530\GEO-JPEG folder moved successfully.

C:\Windows\SysWow64\v8530 folder moved successfully.

C:\Program Files (x86)\Ask.com\Updater folder moved successfully.

C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.

C:\Program Files (x86)\Ask.com\assets folder moved successfully.

C:\Program Files (x86)\Ask.com folder moved successfully.

C:\Users\Admin\AppData\Local\APN\GoogleCRXs folder moved successfully.

C:\Users\Admin\AppData\Local\APN folder moved successfully.

C:\Windows\pss folder moved successfully.

File C:\Users\Public\Desktop\PSafe.lnk not found.

Folder C:\Users\Admin\AppData\Roaming\Babylon[2012/09/18 19:36:58 | 000,003,310 | ---- | M] () -- C:\Windows\SysNative\Tasks\DealPlyUpdate\ not found.

C:\Windows\SysNative\Tasks\Scheduled Update for Ask Toolbar moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

C:\Users\Admin\Downloads\cmd.bat deleted successfully.

C:\Users\Admin\Downloads\cmd.txt deleted successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ClickMeIn Packages not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{79A765E1-C399-405B-85AF-466F52E918B0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79A765E1-C399-405B-85AF-466F52E918B0}\ not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: 2011-11 (nov)

->Temp folder emptied: 0 bytes

User: Admin

->Temp folder emptied: 4890035 bytes

->Temporary Internet Files folder emptied: 7217535 bytes

->Java cache emptied: 462073 bytes

->FireFox cache emptied: 22853549 bytes

->Google Chrome cache emptied: 39749820 bytes

->Flash cache emptied: 506 bytes

User: All Users

User: Convidado

->Temp folder emptied: 2142 bytes

->Temporary Internet Files folder emptied: 49822 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10824 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 1094 bytes

Total Files Cleaned = 72,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12172012_091104

Files\Folders moved on Reboot...

C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Admin\AppData\Local\Temp\qt_temp.Hp2908 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

1)

Baixe o AdwCleaner e salve no desktop.

http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Delete.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Poste um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Carlos

segue novo log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 22:08:57, on 17/12/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:

C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe

C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Cobian Backup 10\Cobian.exe

C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe

C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe

C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Tray.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Avant Browser\avant.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Program Files (x86)\Avant Browser\ybrowser.exe

C:\Windows\SysWOW64\notepad.exe

C:\Users\Admin\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Cobian Backup 10] "C:\Program Files (x86)\Cobian Backup 10\Cobian.exe"

O4 - HKLM\..\Run: [KBDriver] C:\Program Files (x86)\Keyboard Driver\OEMDriver.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\SysWOW64\WatchData\Watchdata Brazil CSP v1.0\BBCertM32.exe

O4 - HKCU\..\Run: [4B9B38AE4C8290791A3BEA919FBE62CB47D281A8._service_run] "C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://fiorizze.ddns.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/67.11/uploader2.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com.br/Genoogle/Components/ActiveX/SearchEngineQuery.dll

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://fiorizze.ddns.com.br:2222/cab/OCXChecker_8198.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O16 - DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} (DownloadCenter Control) - http://187.39.97.138:2224/cab/DownloadCenter_8200.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: mhtb - (no CLSID) - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~2\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Version Cue CS4 - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Seagate Replica System Monitor (ReplicaSysMon) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\ReplicaSysMon.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: Seagate Replica Service (Seagate-Replica-Svc) - Seagate Technology LLC - C:\Program Files (x86)\Seagate Replica\bin\Seagate-Replica-Svc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

AdwCleanerS1.txt 1712.txt

JRT.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça download do Microsoft Safety Scanner.

  • Execute a ferramenta, selecione Aceitar, depois em Avançar.
  • Na outra tela clique em Avançar novamente. Depois selecione Exame Geral e depois em avançar.
  • O exame irá começar, tenha paciência ele é demorado.
  • Quando terminar clique em Finish e depois em Ok.
  • O log do programa ficará localizado em C:\Windows\Debug\msert.log , abra esse arquivo, copie o conteúdo e cole-o na íntegra na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Microsoft Safety Scanner v1.0, (build 1.141.2125.0)

Started On Tue Dec 18 06:36:30 2012

Extended Scan Results

----------------

->Scan ERROR: resource process://pid:784 (code 0x00000005 (5))

->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\hiberfil.sys (code 0x0000054F (1359))

->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))

->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{429734c8-48f1-11e2-b22a-e0cb4e9a9b85}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{4d8a29f3-465c-11e2-9cb7-e0cb4e9a9b85}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{98a6a283-4835-11e2-a8ce-e0cb4e9a9b85}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{acad104a-42e9-11e2-a069-e0cb4e9a9b85}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{cace1368-4560-11e2-a4bd-e0cb4e9a9b85}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{e597379b-4845-11e2-860b-e0cb4e9a9b85}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

->Scan ERROR: resource file://C:\System Volume Information\{f62f48c9-4780-11e2-8dba-e0cb4e9a9b85}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))

Threat detected: HackTool:Win32/Keygen

containerfile://C:\Windows\PJ\Win7loader 1.7.7\Win7loader.zip

file://C:\Windows\PJ\Win7loader 1.7.7\Win7loader.exe

SigSeq: 0x00001667451F946F

SHA1: 58CBAFF2C5473290CEEE8C895455DF5AF140D1C5

file://C:\Windows\PJ\Win7loader 1.7.7\Win7loader.zip->Win7loader.exe

SigSeq: 0x00001667451F946F

SHA1: 58CBAFF2C5473290CEEE8C895455DF5AF140D1C5

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Como está seu computador?

1 pessoa curtiu isso

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Carlos,

melhorou bastante, parou de travar.

  • O WMP ainda não abre, aparece a msg

" Não é possível acessar o arquivo. Talvez o arquivo esteja em uso, você não tenha acesso ao computador no qual o arquivo está armazenado ou suas configurações de proxy não estejam corretas."

  • Não estou recebendo msgs do uol no outlook, consigo enviá-la somente, não sei se esses problemas são da sua área.

Obs: Quando executei o Microsoft Safety Scanner, demorou tanto que tive que sair e deixei rodando e vi que indicava 2 vírus, quando voltei o PC desligou sozinho, não cliquei em finish.

Obrigada

Elizabeth

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

Vamos fazer mais uma verificação.

1)

Desative temporiariamente seu AntiVirus

  • Utilize o Navegador Internet Explorer para utilizar o serviço!
  • Acesse o site AQUI
  • Faça o scan de acordo com a imagem abaixo:
    nWRSC.gif
  • Ao final da verificação marque a caixa "Delete Quarantined files" e clique em [FINISH]
    Será gerado um relatório, que estará em:

C:\Arquivos de programas\EsetOnlineScanner\log.txt

Ou

C:\Arquivos de programas\Eset\EsetOnlineScanner\log.txt

Poste esse log.

2)

Poste um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Carlos

está bem dificil utilizar o IE, cai a toda hora.

Estou colando o log do Eset mas não tenho certeza seé esse a que você se refere:

C:\Program Files\Nero.8.2.8.0.pt-br\Nero-8.2.8.0_ptb_trial.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

C:\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined

C:\Program Files (x86)\Wifi Protector Extension\Wifi Protector Extension.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined

C:\Users\Admin\Downloads\925174_Web-Radio-Toolbar_45140-DW.exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined

C:\Users\Admin\Downloads\clickmein_setup.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined

C:\Users\Admin\Downloads\registrybooster(1).exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Users\Admin\Downloads\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined

C:\Users\Admin\Downloads\win7codecs-391-baixaki-32-bits.exe a variant of Win32/InstallCore.BA application cleaned by deleting - quarantined

C:\Users\Admin\Downloads\WinRARSDM.exe a variant of Win32/SweetIM.C application cleaned by deleting - quarantined

hijackthis.log1912.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Elizabeth.

1)

Baixe e execute o MiniToolBox (por Farbar)

Selecione as opções:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Feche todos os seus navegadores e clique no botão Go.

Aguarde a ferramenta terminar o scan (é bem rapido) e ao final será aberto um bloco de notas.

Copie e cole o conteúdo desse bloco de notas na sua proxima resposta.

NOTA: Quando a opção "Reset FF Proxy Settings", o Fixefox deve ser fechado.

2)

Baixe o RogueKiller e salve no desktop. e salve no desktop.

http://www.sur-la-to...RogueKiller.exe

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique no botâo Scan e aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Desativei o Antivirus e fiz o procedimento e o resultado está aqui colado, repeti o procedimento com o antivirus ativado e está anexado (não sei se há diferença)

MiniToolBox by Farbar Version: 25-11-2012

Ran by Admin (administrator) on 20-12-2012 at 14:27:25

Running from "C:\Users\Admin\Downloads"

Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Conexão local (Connected)

TeamViewer VPN Adapter = Conexão local 3 (Media disconnected)

TAP-Win32 Adapter V9 = Conexão local 2 (Media disconnected)

# ----------------------------------

# Configura‡Æo de IPv4

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# Final da configura‡Æo IPv4

Configura‡Æo de IP do Windows

Nome do host. . . . . . . . . . . . . . . . : Admin-PC

Sufixo DNS prim rio . . . . . . . . . . . . :

Tipo de n¢. . . . . . . . . . . . . . . . . : h¡brido

Roteamento de IP ativado. . . . . . . . . . : nÆo

Proxy WINS ativado. . . . . . . . . . . . . : nÆo

Adaptador Ethernet ConexÆo local 3:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada

Sufixo DNS espec¡fico de conexÆo. . . . . . :

Descri‡Æo . . . . . . . . . . . . . . . . . : TeamViewer VPN Adapter

Endere‡o F¡sico . . . . . . . . . . . . . . : 00-FF-9C-D1-D0-83

DHCP Habilitado . . . . . . . . . . . . . . : Sim

Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador Ethernet ConexÆo local 2:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada

Sufixo DNS espec¡fico de conexÆo. . . . . . :

Descri‡Æo . . . . . . . . . . . . . . . . . : TAP-Win32 Adapter V9

Endere‡o F¡sico . . . . . . . . . . . . . . : 00-FF-DA-AB-C0-AC

DHCP Habilitado . . . . . . . . . . . . . . : Sim

Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador Ethernet ConexÆo local:

Sufixo DNS espec¡fico de conexÆo. . . . . . :

Descri‡Æo . . . . . . . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)

Endere‡o F¡sico . . . . . . . . . . . . . . : E0-CB-4E-9A-9B-85

DHCP Habilitado . . . . . . . . . . . . . . : Sim

Configura‡Æo Autom tica Habilitada. . . . . : Sim

Endere‡o IPv6 de link local . . . . . . . . : fe80::741a:ccb7:7a9d:5151%10(Preferencial)

Endere‡o IPv4. . . . . . . . . . . . . . . : 192.168.1.103(Preferencial)

M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0

ConcessÆo Obtida. . . . . . . . . . . . . . : quinta-feira, 20 de dezembro de 2012 12:43:40

ConcessÆo Expira. . . . . . . . . . . . . . : sexta-feira, 21 de dezembro de 2012 12:43:40

Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.1.1

Servidor DHCP . . . . . . . . . . . . . . . : 192.168.1.1

IAID de DHCPv6. . . . . . . . . . . . . . . : 249613134

DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-13-74-78-C3-E0-CB-4E-9A-9B-85

Servidores DNS. . . . . . . . . . . . . . . : 189.7.240.16

189.7.240.15

NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador de t£nel isatap.{9CD1D083-72C7-49FE-A830-091478BAE293}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada

Sufixo DNS espec¡fico de conexÆo. . . . . . :

Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP

Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Habilitado . . . . . . . . . . . . . . : NÆo

Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

Sufixo DNS espec¡fico de conexÆo. . . . . . :

Descri‡Æo . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Habilitado . . . . . . . . . . . . . . : NÆo

Configura‡Æo Autom tica Habilitada. . . . . : Sim

Endere‡o IPv6 . . . . . . . . . . . . . . . : 2001:0:9d38:953c:381f:37bd:3f57:fe98(Preferencial)

Endere‡o IPv6 de link local . . . . . . . . : fe80::381f:37bd:3f57:fe98%15(Preferencial)

Gateway PadrÆo. . . . . . . . . . . . . . . : ::

NetBIOS em Tcpip. . . . . . . . . . . . . . : Desabilitado

Adaptador de t£nel isatap.{C86D2ED4-52F7-4DE1-916B-677BE06710AB}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada

Sufixo DNS espec¡fico de conexÆo. . . . . . :

Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #2

Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Habilitado . . . . . . . . . . . . . . : NÆo

Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{DAABC0AC-8D58-4FE6-89FB-09CFDFB72ABD}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada

Sufixo DNS espec¡fico de conexÆo. . . . . . :

Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #3

Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Habilitado . . . . . . . . . . . . . . : NÆo

Configura‡Æo Autom tica Habilitada. . . . . : Sim

Servidor: bd07f010.virtua.com.br

Address: 189.7.240.16

Nome: google.com

Addresses: 2607:f8b0:4008:803::1001

173.194.37.5

173.194.37.6

173.194.37.7

173.194.37.8

173.194.37.9

173.194.37.14

173.194.37.0

173.194.37.1

173.194.37.2

173.194.37.3

173.194.37.4

Disparando google.com [173.194.37.3] com 32 bytes de dados:

Resposta de 173.194.37.3: bytes=32 tempo=190ms TTL=54

Resposta de 173.194.37.3: bytes=32 tempo=127ms TTL=54

Estat¡sticas do Ping para 173.194.37.3:

Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de

perda),

Aproximar um n£mero redondo de vezes em milissegundos:

M¡nimo = 127ms, M ximo = 190ms, M‚dia = 158ms

Servidor: bd07f010.virtua.com.br

Address: 189.7.240.16

Nome: yahoo.com

Addresses: 98.139.183.24

72.30.38.140

98.138.253.109

Disparando yahoo.com [98.138.253.109] com 32 bytes de dados:

Resposta de 98.138.253.109: bytes=32 tempo=336ms TTL=48

Resposta de 98.138.253.109: bytes=32 tempo=320ms TTL=48

Estat¡sticas do Ping para 98.138.253.109:

Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de

perda),

Aproximar um n£mero redondo de vezes em milissegundos:

M¡nimo = 320ms, M ximo = 336ms, M‚dia = 328ms

Disparando 127.0.0.1 com 32 bytes de dados:

Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Estat¡sticas do Ping para 127.0.0.1:

Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de

perda),

Aproximar um n£mero redondo de vezes em milissegundos:

M¡nimo = 0ms, M ximo = 0ms, M‚dia = 0ms

===========================================================================

Lista de interfaces

18...00 ff 9c d1 d0 83 ......TeamViewer VPN Adapter

16...00 ff da ab c0 ac ......TAP-Win32 Adapter V9

10...e0 cb 4e 9a 9b 85 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)

1...........................Software Loopback Interface 1

12...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP

15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

14...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #2

17...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #3

===========================================================================

Tabela de rotas IPv4

===========================================================================

Rotas ativas:

Endere‡o de rede M scara Ender. gateway Interface Custo

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 20

127.0.0.0 255.0.0.0 No v¡nculo 127.0.0.1 306

127.0.0.1 255.255.255.255 No v¡nculo 127.0.0.1 306

127.255.255.255 255.255.255.255 No v¡nculo 127.0.0.1 306

192.168.1.0 255.255.255.0 No v¡nculo 192.168.1.103 276

192.168.1.103 255.255.255.255 No v¡nculo 192.168.1.103 276

192.168.1.255 255.255.255.255 No v¡nculo 192.168.1.103 276

224.0.0.0 240.0.0.0 No v¡nculo 127.0.0.1 306

224.0.0.0 240.0.0.0 No v¡nculo 192.168.1.103 276

255.255.255.255 255.255.255.255 No v¡nculo 127.0.0.1 306

255.255.255.255 255.255.255.255 No v¡nculo 192.168.1.103 276

===========================================================================

Rotas persistentes:

Nenhuma

Tabela de rotas IPv6

===========================================================================

Rotas ativas:

Se destino de rede de m‚trica Gateway

15 58 ::/0 No v¡nculo

1 306 ::1/128 No v¡nculo

15 58 2001::/32 No v¡nculo

15 306 2001:0:9d38:953c:381f:37bd:3f57:fe98/128

No v¡nculo

10 276 fe80::/64 No v¡nculo

15 306 fe80::/64 No v¡nculo

15 306 fe80::381f:37bd:3f57:fe98/128

No v¡nculo

10 276 fe80::741a:ccb7:7a9d:5151/128

No v¡nculo

1 306 ff00::/8 No v¡nculo

15 306 ff00::/8 No v¡nculo

10 276 ff00::/8 No v¡nculo

===========================================================================

Rotas persistentes:

Nenhuma

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (12/20/2012 02:02:16 PM) (Source: SideBySide) (User: )

Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:.

Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/20/2012 02:02:12 PM) (Source: SideBySide) (User: )

Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2", na linhaC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:.

Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/20/2012 00:46:43 PM) (Source: SecurityCenter) (User: )

Description: O Serviço da Central de Segurança do Windows não pôde estabelecer consultas de evento com o WMI para monitorar Antivírus, Antispyware e Firewall de terceiros.

Error: (12/20/2012 07:40:09 AM) (Source: SecurityCenter) (User: )

Description: O Serviço da Central de Segurança do Windows não pôde estabelecer consultas de evento com o WMI para monitorar Antivírus, Antispyware e Firewall de terceiros.

Error: (12/19/2012 10:16:37 PM) (Source: Application Error) (User: )

Description: Nome de aplicativo com falha: explorer.exe, versão: 6.1.7601.17567, carimbo de hora: 0x4d672ee4

Nome do módulo de falhas: SHELL32.dll, versão: 6.1.7601.17859, carimbo de hora: 0x4fd2dfec

Código de exceção: 0xc0000005

Deslocamento com falha: 0x000000000009a719

Identificação do processo com falha: 0x158c

Hora de início do aplicativo com falha: 0xexplorer.exe0

Caminho do aplicativo com falha: explorer.exe1

FCaminho do módulo de falhas: explorer.exe2

Identificação do Relatório: explorer.exe3

Error: (12/19/2012 09:46:59 PM) (Source: SideBySide) (User: )

Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Erro no arquivo de manifesto ou de diretiva "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2", na linhaC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:.

Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/19/2012 09:36:05 PM) (Source: Application Error) (User: )

Description: Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567, carimbo de hora: 0x4d672ee4

Nome do módulo de falhas: mfc90u.dll, versão: 9.0.30729.6161, carimbo de hora: 0x4dacf630

Código de exceção: 0xc0000005

Deslocamento com falha: 0x0000000000011590

Identificação do processo com falha: 0x12c4

Hora de início do aplicativo com falha: 0xExplorer.exe0

Caminho do aplicativo com falha: Explorer.exe1

FCaminho do módulo de falhas: Explorer.exe2

Identificação do Relatório: Explorer.exe3

Error: (12/18/2012 10:28:55 PM) (Source: Application Error) (User: )

Description: Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17567, carimbo de hora: 0x4d672ee4

Nome do módulo de falhas: mfc90u.dll, versão: 9.0.30729.6161, carimbo de hora: 0x4dacf630

Código de exceção: 0xc0000005

Deslocamento com falha: 0x0000000000011590

Identificação do processo com falha: 0xb04

Hora de início do aplicativo com falha: 0xExplorer.EXE0

Caminho do aplicativo com falha: Explorer.EXE1

FCaminho do módulo de falhas: Explorer.EXE2

Identificação do Relatório: Explorer.EXE3

Error: (12/18/2012 08:41:19 PM) (Source: SecurityCenter) (User: )

Description: O Serviço da Central de Segurança do Windows não pôde estabelecer consultas de evento com o WMI para monitorar Antivírus, Antispyware e Firewall de terceiros.

Error: (12/18/2012 01:54:57 PM) (Source: SecurityCenter) (User: )

Description: O Serviço da Central de Segurança do Windows não pôde estabelecer consultas de evento com o WMI para monitorar Antivírus, Antispyware e Firewall de terceiros.

System errors:

=============

Error: (12/20/2012 00:51:19 PM) (Source: Schannel) (User: AUTORIDADE NT)

Description: Erro fatal ao tentar acessar a chave privada da credencial Server do SSL. O código de erro retornado pelo módulo de criptografia é 0x8009030d. O estado do erro interno é 10001.

Error: (12/20/2012 00:45:06 PM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004002

Error: (12/20/2012 00:44:52 PM) (Source: Service Control Manager) (User: )

Description: O serviço Escuta do Grupo Doméstico terminou com o erro específico de serviço %%-2147467262.

Error: (12/20/2012 00:43:39 PM) (Source: EventLog) (User: )

Description: O desligamento anterior do sistema em 12:39:04 às ?20/?12/?2012 não era esperado.

Error: (12/20/2012 09:26:06 AM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004002

Error: (12/20/2012 09:26:02 AM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004002

Error: (12/20/2012 09:26:01 AM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004002

Error: (12/20/2012 09:26:00 AM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004002

Error: (12/20/2012 07:39:45 AM) (Source: WMPNetworkSvc) (User: )

Description: WMPNetworkSvc0x80004002

Error: (12/20/2012 07:39:41 AM) (Source: Service Control Manager) (User: )

Description: O serviço Escuta do Grupo Doméstico terminou com o erro específico de serviço %%-2147467262.

Microsoft Office Sessions:

=========================

Error: (12/11/2012 10:46:59 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 21320 seconds with 180 seconds of active time. This session ended with a crash.

Error: (05/08/2012 08:00:34 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/27/2012 09:53:19 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8717 seconds with 5400 seconds of active time. This session ended with a crash.

Error: (01/02/2012 09:22:19 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 292 seconds with 180 seconds of active time. This session ended with a crash.

Error: (07/08/2011 09:26:52 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/04/2011 11:59:00 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6545 seconds with 3720 seconds of active time. This session ended with a crash.

Error: (06/27/2011 07:00:46 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 433 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/26/2011 00:29:34 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1928 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/26/2011 11:15:12 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1836 seconds with 1500 seconds of active time. This session ended with a crash.

Error: (06/26/2011 00:40:03 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2012-12-16 09:57:00.992

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-16 09:57:00.960

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-06-06 14:59:59.139

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\hdahelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-06-06 14:59:59.134

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\hdahelper.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)

64 Bit HP CIO Components Installer (Version: 7.2.8)

Acrobat.com (Version: 0.0.0)

Acrobat.com (Version: 1.2.443)

Adobe Acrobat 9 Pro - English, Russian (Version: 9.5.2)

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe AIR (Version: 1.5.3.9120)

Adobe Anchor Service CS4 (Version: 2.0)

Adobe Anchor Service x64 CS4 (Version: 2.0)

Adobe Asset Services CS4 (Version: 4)

Adobe Bridge CS4 (Version: 3)

Adobe CMaps CS4 (Version: 2.0)

Adobe CMaps x64 CS4 (Version: 2.0)

Adobe Color - Photoshop Specific CS4 (Version: 2.0)

Adobe Color EU Extra Settings CS4 (Version: 2.0)

Adobe Color JA Extra Settings CS4 (Version: 2.0)

Adobe Color NA Recommended Settings CS4 (Version: 2.0)

Adobe Color Video Profiles CS CS4 (Version: 2.0)

Adobe Creative Suite 4 Design Premium (Version: 4.0)

Adobe CSI CS4 (Version: 1)

Adobe CSI CS4 x64 (Version: 1)

Adobe Default Language CS4 (Version: 2.0)

Adobe Device Central CS4 (Version: 2)

Adobe Dreamweaver CS4 (Version: 10.0)

Adobe Drive CS4 (Version: 1)

Adobe Drive CS4 x64 (Version: 1)

Adobe Dynamiclink Support (Version: 1)

Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)

Adobe Extension Manager CS4 (Version: 2.0)

Adobe Fireworks CS4 (Version: 10.0)

Adobe Flash CS4 (Version: 10.0)

Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)

Adobe Flash CS4 STI-en (Version: 10.0)

Adobe Flash Player 10 Plugin (Version: 10.0.2.54)

Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)

Adobe Fonts All (Version: 2.0)

Adobe Fonts All x64 (Version: 2.0)

Adobe Illustrator CS4 (Version: 14.0)

Adobe InDesign CS4 (Version: 6.0)

Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)

Adobe InDesign CS4 Common Base Files (Version: 6.0)

Adobe InDesign CS4 Icon Handler (Version: 6.0)

Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)

Adobe Linguistics CS4 (Version: 4.0.0)

Adobe Linguistics CS4 x64 (Version: 4.0.0)

Adobe Media Encoder CS4 (Version: 1.0)

Adobe Media Encoder CS4 Importer (Version: 1.0)

Adobe Media Player (Version: 1.7)

Adobe Output Module (Version: 2.0)

Adobe PDF Library Files CS4 (Version: 9.0)

Adobe PDF Library Files x64 CS4 (Version: 9.0)

Adobe Photoshop CS4 (64 Bit) (Version: 11.0)

Adobe Photoshop CS4 (Version: 11.0)

Adobe Photoshop CS4 Support (Version: 11.0)

Adobe Reader X (10.1.4) - Português (Version: 10.1.4)

Adobe Reader XI - Português (Version: 11.0.00)

Adobe Search for Help (Version: 1.0)

Adobe Service Manager Extension (Version: 1.0)

Adobe Setup (Version: 2.0)

Adobe SGM CS4 (Version: 3.0)

Adobe SING CS4 (Version: 2.0)

Adobe Type Support CS4 (Version: 9.0)

Adobe Type Support x64 CS4 (Version: 9.0)

Adobe Update Manager CS4 (Version: 6.0.0)

Adobe Version Cue CS4 Server (Version: 4.0)

Adobe WinSoft Linguistics Plugin (Version: 1.1)

Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)

Adobe XMP Panels CS4 (Version: 2.0)

AdobeColorCommonSetCMYK (Version: 2.0)

AdobeColorCommonSetRGB (Version: 2.0)

Advanced SystemCare 6 (Version: 6.0)

AIMP2: Audio Tools

AIMP3 (Version: v3.00.985)

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Avant Browser (remove only) (Version: 12.0.0.0)

BB Token Admin Tool (Version: 1.1.0)

BDE 5.2

BufferChm (Version: 140.0.212.000)

Carnê-Leão 2011

Carnê-Leão 2012 (Version: 1.1)

CCleaner (remove only)

CCleaner (Version: 3.01)

ClickMeIn Packages

Cobian Backup 10

Codecs for Windows 7 Pack 4.0.5 (Version: 4.0.5)

Connect (Version: 1.0.0.1)

Controle ActiveX do Windows Live Mesh para Conexões Remotas (Version: 15.4.5722.2)

Copy (Version: 140.0.212.000)

D3DX10 (Version: 15.4.2368.0902)

Destinations (Version: 140.0.77.000)

DeviceDiscovery (Version: 140.0.212.000)

Digmyweb (Version: 0.1.0)

DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000)

DMMultiView

DVD Shrink 3.2

ESET Online Scanner v3

ESET Smart Security (Version: 5.2.9.12)

Exact Audio Copy 1.0beta2 (Version: 1.0beta2)

F4400 (Version: 140.0.696.000)

Firebird 2.0.1

Free DVD Creator version 2.0 (Version: 2.0)

Freemake Video Downloader (Version: 3.0.1)

Galeria de Fotos (Version: 16.4.3503.0728)

Ganhos de Capital 2011

GCAP2010

GeoVision AAC

GeoVision ADPCM

GeoVision H264

GeoVision JPEG

GeoVision MJPG

GeoVision MPEG2

GeoVision MPEG4 ASP

GeoVision MPEG4 AVC

GeoVision MXPG

Google Chrome (Version: 23.0.1271.97)

Google Earth Plug-in (Version: 5.2.1.1588)

Google Earth Plug-in (Version: 6.0.3.2197)

Google Earth Plug-in (Version: 6.1.0.5001)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)

Google Update Helper (Version: 1.3.21.123)

GPBaseService2 (Version: 140.0.211.000)

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)

HijackThis 1.99.1 (Version: 1.99.1)

HP Advisor (Version: 3.3.12286.3436)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (Version: 14.0)

HP Imaging Device Functions 14.0 (Version: 14.0)

HP Product Detection (Version: 11.14.0001)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 14.0 (Version: 14.0)

HP Update (Version: 5.003.001.001)

HPDiagnosticAlert (Version: 1.00.0000)

HPPhotoGadget (Version: 140.0.524.000)

HPProductAssistant (Version: 140.0.212.000)

HPSSupply (Version: 140.0.211.000)

ImgBurn (Version: 2.5.7.0)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2040)

IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (Version: 1.0)

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (Version: 1.0)

Java 7 Update 9 (64-bit) (Version: 7.0.90)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

Java™ 6 Update 18 (Version: 6.0.180)

Java™ 6 Update 31 (64-bit) (Version: 6.0.310)

Java™ 6 Update 33 (Version: 6.0.330)

Junk Mail filter update (Version: 16.4.3503.0728)

kuler (Version: 2.0)

Legacy 7.4 (Version: 7.4 )

Legacy Charting 7.4

Logitech Desktop Messenger

Malwarebytes Anti-Malware versão 1.65.1.1000 (Version: 1.65.1.1000)

MarketResearch (Version: 140.0.212.000)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook Connector (Version: 14.0.5118.5000)

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 4.1.10329.0)

Microsoft SkyDrive (Version: 17.0.2003.1112)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft XML Parser (Version: 8.70.1104.04)

Movie Maker (Version: 16.4.3503.0728)

Mozilla Firefox 6.0.2 (x86 pt-BR) (Version: 6.0.2)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSVCRT110 (Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1108.0727)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Multimedia Keyboard Driver 1.0

MV RegClean 6.9

MyHeritage Family Tree Builder (Version: 6.0.0.5634)

Nero 8 (Version: 8.2.106)

neroxml (Version: 1.0.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (Version: 4.0.30319)

Panda ActiveScan 2.0 (Version: 01.04.01.0000)

PDF Settings CS4 (Version: 9.0)

Photo Common (Version: 16.4.3503.0728)

Photo Gallery (Version: 16.4.3503.0728)

Photoshop Camera Raw (Version: 5.0)

Photoshop Camera Raw_x64 (Version: 5.0)

Picasa 3 (Version: 3.8)

Pixel Bender Toolkit (Version: 1.0)

Pixillion Image Converter

PowerDVD (Version: 7.30.0000)

Prism Video File Converter

Realtek High Definition Audio Driver (Version: 6.0.1.6196)

Receitanet Java 2010.02a

Remote EMap

Revo Uninstaller 1.92 (Version: 1.92)

Scan (Version: 140.0.80.000)

Seagate Replica v3.0.1801.8554

Shop for HP Supplies (Version: 14.0)

Sicalc Auto Atendimento (Version: 4.0.51)

Skype Click to Call (Version: 5.9.9216)

Skype™ 5.10 (Version: 5.10.116)

SmartWebPrinting (Version: 140.0.186.000)

Software SIC versão 5.1

SolutionCenter (Version: 140.0.213.000)

Status (Version: 140.0.212.000)

Suite Shared Configuration CS4 (Version: 1.0)

Suplemento Microsoft Salvar como PDF ou XPS para programas do Microsoft Office 2007 (Version: 12.0.4518.1019)

SweetIM for Messenger 3.7 (Version: 3.7.0005)

TeamViewer 8 (Version: 8.0.16447)

Toolbox (Version: 140.0.428.000)

TrayApp (Version: 140.0.212.000)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

VCRedistSetup (Version: 1.0.0)

Video Converter

VideoPad Video Editor

WebReg (Version: 140.0.212.017)

Win7codecs (Version: 3.9.1)

Windows Installer Clean Up (Version: 3.00.00.0000)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Communications Platform (Version: 16.4.3503.0728)

Windows Live Essentials (Version: 16.4.3503.0728)

Windows Live Family Safety (Version: 16.4.3503.0728)

Windows Live Galeria de Fotos (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Installer (Version: 16.4.3503.0728)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mail (Version: 16.4.3503.0728)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 16.4.3503.0728)

Windows Live Messenger Companion Core (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 16.4.3503.0728)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 16.4.3503.0728)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live PIMT Platform (Version: 16.4.3503.0728)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE (Version: 16.4.3503.0728)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 16.4.3503.0728)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 16.4.3503.0728)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer (Version: 16.4.3503.0728)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 16.4.3503.0728)

WinPcap 4.1.2 (Version: 4.1.0.2001)

WinRAR 4.20 (32-bit) (Version: 4.20.0)

X264

XVID

Zero Assumption Recovery Version 8.5

ZSMC USB PC Camera (ZS0211) (Version: 2007.07.05)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 58%

Total physical RAM: 4061.24 MB

Available physical RAM: 1681.78 MB

Total Pagefile: 8120.68 MB

Available Pagefile: 5529.79 MB

Total Virtual: 4095.88 MB

Available Virtual: 3978.43 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:807.18 GB) NTFS

3 Drive e: (KINGSTON) (Removable) (Total:3.73 GB) (Free:2.55 GB) FAT32

========================= Users: ========================================

Contas de usu rio para \\ADMIN-PC

Admin Administrador Administrator

Convidado

Comando conclu¡do com ˆxito.

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

RogueKiller V8.4.0 [Dec 20 2012] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Site : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario : Admin [Privilegios de Admnistrador]

Modo : Verificar -- Data : 12/20/2012 14:35:42

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 15 ¤¤¤

[TASK][sUSP PATH] RunAsStdUser Task : C:\Users\Admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=S-PV&browser=IE&success=1 -> ENCONTRADO

[TASK][sUSP PATH] {02683182-B532-4CF5-B2B3-1B2F5DCF155B} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> ENCONTRADO

[TASK][sUSP PATH] {4ED53567-C806-46B4-8E60-D2D1A930C0D3} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> ENCONTRADO

[TASK][sUSP PATH] {777CC2EC-1837-42A8-8EAE-1524D4F3FBCA} : C:\Users\Admin\Desktop\NERO 7.5.1.1\Nero-7.5.1.1_ptg.exe -> ENCONTRADO

[TASK][sUSP PATH] {78615C9B-776C-48F4-92CB-54BB8EDA69C1} : C:\Users\Admin\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe -> ENCONTRADO

[TASK][sUSP PATH] {7BD83FB2-9798-4EF5-97E2-68B70DFE51AF} : C:\Users\Admin\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe -> ENCONTRADO

[TASK][sUSP PATH] {983D886C-E36F-4DBC-8465-F6F87EC766C9} : C:\Users\Admin\Desktop\HijackThis\HiJackThis (2).exe -> ENCONTRADO

[TASK][sUSP PATH] {F6078EE3-1075-408F-830D-977943F0F4C3} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> ENCONTRADO

[TASK][sUSP PATH] {FADD689E-86E5-43D6-833C-50C8F60F262E} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> ENCONTRADO

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> ENCONTRADO

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 ATA Device +++++

--- User ---

[MBR] 6570e2049f63efc9b5e7b17469d2e026

[bSP] 64d86be3d6343a8958f1f6e5bf5c09f1 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++

--- User ---

[MBR] ba7ad916c15b652b12f9ca158a5583a7

[bSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1072 | Size: 3823 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Concluido : << RKreport[1]_S_12202012_02d1435.txt >>

RKreport[1]_S_12202012_02d1435.txt

MiniToolBox2012.txt

RKreport1_S_12202012_02d1435.txt

Editado por Elizabeth

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Elizabeth;

1)

Rode novamente o RogueKiller.

Na guia Registro deixe marcado somente.

[TASK][sUSP PATH] RunAsStdUser Task : C:\Users\Admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=S-PV&browser=IE&success=1 -> ENCONTRADO

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> ENCONTRADO

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

Ao final do scan, clique no botão Deletar. Aguarde o processo finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[2].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

2)

Poste um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

RogueKiller V8.4.0 [Dec 20 2012] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Site : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario : Admin [Privilegios de Admnistrador]

Modo : Remover -- Data : 12/21/2012 03:57:45

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 14 ¤¤¤

[TASK][sUSP PATH] RunAsStdUser Task : C:\Users\Admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=S-PV&browser=IE&success=1 -> NÃO SELECIONADO

[TASK][sUSP PATH] {02683182-B532-4CF5-B2B3-1B2F5DCF155B} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> NÃO SELECIONADO

[TASK][sUSP PATH] {4ED53567-C806-46B4-8E60-D2D1A930C0D3} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> NÃO SELECIONADO

[TASK][sUSP PATH] {777CC2EC-1837-42A8-8EAE-1524D4F3FBCA} : C:\Users\Admin\Desktop\NERO 7.5.1.1\Nero-7.5.1.1_ptg.exe -> NÃO SELECIONADO

[TASK][sUSP PATH] {78615C9B-776C-48F4-92CB-54BB8EDA69C1} : C:\Users\Admin\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe -> DELETADO

[TASK][sUSP PATH] {7BD83FB2-9798-4EF5-97E2-68B70DFE51AF} : C:\Users\Admin\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe -> NÃO SELECIONADO

[TASK][sUSP PATH] {983D886C-E36F-4DBC-8465-F6F87EC766C9} : C:\Users\Admin\Desktop\HijackThis\HiJackThis (2).exe -> NÃO SELECIONADO

[TASK][sUSP PATH] {F6078EE3-1075-408F-830D-977943F0F4C3} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> NÃO SELECIONADO

[TASK][sUSP PATH] {FADD689E-86E5-43D6-833C-50C8F60F262E} : C:\Users\Admin\Desktop\General-CleanTool\NeroCleanTool5.0.0.18.exe -> NÃO SELECIONADO

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETADO

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> SUBSTITUIDO (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 ATA Device +++++

--- User ---

[MBR] 6570e2049f63efc9b5e7b17469d2e026

[bSP] 64d86be3d6343a8958f1f6e5bf5c09f1 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++

--- User ---

[MBR] ba7ad916c15b652b12f9ca158a5583a7

[bSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1072 | Size: 3823 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Concluido : << RKreport[4]_D_12212012_02d0357.txt >>

RKreport[1]_S_12202012_02d1435.txt ; RKreport[2]_S_12212012_02d0329.txt ; RKreport[3]_S_12212012_02d0337.txt ; RKreport[4]_D_12212012_02d0357.txt

hijackthis.log2112.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.