Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Eu não uso o IE, e mesmo assim ele fica abrindo janelas diversas.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:22:05, on 16/02/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17197)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\user\AppData\Local\tuto4pc_br_26\upt4pc_br_26.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\PSafe\PSafeSysTray.exe
C:\Program Files (x86)\tuto4pc_br_26\tuto4pc_br_26.exe
C:\Program Files (x86)\PSafe\Protege\psprotege.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\OEM\LIVE! OSD 1.35\osd.exe
C:\Program Files (x86)\PSafe\PSafeWDS.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\HijacksThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files (x86)\PSafe\PSafeSysTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [tuto4pc_br_26] "C:\Program Files (x86)\tuto4pc_br_26\tuto4pc_br_26.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\RunOnce: [upt4pc_br_26.exe] C:\Users\user\AppData\Local\tuto4pc_br_26\upt4pc_br_26.exe -runonce
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: OSD.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files (x86)\PSafe\PSafeWD.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.1.7 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13431 bytes
Realizei todos os procedimentos, sem erros, eis os links:
http://cjoint.com/?3BqsRhUrOpf (OTL.txt)
http://cjoint.com/?3BqsPByULv2 (Extras.txt)
:seta: Baixe o http://download.bleepingcomputer.com/Xplode/AdwCleaner.exe'>AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Clique [Verificar]
http://imgbox.com/adkz1ZHV'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adkz1ZHV.jpg&key=fd87958a536d38c14b2745ecf60cf22e642df6516711121449994afd80e13fdf" alt="adkz1ZHV.jpg" />
*Cole o relatório apresentado
:seta: Execute o Malwarebytes.
*Clique [Atualização] > [baixar Atualizações]
*Aguarde o término
*Clique [Verificação], selecione Verificação Rápida
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado
*** [serviços] ***
*** [Arquivos/Pastas] ***
Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Pasta Encontrado : C:\Program Files (x86)\AVG Secure Search
Pasta Encontrado : C:\Program Files (x86)\Common Files\AVG Secure Search
Pasta Encontrado : C:\Program Files (x86)\tuto4pc_br_26
Pasta Encontrado : C:\ProgramData\AVG Secure Search
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4pc
*** [Registro] ***
Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\AVG Secure Search
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKCU\Software\Tutorials
Chave Encontrada : HKCU\Software\TutoTag
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Encontrada : HKLM\Software\AVG Secure Search
Chave Encontrada : HKLM\Software\AVG Security Toolbar
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Chave Encontrada : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Chave Encontrada : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Chave Encontrada : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Chave Encontrada : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Chave Encontrada : HKLM\SOFTWARE\Classes\S
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Encontrada : HKLM\Software\PIP
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Chave Encontrada : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuto4pc_br_26_is1
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Encontrada : HKU\S-1-5-21-1938537423-687733407-1580980741-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [tuto4pc_br_26]
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Valor Encontrada : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
*** [Navegadores] ***
-\\ Internet Explorer v8.0.7600.17197
[OK] Registro está limpo.
-\\ Mozilla Firefox v18.0.1 (pt-BR)
-\\ Google Chrome v24.0.1312.57
*************************
AdwCleaner[R1].txt - [6070 octets] - [16/02/2013 19:37:06]
########## EOF - C:\AdwCleaner[R1].txt - [6130 octets] ##########
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Versão da Base de Dados: v2013.02.16.06
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-PC [administrador]
Proteção: Permitir
16/02/2013 19:40:25
mbam-log-2013-02-16 (19-40-25).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 204762
Tempo decorrido: 6 minuto(s), 10 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
(fim)
:seta: Execute o AdwCleaner. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Clique [Remover]
http://imgbox.com/adp5cC2y'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adp5cC2y.jpg&key=fd291e0a2654af5f4e675157a38b294f5609577ca677d3e79623ae9e39213ffa" alt="adp5cC2y.jpg" />
*Em alguns casos, o PC será reiniciado para a completa remoção.
*Clique [OK] para reiniciar
*Cole o relatório apresentado
:seta: Informe como está o PC.
*** [serviços] ***
*** [Arquivos/Pastas] ***
Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Pasta Removido : C:\Program Files (x86)\AVG Secure Search
Pasta Removido : C:\Program Files (x86)\tuto4pc_br_26
Pasta Removido : C:\ProgramData\AVG Secure Search
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4pc
Removido Durante o reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
*** [Registro] ***
Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\AVG Secure Search
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKCU\Software\Tutorials
Chave Removida : HKCU\Software\TutoTag
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\Software\AVG Secure Search
Chave Removida : HKLM\Software\AVG Security Toolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Chave Removida : HKLM\SOFTWARE\Classes\S
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Removida : HKLM\Software\PIP
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuto4pc_br_26_is1
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [tuto4pc_br_26]
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
*** [Navegadores] ***
-\\ Internet Explorer v8.0.7600.17197
[OK] Registro está limpo.
-\\ Mozilla Firefox v18.0.1 (pt-BR)
-\\ Google Chrome v24.0.1312.57
*************************
AdwCleaner[R1].txt - [6189 octets] - [16/02/2013 18:37:06]
AdwCleaner[s1].txt - [5858 octets] - [17/02/2013 11:01:12]
########## EOF - C:\AdwCleaner[s1].txt - [5918 octets] ##########
Cara, fiz a remoção com o AdwCleaner e o pc tá perfeito, as janelas pararam de aparecer. Muito obrigado, me ajudou de mais...
:seta: Execute o AdwCleaner, clique [Desinstalar] > [sim]
http://imgbox.com/abyzbgH4'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abyzbgH4.jpg&key=1cd68a22183c9c57870153931569517377fed52000aa5b8e57435a13b972642d" alt="abyzbgH4.jpg" />
Um abraço....:bye:
Sem palavras, muito obrigado mesmo!
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Olá BeetleJuice
:seta: Baixe o OTL (...de OldTimer) e salve-o no Desktop (Área de Trabalho)
*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador
*Selecione:
**Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity**
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acyo5CMI.jpg&key=009f27d80ddc33ead9bea82e5c742ecb8709cc6902d1cf7da7bdb3ed211bf10d" alt="acyo5CMI.jpg" />
*Clique [Verificar]
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acf9AU2g.jpg&key=4820975f64e34daa58cfd450f6d8942abee2ee56a7fd4168c692390a623ba898" alt="acf9AU2g.jpg" />
*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)
:seta: Acesse este link
*Clique [selecionar arquivo...]
*Localize o relatório OTL.txt, no Desktop, e clique [Abrir]
*Selecione 4 jours
*Clique [Créer le lien Cjoint]
http://imgbox.com/aby4NIZG'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aby4NIZG.jpg&key=8bf3816371f182a72d841d0367c4940aec70f57b01474c94b59d501f0b68b530" alt="aby4NIZG.jpg" />
*Cole o link criado ao lado de Le lien a été créé:
http://imgbox.com/acrVh6GY'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />
*Repita o procedimento para o relatório Extras.txt e cole o link