Logo Hardware.com.br
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas

[Resolvido] Analise de Log

#1 Por Monica Gurzo... 17/03/2015 - 17:37
Olá pessoal, boa tarde!

Por favor, gostaria que vocês verificassem se está tudo bem com esse computador. É de um amigo que precisa baixar o programa do IR de 2015 e não consegue.

O IE congela. Ask... Baidu... Não sei, ou não consigo, tirar. Parece que tem programas entrando em conflito...não sei, não entendo.

Custou muito, mas consegui instalar o Google Chrome

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:02, on 17/03/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expext.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASPRT.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOAS.exe
C:\WINDOWS\SysWOW64\WerFault.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Celso\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Deal Keeper 1.0.0.7 - {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} - (no file)
O2 - BHO: Shopping App by Ask BHO - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe
O23 - Service: RBClientService - Systweak - C:\Program Files (x86)\Right Backup\RBClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update Deal Keeper - Unknown owner - C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
O23 - Service: Util Deal Keeper - Unknown owner - C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 12924 bytes
computador programa boa analise log entrando tarde verificassem
edutango
edutango Cyber Highlander Registrado
9.3K Mensagens 6.3K Curtidas
#2 Por edutango
17/03/2015 - 17:42
Monica Gurzoni disse:
Olá pessoal, boa tarde!

Por favor, gostaria que vocês verificassem se está tudo bem com esse computador. É de um amigo que precisa baixar o programa do IR de 2015 e não consegue.

O IE congela. Ask... Baidu... Não sei, ou não consigo, tirar. Parece que tem programas entrando em conflito...não sei, não entendo.

Custou muito, mas consegui instalar o Google Chrome

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:02, on 17/03/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expext.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASPRT.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOAS.exe
C:\WINDOWS\SysWOW64\WerFault.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Celso\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Deal Keeper 1.0.0.7 - {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} - (no file)
O2 - BHO: Shopping App by Ask BHO - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe
O23 - Service: RBClientService - Systweak - C:\Program Files (x86)\Right Backup\RBClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update Deal Keeper - Unknown owner - C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
O23 - Service: Util Deal Keeper - Unknown owner - C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 12924 bytes

C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expext.exe
C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASHelper.exe

Baidu e cia ===

Faça para começar estes 2 procedimantos em sequencia


Remova adwares e toolbars maliciosas com o Adwcleaner

Tutorial do Junkware Removal Tool

Depois poste os logs
AMD Duron 900mhz/mobo PCCHIPS
mouse em forma de arco leadrshhep

256mb RAM SDR=WINDOWS 98
Video integrado SiS
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#3 Por Monica Gurzo...
17/03/2015 - 19:11
Olá edutango! Os logs:

# AdwCleaner v4.112 - Logfile created 17/03/2015 at 18:19:35
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1 Single Language (x64)
# Username : Celso - SAMSUNG
# Running from : C:\Users\Celso\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : RBClientService
[#] Service Deleted : Update Deal Keeper
[#] Service Deleted : Util Deal Keeper
Service Deleted : {55dce8ba-9dec-4013-937e-adbf9317d990}w64
Service Deleted : {eb8709c5-52a2-49ef-9341-2b49aaf413b8}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Right Backup
Folder Deleted : C:\Program Files (x86)\RCP
[!] Folder Deleted : C:\Program Files (x86)\Deal Keeper
[!] Folder Deleted : C:\Program Files (x86)\Deal Keeper
Folder Deleted : C:\Users\Celso\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Celso\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Celso\AppData\Roaming\rightbackup
Folder Deleted : C:\Users\Celso\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Celso\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\WINDOWS\System32\sasnative64.exe
File Deleted : C:\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
File Deleted : C:\WINDOWS\System32\drivers\{eb8709c5-52a2-49ef-9341-2b49aaf413b8}w64.sys
File Deleted : C:\Users\Celso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk
File Deleted : C:\Users\Celso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Right Backup.lnk

***** [ Scheduled tasks ] *****

Task Deleted : Advanced System Protector_startup
Task Deleted : RegClean Pro
Task Deleted : RegClean Pro_DEFAULT
Task Deleted : RegClean Pro_UPDATES
Task Deleted : Right Backup_startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Deal Keeper
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Deal Keeper
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4709FD5B-D7BF-4D2C-97EE-6C24405B6806}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Deal Keeper
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Baidu
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Deal Keeper
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5354-2D53-5045-A758B70C1902}
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v41.0.2272.89

[C:\Users\Celso\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Celso\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11461&pf=V7&p2=^BE7^OSJ000^YY^BR&gct=&itbv=12.24.1.53&apn_uid=E569004D-55EA-483A-AC57-905D55D15EB0&apn_ptnrs=BE7&apn_dtid=^OSJ000^YY^BR&apn_dbr=ie_11.0.9600.17416&doi=2015-03-17&trgb=IE&q={searchTerms}&psv=&pt=tb

-\\ Opera v28.0.1750.40

[C:\Users\Celso\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Celso\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11461&pf=V7&p2=^BE7^OSJ000^YY^BR&gct=&itbv=12.24.1.53&apn_uid=E569004D-55EA-483A-AC57-905D55D15EB0&apn_ptnrs=BE7&apn_dtid=^OSJ000^YY^BR&apn_dbr=ie_11.0.9600.17416&doi=2015-03-17&trgb=IE&q={searchTerms}&psv=&pt=tb

*************************

AdwCleaner[R0].txt - [8702 bytes] - [17/03/2015 18:01:35]
AdwCleaner[S0].txt - [8401 bytes] - [17/03/2015 18:19:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8460 bytes] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 8.1 Single Language x64
Ran by Celso on 17/03/2015 at 18:34:46,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\TOOLBAR.EXE-2C6CFC9E.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/03/2015 at 19:01:39,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
arkGreen">arkOrange">

edutango
edutango Cyber Highlander Registrado
9.3K Mensagens 6.3K Curtidas
#4 Por edutango
17/03/2015 - 19:16
OK
Baixe agora e execute o pureRA=http://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCcQFjAB&url=http%3A%2F%2Fwww.majorgeeks.com%2Ffiles%2Fdetails%2Fpurera.html&ei=X6cIVY7fOMGhyAT7q4L4AQ&usg=AFQjCNFsYGTcE_s8DBjOV1hdb2BKId4FhA&bvm=bv.88198703,d.aWw=

Em seguida o RogueKiller para verificar algumas coisas==

http://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&sqi=2&ved=0CDIQFjAC&url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Froguekiller%2F&ei=lqcIVdvWLufR7Qbw5IHwBQ&usg=AFQjCNHAWjO49mfq3FsHLbxLFGL0fuFeBg&bvm=bv.88198703,d.aWw
AMD Duron 900mhz/mobo PCCHIPS
mouse em forma de arco leadrshhep

256mb RAM SDR=WINDOWS 98
Video integrado SiS
edutango
edutango Cyber Highlander Registrado
9.3K Mensagens 6.3K Curtidas
#6 Por edutango
17/03/2015 - 19:32
Monica Gurzoni disse:
edutango, o Celso está preocupado se nenhum desses procedimentos irá mover ou modificar os arquivos que ele tem dos Impostos de Renda de anos anteriores. Quer dizer, posso executar esses procedimentos sem problema ?


O PureRA é um programa de limpeza leve e inócuo- pode utilizar sem susto

Se o PC está em estágio normal pode ignorar o RogueKiller

Estamos no aguardo
AMD Duron 900mhz/mobo PCCHIPS
mouse em forma de arco leadrshhep

256mb RAM SDR=WINDOWS 98
Video integrado SiS
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#7 Por Monica Gurzo...
17/03/2015 - 19:52
Lembrei de dizer que o Avast sumiu...

O PureRA gerou esse log:

RaProducts' PureRa v1.7
Log created at 19:50 on 17/03/2015 (Celso)

C:\Config.MSI emptied.
C:\Users\Celso\AppData\LocalLow\Microsoft\CryptNetURLCache\Content emptied.
C:\Users\Celso\AppData\LocalLow\Microsoft\CryptNetURLCache\MetaData emptied.
C:\WINDOWS\system32\FNTCACHE.DAT <- O sistema não pode encontrar o arquivo especificado.
Recycle bin emptied.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.
C:\WINDOWS\SoftwareDistribution\Download emptied.
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.
C:\WINDOWS\SoftwareDistribution\WuRedir emptied.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- O sistema não pode encontrar o arquivo especificado.
C:\Users\Celso\AppData\Local\Temp emptied.
C:\WINDOWS\TEMP emptied.

Total space cleaned: 0 bytes

-=E.O.F=-
arkGreen">arkOrange">

edutango
edutango Cyber Highlander Registrado
9.3K Mensagens 6.3K Curtidas
#8 Por edutango
17/03/2015 - 19:57
Sugestão

Guardar docs importantes em um HD externo para não perder em casos como esse

Com calma
Fazer um Sacn com o Malwarebytes. pode demorar um pouco mas pode trazer tranquilidade no caso de haver mais maliciosos

https://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CB4QFjAA&url=https://www.malwarebytes.org/&ei=BLEIVcrTJ4vsoASvlYKYDg&usg=AFQjCNFpqigegs7xp_Qcjx3AYoIxwuUygg&bvm=bv.88528373,d.cGU

Quanto o Avast- eu não o indico= ele sempre some qdo mais se precisa dele

Tente o Bitdefender ou o 360
AMD Duron 900mhz/mobo PCCHIPS
mouse em forma de arco leadrshhep

256mb RAM SDR=WINDOWS 98
Video integrado SiS
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#9 Por Monica Gurzo...
17/03/2015 - 20:46
O que está em quarentena, posso deletar?


Log do Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/03/2015
Scan Time: 20:10:03
Logfile: log mal.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.17.07
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Celso

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357264
Time Elapsed: 24 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin, Quarantined, [ecaf8eb8c4c63df963353360ff048977],

Files: 16
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\7za.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\BrowserAdapter.7z, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOAS.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOAS.zip, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASHelper.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASPRT.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter64.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expext.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expext.zip, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expextdll.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef9341.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef93412b49aaf413b8.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef93412b49aaf413b864.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef934164.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eula.txt, Quarantined, [ecaf8eb8c4c63df963353360ff048977],

Physical Sectors: 0
(No malicious items detected)


(end)
arkGreen">arkOrange">

edutango
edutango Cyber Highlander Registrado
9.3K Mensagens 6.3K Curtidas
#10 Por edutango
17/03/2015 - 20:51
Monica Gurzoni disse:
O que está em quarentena, posso deletar?


Log do Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/03/2015
Scan Time: 20:10:03
Logfile: log mal.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.17.07
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Celso

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357264
Time Elapsed: 24 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin, Quarantined, [ecaf8eb8c4c63df963353360ff048977],

Files: 16
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\7za.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\BrowserAdapter.7z, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOAS.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOAS.zip, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASHelper.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BOASPRT.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter64.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expext.exe, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expext.zip, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.expextdll.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef9341.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef93412b49aaf413b8.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef93412b49aaf413b864.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eb8709c552a249ef934164.dll, Quarantined, [ecaf8eb8c4c63df963353360ff048977],
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\eula.txt, Quarantined, [ecaf8eb8c4c63df963353360ff048977],

Physical Sectors: 0
(No malicious items detected)


(end)

Sim pode deletar

Agora use o pureRA- e faça uma boa limpeza
http://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCcQFjAB&url=http%3A%2F%2Fwww.majorgeeks.com%2Ffiles%2Fdetails%2Fpurera.html&ei=3b0IVZG1D4_ZoAST9IGgCw&usg=AFQjCNFsYGTcE_s8DBjOV1hdb2BKId4FhA&bvm=bv.88198703,d.cGU
AMD Duron 900mhz/mobo PCCHIPS
mouse em forma de arco leadrshhep

256mb RAM SDR=WINDOWS 98
Video integrado SiS
Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#11 Por Monica Gurzo...
17/03/2015 - 21:07
Log do PureRA

RaProducts' PureRa v1.7
Log created at 21:02 on 17/03/2015 (Celso)

C:\Config.MSI emptied.
C:\Users\Celso\AppData\LocalLow\Microsoft\CryptNetURLCache\Content emptied.
C:\Users\Celso\AppData\LocalLow\Microsoft\CryptNetURLCache\MetaData emptied.
C:\WINDOWS\system32\FNTCACHE.DAT <- O sistema não pode encontrar o arquivo especificado.
Recycle bin emptied.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.
C:\WINDOWS\SoftwareDistribution\Download emptied.
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.
C:\WINDOWS\SoftwareDistribution\WuRedir emptied.
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- O sistema não pode encontrar o arquivo especificado.
C:\Users\Celso\AppData\Local\Temp emptied.
C:\WINDOWS\TEMP emptied.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession1.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession2.sqm <- Successfully deleted.
C:\Users\All Users\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm <- Successfully deleted.
C:\Users\Todos os Usuários\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm <- Successfully deleted.

Total space cleaned: 2.36 KB

-=E.O.F=-
arkGreen">arkOrange">

Monica Gurzoni
Monica Gurzo... Membro Senior Registrado
299 Mensagens 15 Curtidas
#13 Por Monica Gurzo...
17/03/2015 - 21:56
Tinha um monte de antivírus confused.png Removi todos e o Celso quis ficar com o Avast. Então deixei.

Deixei CCleaner e falei que ele tem que atualizar.

Também consegui baixar os programas do IR que ele queria smile.png

Agora, como é mesmo que tiro tudo que baixei para os procedimentos? Estão na área de trabalho.

Algum procedimento mais?
arkGreen">arkOrange">

edutango
edutango Cyber Highlander Registrado
9.3K Mensagens 6.3K Curtidas
#14 Por edutango
17/03/2015 - 22:07
Monica Gurzoni disse:
Tinha um monte de antivírus confused.png Removi todos e o Celso quis ficar com o Avast. Então deixei.

Deixei CCleaner e falei que ele tem que atualizar.

Também consegui baixar os programas do IR que ele queria smile.png

Agora, como é mesmo que tiro tudo que baixei para os procedimentos? Estão na área de trabalho.

Algum procedimento mais?



Não pode ter mais do que um A-V--gera conflito

Use para limpar todos os logs o Delfix

Aqui o link limpo==http://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0CD4QFjAE&url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fdelfix%2F&ei=e88IVZqZJrHbsATGhICoDw&usg=AFQjCNGPTfb-RLvIED1wSGq7j676_O0oyg&bvm=bv.88198703,d.cWc
AMD Duron 900mhz/mobo PCCHIPS
mouse em forma de arco leadrshhep

256mb RAM SDR=WINDOWS 98
Video integrado SiS
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal