[Resolvido] &nbspAnalise de log

[leandro aislan 0]

Bom dia, como sempre venho pedir a ajuda de vcs, comprei um computador de um amigo, mas como ele tinha muita tranqueira e não me entregou formatado, venho pedir para analisarem meu log, pois o anti virus acusou alguns virus.

Segue:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 07:50:14, on 12/06/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KOOBZ1MD\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchya.com/?s=0&chnl=ft-200&cd=2XzutAtN2Y1L1Qzu0CzztD0A0Azy0AyE0FzzzzyDzyyEyDzz0CtN0D0TzutBtDtCtBtDyEtAtD&cr=1045130848

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\prxtb4sha.dll

R3 - URLSearchHook: (no name) - {ecce0073-a837-45a2-95b9-600420505f7e} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: 4shared.com - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\prxtb4sha.dll

O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: TheBflix - {7412F60F-1398-4381-ADD9-EC5443506243} - C:\ProgramData\TheBflix\bhoclass.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - (no file)

O3 - Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\prxtb4sha.dll

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNzQxNjI3ODU1LUZMMTArMS1MSUMrMS1UVUcrMy1ERFQrMzAzMzgtREQxMEYrMS1TVDEwRkFQUCsxLVMxMEZEREYrMQ"&"prod=55"&"ver=10.0.1424

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Morpheus Music\RazaWebHook.dll/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.santandernet.com.br/mps/plugin/Cab/GbPluginABN.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 13270 bytes

[wings 22]

Olá leandro aislan

 

 

1.

*Execute o hijack, clique [Do a system scan only], selecione as entradas abaixo e clique [Fix checked]

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)

O3 - Toolbar: (no name) - {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - (no file)

O3 - Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

 

*Feche o hijack

 

 

2.

*Baixe o AdwCleaner (...de Xplode) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique [Delete]

 

*Cole o relatório apresentado

 

 

3.

*Instale o MalwareBytes

 

*Aguarde a atualização e o programa será aberto automaticamente

 

*Selecione [Verificação completa]

 

 

*Clique [Verificar] e selecione a partição onde o Windows está instalado ( C:\ )

 

*Clique [Verificar]

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

[leandro aislan 0]

Boa tarde, segue o Log...

 

# AdwCleaner v1.609 - Logfile created 06/12/2012 at 13:23:01

# Updated 10/06/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : user - HP

# Running from : C:\Users\user\Documents\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : WajamUpdater

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\ProgramData\Ask

Deleted on reboot : C:\ProgramData\Babylon

Deleted on reboot : C:\ProgramData\boost_interprocess

Deleted on reboot : C:\ProgramData\SweetIM

Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Deleted on reboot : C:\Program Files\Babylon

Deleted on reboot : C:\Program Files (x86)\4shared.com

Deleted on reboot : C:\Program Files (x86)\Ask.com

Deleted on reboot : C:\Program Files (x86)\Babylon

Deleted on reboot : C:\Program Files (x86)\Conduit

Deleted on reboot : C:\Program Files (x86)\ConduitEngine

Deleted on reboot : C:\Program Files (x86)\DealPly

Deleted on reboot : C:\Program Files (x86)\DVDVideoSoftTB

Deleted on reboot : C:\Program Files (x86)\SweetIM

Deleted on reboot : C:\Program Files (x86)\Wajam

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\MediaFinder

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKCU\Software\Wajam

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKLM\SOFTWARE\4shared.com

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DealPly

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\SweetIM

Key Deleted : HKLM\SOFTWARE\Wajam

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1

Key Deleted : HKLM\SOFTWARE\Classes\sim-packages

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM]

[x64] Key Deleted : HKLM\SOFTWARE\DataMngr

[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}]

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchya.com/?s=0&chnl=ft-200&cd=2XzutAtN2Y1L1Qzu0CzztD0A0Azy0AyE0FzzzzyDzyyEyDzz0CtN0D0TzutBtDtCtBtDyEtAtD&cr=1045130848 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.iminent.com/?appId=410f7061-b264-4aaa-a894-096317f07bf1&ref=homepage --> hxxp://www.google.com

 

-\\ Mozilla Firefox v13.0 (pt-BR)

 

-\\ Google Chrome v19.0.1084.56

 

*************************

 

AdwCleaner[s1].txt - [11820 octets] - [12/06/2012 13:23:01]

 

########## EOF - C:\AdwCleaner[s1].txt - [11949 octets] ##########

[wings 22]

Aguardando o relatório do Malwarebytes.

[leandro aislan 0]

Boa tarde, segue o log.

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.06.12.06

 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

user :: HP [administrador]

 

12/06/2012 13:30:51

mbam-log-2012-06-12 (13-30-51).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 426983

Tempo decorrido: 53 minuto(s), 59 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 6

HKCR\CLSID\{7412F60F-1398-4381-ADD9-EC5443506243} (PUP.BFlix) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7412F60F-1398-4381-ADD9-EC5443506243} (PUP.BFlix) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7412F60F-1398-4381-ADD9-EC5443506243} (PUP.BFlix) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7412F60F-1398-4381-ADD9-EC5443506243} (PUP.BFlix) -> Nenhuma ação foi feita.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7412F60F-1398-4381-ADD9-EC5443506243} (PUP.BFlix) -> Nenhuma ação foi feita.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Nenhuma ação foi feita.

 

Valores de Registro Detectadas: 1

HKLM\SYSTEM\CurrentControlSet\SERVICES\GBPSV|ImagePath (Trojan.GBPSV) -> Data: C:\PROGRA~1\GbPlugin\GbpSvx.exe -> Enviado para a Quarentena e deletado com sucesso.

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 2

C:\ProgramData\TheBflix (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\data (PUP.BFlix) -> Nenhuma ação foi feita.

 

Arquivos Detectados: 14

C:\ProgramData\Bcool\bhoclass.dll (PUP.DownloadnSave) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Nenhuma ação foi feita.

C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Nenhuma ação foi feita.

C:\Program Files (x86)\VITSOFT\Vit Registry Fix\Vit Disk Cleaner.exe (Trojan.Downloader) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\System32\GnuHashes.ini (Trojan.Tracur) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\SysWOW64\GnuHashes.ini (Trojan.Tracur) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\System32\config\Mlhrshutt.pps (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\SysWOW64\config\Mlhrshutt.pps (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

[wings 22]

1.

*Baixe o SecurityCheck (...de screen317) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Tecle [Enter] e cole o relatório apresentado

 

 

2.

*Baixe o OTL (...de Old_Timer) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Se o seu Windows for 64 bit, mantenha selecionada a opção

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

Abaixo uma imagem do OTL configurado

 

 

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop (Área de Trabalho)

 

*Acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório OTL.txt no desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [upload file]

 

*Cole o link gerado ao lado de Download link:

 

*Repita o procedimento para o relatório Extras.txt

[leandro aislan 0]

Boa tarde,

 

Segue o link: http://wikisend.com/download/458884/OTL.Txt

 

http://wikisend.com/download/564706/Extras.Txt

 

 

 

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Spybot - Search & Destroy

Java 6 Update 31

Out of date Java installed!

Adobe Flash Player 11.2.202.235

Adobe Reader X (10.1.0) Adobe Reader Out of Date!

Mozilla Firefox (x86 pt-BR..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Spybot Teatimer.exe is disabled!

AVG avgwdsvc.exe

AVG avgtray.exe

``````````End of Log````````````

[wings 22]

1.

*Execute o OTL

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

O3:64bit: - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.

[2011/10/27 13:53:15 | 003,623,592 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe

[2011/10/27 13:53:15 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe

[2010/11/03 15:09:37 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe

 

:Commands

[EMPTYJAVA]

[EMPTYTEMP]

*Clique [Consertar]

 

*Clique [OK] e o PC será reiniciado

 

*Cole o relatório apresentado

[leandro aislan 0]

Segue o mesmo:

 

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.

C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe moved successfully.

C:\Program Files (x86)\Common Files\ApnStub.exe moved successfully.

C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Allan

 

User: Default

 

User: Default User

 

User: Public

 

User: Todos os Usuários

 

User: UpdatusUser

 

User: user

->Java cache emptied: 1067119 bytes

 

User: Usuário Padrão

 

Total Java Files Cleaned = 1,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Allan

->FireFox cache emptied: 136772457 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 2571 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Todos os Usuários

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: user

->Temp folder emptied: 42354514 bytes

->Temporary Internet Files folder emptied: 144480484 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 168755532 bytes

->Google Chrome cache emptied: 71813044 bytes

->Flash cache emptied: 2576 bytes

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18152436 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes

RecycleBin emptied: 3878424 bytes

 

Total Files Cleaned = 559,00 mb

 

 

OTL by OldTimer - Version 3.2.48.0 log created on 06122012_165753

 

Files\Folders moved on Reboot...

C:\Users\user\AppData\Local\Temp\{21E2BFE9-3759-4CF8-8028-5CFD6B9A7F7B}\fpb.tmp moved successfully.

C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SJ3Z4AO2\adsCAH150H7.htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SJ3Z4AO2\forum-botao[2].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SJ3Z4AO2\forum-super[2].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QNJ2NADO\xd_arbiter[1].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDHJO09A\xd_arbiter[1].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BF32PS33\467295-analise-de-log[1].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BF32PS33\like[3].htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BF32PS33\siCAZDPQWI.htm moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

 

Registry entries deleted on Reboot...

[wings 22]

1.

*Execute o AdwCleaner e clique [uninstall]

 

 

2.

*Execute o Malwarebytes, clique na aba [Quarentena], selecione todos os resultados e clique [Apagar tudo]

 

*Clique na aba [Logs], selecione o relatório e clique [Apagar]

 

*Feche o Malwarebytes

 

 

3.

*Delete o SecurityCheck

 

 

4.

*Baixe o JavaRa (...de Fred de Vries & Paul McLain)

 

*Extraia para o desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Selecione English e clique [select]

 

 

*Clique [search For Updates]

 

 

*Selecione Update Using jucheck.exe e clique [search]

 

*Aguarde o término do download e da instalação, e em seguida, clique [Remove Older Versions]

 

 

5.

*Execute o OTL, clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

6.

*Faça um scan online com o NOD32

 

 

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[leandro aislan 0]

Bom dia, segue o log do anti do ESET:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d1d7c1edea99b546a0cb37a52ea34de2

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-14 01:47:20

# local_time=2012-06-13 10:47:20 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 50265890 91185490 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1

# found=0

# cleaned=0

# scan_time=0

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=d1d7c1edea99b546a0cb37a52ea34de2

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-14 03:20:07

# local_time=2012-06-14 12:20:07 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 50266601 91186201 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=125024

# found=9

# cleaned=9

# scan_time=4855

C:\Photoshop CS4 [bestUniom.net] by Bazoo\Photoshop cs4\ATIVAÇÃO\serial Portraiture.v2.1.rar a variant of Win32/Keygen.CX application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\COREL\KeyGen CorelDrawX5\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Photoshop CS4 [bestUniom.net] by Bazoo\Photoshop cs4\ATIVAÇÃO\serial Portraiture.v2.1.rar a variant of Win32/Keygen.CX application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\ToolbarFacemood122.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\ToolbarFacemood124.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\ToolbarFacemood189.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\ProgramData\Spybot - Search & Destroy\Recovery\ToolbarFacemood191.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Allan\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

[wings 22]

OK...acho que a limpeza foi feita....:)

 

 

1.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

 

2.

*Desinstale o Spybot

 

 

3.

*Baixe o TFC (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [start]

 

 

Um abraço.

[leandro aislan 0]

Bom dia,

 

Obrigado pela ajuda, tem algum programa que possa usar diariamente e que ajude na manutenção e segurança do Pc?

Obrigado mais uma vez.

 

Leandro

[wings 22]

Bom dia...

 

 

Para a manutenção, você pode usar o CCleaner:

 

*Baixe e instale o CCleaner

 

*Clique [Executar Limpeza]

 

*Clique [Registro] > [Procurar erros] > [Corrigir Erros Selecionados] > [Corrigir Todos os Erros Selecionados]

 

 

Para a segurança:

 

Manter o Windows e antivírus sempre atualizados

 

Evitar uso de keygens e cracks

 

Não entrar em sites suspeitos

 

Não abrir e-mails suspeitos.

[leandro aislan 0]

Bom dia...

 

 

Para a manutenção, você pode usar o CCleaner:

 

*Baixe e instale o CCleaner

 

*Clique [Executar Limpeza]

 

*Clique [Registro] > [Procurar erros] > [Corrigir Erros Selecionados] > [Corrigir Todos os Erros Selecionados]

 

 

Para a segurança:

 

Manter o Windows e antivírus sempre atualizados

 

Evitar uso de keygens e cracks

 

Não entrar em sites suspeitos

 

Não abrir e-mails suspeitos.

 

 

 

O que são : Evitar uso de keygens e cracks

O cCleaner já uso....

Obrigado pela grande ajuda Wings..

[wings 22]

Keygens e cracks são formas de burlar programas pagos e dessa forma fazer com que você use sem pagar por licenças.

 

Alguns foram encontrados no seu PC pelo NOD32 e removidos:

 

C:\Photoshop CS4 [bestUniom.net] by Bazoo\Photoshop cs4\ATIVAÇÃO\serial Portraiture.v2.1.rar a variant of Win32/Keygen.CX application (deleted - quarantined)

C:\Program Files\COREL\KeyGen CorelDrawX5\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined)

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.