[Resolvido] &nbspTela Azul e PC travando

[sarcofagobra 0]

Meu notebook tá dando aquelas telas azuis e desligando direto e tbm ta travando muito, será que alguém ae pode me ajudar?

Segue o log do Hijack:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:36:18, on 11/11/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16869)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Vivo 3G\Vivo 3G.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\HijackThis\HiJackThis(1).exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D4863549-775D-40BE-A334-2D39C1073A0B}: NameServer = 200.202.193.75 200.222.0.34

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9716 bytes

[wings 22]

Olá sarcofagobra

 

 

1.

*Baixe o AD-Remover e salve-o no desktop

 

Obs. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar:

 

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]. O PC poderá ser reiniciado para a completa limpeza.

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

 

2.

*Baixe o OTL e salve-o no desktop

 

Obs. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar:

 

*Execute-o e selecione as opções:

Verificar All Users

Usar WhiteList para Nomes de Companhias

Ignorar Arquivos Microsoft

Verificar LOP

Verificar Purity

*Clique [Verificar] e cole os relatório OTL.txt e Extras.txt localizados no desktop

 

Caso o relatório OTL.txt fique demasiadamente grande...

 

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[sarcofagobra 0]

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [3]) -> Launched at 16:02:52 on 14/11/2011, Normal boot

 

Microsoft Windows 7 Ultimate (X64)

Daniel@PC-LISBOA (Hewlett-Packard HP Pavilion dv7 Notebook PC)

 

============== ACTION(S) ==============

 

 

Folder deleted: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\giadhcbw.default\alot-toolbar

Folder deleted: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\giadhcbw.default\extensions\toolbar@alot.com

Folder deleted: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\giadhcbw.default\extensions\toolbar@ask.com

Folder deleted: C:\Program Files (x86)\Ask.com

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\giadhcbw.default\Prefs.js --

Line deleted: user_pref("browser.search.defaultengine", "Ask.com");

Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");

Line deleted: user_pref("browser.search.order.1", "Ask.com");

Line deleted: user_pref("browser.search.selectedEngine", "Ask.com");

Line deleted: user_pref("extensions.alottb.errorUrl", "hxxp://search.alot.com/error?q=[QRY]&pr=errs&src_id=12047&c...

Line deleted: user_pref("extensions.alottb.instance.3.location", "%22Sarzedo%2C%20Brazil%22");

Line deleted: user_pref("extensions.alottb.instance.3.locationCode", "%22cityId%3A39173%22");

Line deleted: user_pref("extensions.alottb.lastCoreUpdate", "Wed, 09 Nov 2011 12:53:08 GMT");

Line deleted: user_pref("extensions.alottb.lastHeartbeat", "Wed, 09 Nov 2011 12:23:08 GMT");

Line deleted: user_pref("extensions.alottb.lastVersion", "2.4.16000");

Line deleted: user_pref("extensions.alottb.maxInstance", 9);

Line deleted: user_pref("extensions.alottb.param.camp_id", 3101);

Line deleted: user_pref("extensions.alottb.param.camp_id_stop", true);

Line deleted: user_pref("extensions.alottb.param.client_id", "98840cc8e8b8f8bd8f58c979");

Line deleted: user_pref("extensions.alottb.param.it", 1317226374);

Line deleted: user_pref("extensions.alottb.param.src_id", 12047);

Line deleted: user_pref("extensions.alottb.param.version", "2.4.16000");

Line deleted: user_pref("extensions.alottb.visible", true);

Line deleted: user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");

Line deleted: user_pref("extensions.asktb.abar-war-timeout", "4000");

Line deleted: user_pref("extensions.asktb.cbid", "T8");

Line deleted: user_pref("extensions.asktb.config-updated", false);

Line deleted: user_pref("extensions.asktb.crumb", "2011.08.27+11.25.09-toolbar008iad-BR-QmVsbyBIb3Jpem9udGUsQnJhem...

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&...

Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR");

Line deleted: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

Line deleted: user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BRXX0033");

Line deleted: user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

Line deleted: user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-...

Line deleted: user_pref("extensions.asktb.fresh-install", false);

Line deleted: user_pref("extensions.asktb.guid", "2bd5f738-24e2-490c-a876-392db7dbbb4b");

Line deleted: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...

Line deleted: user_pref("extensions.asktb.if", "first");

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.last-config-req", "1314480072643");

Line deleted: user_pref("extensions.asktb.locale", "pt_BR");

Line deleted: user_pref("extensions.asktb.location", "Belo Horizonte,Brazil");

Line deleted: user_pref("extensions.asktb.o", "14670");

Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.r", "2");

Line deleted: user_pref("extensions.asktb.sa", "YES");

Line deleted: user_pref("extensions.asktb.saguid", "562F6495-A131-46D5-995B-ECE6DA0F66A8");

Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true);

Line deleted: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Line deleted: user_pref("extensions.asktb.socialmini-first", true);

Line deleted: user_pref("extensions.asktb.socialmini-interval", "1200000");

Line deleted: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

Line deleted: user_pref("extensions.asktb.socialmini-max-items", "30");

Line deleted: user_pref("extensions.asktb.socialmini-native-on", true);

Line deleted: user_pref("extensions.asktb.socialmini-speed", "5000");

Line deleted: user_pref("extensions.asktb.socialmini-transition-first-open", false);

Line deleted: user_pref("extensions.asktb.themeid", "");

Line deleted: user_pref("extensions.asktb.to", "");

Line deleted: user_pref("extensions.asktb.version", "5.12.5.17640");

Line deleted: user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a2...

Line deleted: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=...

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo

Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar

Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [7.0.1 (pt-BR)] ****

 

HKLM_MozillaPlugins\Adobe Reader (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\twitter.xml (hxxps://twitter.com/search/{searchTerms})

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

 

-- C:\Users\Daniel\AppData\Roaming\Mozilla\FireFox\Profiles\giadhcbw.default --

Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Modulo de Protecao - Banco do Brasil)

Prefs.js - browser.download.lastDir, C:\\Users\\Daniel\\Desktop

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.buildID, 20110928134238

Prefs.js - browser.startup.homepage_override.mstone, rv:7.0.1

 

========================================

 

**** Google Chrome Version [15.0.874.120] ****

 

 

-- C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Preferences - homepage: hxxp://www.google.com

Preferences - homepage_is_newtabpage: false

Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x)

Plugin - Native Client (Enabled: true) (C:\Users\Daniel\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll)

Plugin - "Silverlight" (Enabled: true)

Plugin - "Remoting Viewer" (Enabled: true)

Plugin - "Native Client" (Enabled: true)

 

========================================

 

**** Internet Explorer Version [8.0.7600.16385] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Program Files (x86)\Orbitdownloader\GrabPro.dll)

HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Program Files (x86)\Orbitdownloader\GrabPro.dll)

HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll") (x)

HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)

HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)

BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Program Files (x86)\Orbitdownloader\orbitcth.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll") (x)

 

========================================

 

C:\Program Files (x86)\Ad-Remover\Quarantine: 144 File(s)

C:\Program Files (x86)\Ad-Remover\Backup: 43 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 31/08/2011 14:14:52 (9599 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 13/11/2011 12:16:20 (453 Byte(s))

C:\Ad-Report-CLEAN[3].txt - 14/11/2011 16:03:01 (11366 Byte(s))

C:\Ad-Report-SCAN[1].txt - 31/08/2011 14:08:30 (10003 Byte(s))

 

End at: 16:21:00, 14/11/2011

 

============== E.O.F ==============

 

 

LINK DO LOG DO OLT ==> http://cjoint.com/data3/3KpmqTRWCtJ.htm

[wings 22]

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

*Delete a pasta C:\Arquivos de programas\Ad-Remover

*Delete o arquivo C:\Ad-Report-CLEAN[1].txt

 

2.

*Execute o OTL

*Selecione, copie (Ctrl+c) e cole (Ctrl+v) o código no espaço abaixo de Exames Personalizados/Correções:

:OTL

O4 - HKLM..\Run: [] File not found

 

:Commands

[emptytemp]

[reboot]

*Clique [Consertar] e o PC será reiniciado

*Cole o relatório apresentado

 

3.

*Execute o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao término, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

4.

*Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

 

*Execute-o, aguarde a instalação, selecione I accept the license agreement e clique [start]

 

*Clique

 

*Selecione: Meu computador

 

*Clique

 

*Clique [start scanning]

 

*Durante o scan, janelas surgirão. Nas janelas como a abaixo, não faça nada.

 

 

*Caso encontre algo, selecione Apply to all objects e clique [skip]

 

 

 

 

 

*Ao término, clique

 

 

*Clique Detected threats > [save] e salve no desktop como log.txt

 

*Cole o relatório log.txt salvo no desktop

[sarcofagobra 0]

Oi, não executei o kaspersky pq tava demorando muito e to sem tempo :(

Pelo que vi ele tava detectando o mesmo vírus que o malwarebytes que era só um vírus.

Mas o pc melhorou d+, não ta travando, parou de dar tela azul e o boot tbm está mais rápido. Por mim acho que já está tudo normal agora

será que é preciso passar o kaspersky ainda?

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Versão da Base de Dados: 8182

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

18/11/2011 14:07:08

mbam-log-2011-11-18 (14-07-08).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 412596

Tempo decorrido: 2 hora(s), 47 minuto(s), 25 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\Users\Daniel\downloads\installer_ricoh_ac104_printer__scanner_drivers_and_utility_1_07_portuguese.exe (Trojan.Toggle) -> Quarantined and deleted successfully.

[wings 22]

Como o problema foi resolvido, podemos encerrar o caso.

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.