Processos estranhos!

Log para analise. [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Processo aparentemente está normal:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Creio que isso nao seja normal, luz vermelha piscando constantemente, nunca para:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Bom Dia! Edvan

|- Execute este script em ZHPFix.

O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll  =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll   =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã    
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã       
O43 - CFD: 27/08/2013 - 15:48:10 - [0] ----D C:\Arquivos de programas\Baidu Security
O43 - CFD: 27/08/2013 - 15:48:09 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Baidu Security
O45 - LFCP:[MD5.8CCFD53E26328844FF8A98519F0E2155] - 04/09/2013 - 14:17:25 ---A- - C:\WINDOWS\Prefetch\TVNSERVER.EXE-169A48F0.pf
O45 - LFCP:[MD5.0F7F478818612AA7B314E68E0306E432] - 05/09/2013 - 08:12:58 ---A- - C:\WINDOWS\Prefetch\DNSANGEL.EXE-15C0EFD6.pf
O45 - LFCP:[MD5.6EFFE28C71BB0A72E77197528EED6312] - 05/09/2013 - 10:14:21 ---A- - C:\WINDOWS\Prefetch\NS43F.TMP-2E0D9727.pf
O45 - LFCP:[MD5.0891E768A08D8B2FA9AE35410BD4B407] - 05/09/2013 - 10:14:30 ---A- - C:\WINDOWS\Prefetch\SKYPEPORTABLE.EXE-0FC62CCE.pf
O61 - LFC: 02/09/2013 - 17:35:08 ---A- . (...) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\29.0.1547.66\Locales\bn.dll   [9680]       
O69 - SBI: SearchScopes [HKCU] {86122936-B263-4bcf-9F1E-3BA652211805} [DefaultScope] - (Yahoo) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Yahoo

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^
[HKCU\Software\Baidu Security]

C:\Arquivos de programas\DeviceVM   =>Toolbar.Splashtop
C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll   =>Toolbar.Google^

emptytemp
emptyclsid
firewallrazz

|- Poste o relatório!

A+

Rapport de ZHPFix 2013.8.28.2 par Nicolas Coolman, Update du 28/08/2013
Fichier d'export Registre : 
Run by Administrador at 05/09/2013 11:20:56
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Recycle Files Deleted

========== Registry Key ==========
DELETED  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
DELETED  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
DELETED  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
DELETED Key: SearchScopes :{86122936-B263-4bcf-9F1E-3BA652211805}
DELETED Key: HKCU\Software\Baidu Security

========== Registry Value ==========
DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
NOT FOUND Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
DELETED Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}
DELETED Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}
NOT FOUND [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}

========== Repertory ==========
No Empty CLSID Directories

========== File ==========
DELETED File: c:\arquivos de programas\google\google toolbar\googletoolbar_32.dll 
NOT FOUND File: c:\arquivos de programas\google\google toolbar\googletoolbar_32.dll
DELETED File: c:\windows\prefetch\tvnserver.exe-169a48f0.pf 
DELETED File: c:\windows\prefetch\dnsangel.exe-15c0efd6.pf 
DELETED File: c:\windows\prefetch\ns43f.tmp-2e0d9727.pf 
DELETED File: c:\windows\prefetch\skypeportable.exe-0fc62cce.pf 
DELETED File: c:\documents and settings\administrador\configurações locais\dados de aplicativos\google\chrome\application\29.0.1547.66\locales\bn.dll 
NOT FOUND Folder/File: c:\arquivos de programas\google\google toolbar\googletoolbar_32.dll
DELETED Window Temporary

========== Other ==========
NOT SUPPORTED firewallrazz


========== Summary ==========
5 : Registry Key
5 : Registry Value
1 : Repertory
9 : File
1 : Other


End of clean in 00mn 07s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 05/09/2013 11:20:57 [2064]

Bom Dia! Edvan

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

|- Ou aqui! < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
chromelook;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<
A+

Veja essas imagens:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]



Zoek.exe Version 4.0.0.4 Updated 31-08-2013
Tool run by Administrador on 05/09/2013 at 11:51:00,15.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Script inserted] 

==== System Restore Info ======================

05/09/2013 11:52:33 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default

user.js not found
---- Lines yahoo removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*");

---- Lines yahoo modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs_072013_1020_.backup
prefs_092013_1155_.backup

ProfilePath: C:\Documents and Settings\f003300\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default

user.js not found
---- Lines yahoo removed from prefs.js ----


---- Lines yahoo modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs_072013_1020_.backup
prefs_092013_1155_.backup

==== Deleting Files \ Folders ======================

"C:\Arquivos de programas\Hosts_Anti_Adwares_PUPs" deleted
"C:\Arquivos de programas\Hosts_Anti_Adwares_PUPs" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
- Undetermined - C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
101700E93EB905992B518256CB441829 - C:\Arquivos de programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
ABCB4A6EAB701C629378255ABCB308E5 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F045DF7AF127DC4BCC53421850114E15 - C:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
3A523765D795DB006C010B915C3A840A - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
42A9B216A7A288512CE2F9A6BCCE96BC - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
7D28153B7D586330678AD522B71D89CB - C:\Arquivos de programas\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®


==== Chrome Look ======================

avast Online Security - Administrador - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
http [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Administrador - Default\Extensions\jpbllmgmifibakklfdbiehhdojgaklcp
Card number - Administrador - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{86122936-B263-4bcf-9F1E-3BA652211805}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86122936-B263-4bcf-9F1E-3BA652211805}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown  Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{982334AF-6893-4efc-ACB2-00445C87E7EE} Google  Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully
HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.4.65.158:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCU] "C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {52D57856-859C-4F58-81E3-7C86B4DA7C48} (IPCCoPlayer Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{27EDD3C8-A7DB-42E3-88F3-AD62A97850F5}: NameServer = 208.67.222.123,208.67.220.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{F665A06F-06F3-4F6B-AECF-63DD8FFB51CD}: NameServer = 208.67.222.123,208.67.220.123,10.4.65.1
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Serviço Scheduler2 (AcrSch2Svc) - Acronis - C:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço de Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Arquivos de programas\Arquivos comuns\Acronis\CDP\afcdpsrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Arquivos de programas\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Tenable Nessus - Tenable Network Security, Inc - C:\Arquivos de programas\Tenable\Nessus\nessus-service.exe

==== Empty IE Cache ======================

C:\Documents and Settings\e0062\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\e0063\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f003300\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f004044\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\f003300\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 05/09/2013 at 11:58:17,62 ======================

Boa Tarde! Edvan

|- Execute este script na ferramenta Zoek.

C:\Arquivos de programas\Hosts_Anti_Adwares_PUPs;fs
HOSTS Anti-PUPs;s
startupall;

|- Poste o relatório!.

A+

Nada ainda, a luz está mais brilhante como nunca!! rsrs


Zoek.exe Version 4.0.0.4 Updated 31-08-2013
Tool run by Administrador on 05/09/2013 at 14:05:39,06.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Script inserted] 

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HOSTS Anti-PUPs deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HOSTS Anti-PUPs deleted successfully

==== Deleting Files \ Folders ======================

"C:\Arquivos de programas\Hosts_Anti_Adwares_PUPs" not found 

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"Adobe ARM"="C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
"BCU"="C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Serviço Scheduler2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="schedhlp"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Acronis\\Schedule2\\schedhlp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeARM"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCU"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\DeviceVM\\Browser Configuration Utility\\BCU.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DTLite"
"hkey"="HKCU"
"command"="\"C:\\Arquivos de programas\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EpmNews"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\EaseUS\\EaseUS Partition Master 9.2.1 Home Edition\\bin\\EpmNews.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleUpdate"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Administrador\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HOSTS Anti-Adware_PUPs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HOSTS_Anti-Adware_main"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Hosts_Anti_Adwares_PUPs\\HOSTS_Anti-Adware_main.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Arquivos de programas\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrueImageMonitor.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrueImageMonitor"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^BrOffice.org 3.2.lnk]
"path"="C:\\Documents and Settings\\Administrador\\Menu Iniciar\\Programas\\Inicializar\\BrOffice.org 3.2.lnk"
"backup"="C:\\WINDOWS\\pss\\BrOffice.org 3.2.lnkStartup"
"command"="C:\\ARQUIV~1\\BROFFI~1.ORG\\program\\QUICKS~1.EXE "
"item"="BrOffice.org 3.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Dropbox.lnk]
"path"="C:\\Documents and Settings\\Administrador\\Menu Iniciar\\Programas\\Inicializar\\Dropbox.lnk"
"backup"="C:\\WINDOWS\\pss\\Dropbox.lnkStartup"
"command"="C:\\DOCUME~1\\ADMINI~1\\DADOSD~1\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21/08/2013 10:33]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:8C:\ArquivosC:deC:programas\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [13/03/2013 08:07]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500Core.job --a------ C:\Documents and Settings\Administrador\Configuraes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500UA.job --a------ C:\Documents and Settings\Administrador\Configuraes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\User_Feed_Synchronization-{4A43C29C-545F-4A8A-81C5-36482BBCEFE2}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]
C:\WINDOWS\tasks\User_Feed_Synchronization-{59086E34-7A55-4167-9858-E8C4D4A099AE}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 04:31]

==== EOF on 05/09/2013 at 14:06:51,43 ======================

Boa Noite! Edvan

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Acessando o Utilitário de Configuração do Sistema,faça inicialização seletiva.

|- Carregue: Serviços do sistema <<
|- Carregue: Itens de inicialização << Verifique qual ítem ao carregar,ocasiona esse efeito!
|- Desmarque as caixinhas e caso desapareça o problema,volte a marcá-las uma à uma,para identificar a causa.
|- Continuando o problema,os serviços do sistema podem ser desabilitados nessa investigação,bastando desmarcar a caixa de seleção "Carregar Serviços do sistema".

|- Ps: Se com tudo isso o problema continuar...substitua o HD.

At+

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

A Luz persistente ate que fim saiu!..hehe

Bom Dia! Edvan

Edvan escreveu:A Luz persistente ate que fim saiu!..hehe

|- Mas foi o Avast em seu escaneamento no modo reinício,conforme me relatou por MP,que detectou algum malware e não pode especificar o que  foi quarantinado. Bom trabalho!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Foi-me enviada,posteriormente,imagem da quarentena do Avast.

Caso Resolvido!