[Resolvido] &nbspAnálise de Log

[Magro Costa 0]

Bom dia,

 

Segue o log para análise, meu pc esta lento demais.....

 

Obrigado

 

* Meu outro Pc que o Wings me ajudou ficou muito bom, obrigado.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:06:14, on 22/6/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe

C:\Arquivos de programas\TeamViewer\Version7\tv_w32.exe

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

c:\arquivos de programas\teamviewer\version7\TeamViewer_Desktop.exe

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Magro\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/sof/sof_1333028206_416525

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/sof/sof_1333028206_416525

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/sof/sof_1333028206_416525

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/sof/sof_1333028206_416525

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Barra de Ferramentas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Toolbar\01.01.2607.0\pt-br\msntb.dll

O3 - Toolbar: (no name) - {742E70CF-7770-412d-86CB-230B322E807C} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with &Media Finder - C:\Arquivos de programas\Media Finder\hook.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

--

End of file - 6292 bytes

[wings 22]

Olá Magro Costa

 

 

 

*Baixe o OTL (...de Old_Timer) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

Imagem do OTL configurado

 

 

*Clique [Verificar]

 

*Acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório OTL.txt no desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [upload file]

 

*Cole o link gerado ao lado de Download link:

 

*Repita o procedimento para o relatório Extras.txt

[Magro Costa 0]

Boa tarde Wings,

 

Segue o link.

 

http://wikisend.com/download/279012/OTL.Txt

 

 

http://wikisend.com/download/922564/Extras.Txt

 

Obrigado

[wings 22]

1.

*Baixe este arquivo e salve-o no desktop

 

*Execute-o e cole o relatório apresentado

 

 

2.

*Baixe o MyUninstaller

 

*Extraia para o Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Localize o programa V9Software

 

*Clique com o botão direito do mouse nele e selecione Uninstall Selected Software

[Magro Costa 0]

Executei aquele como falou mais o log saiu em branco.

Segui para o proximo, mas não consegui desinstalar.

[wings 22]

Ok...

 

1.

*Delete o look.bat

 

 

2.

*Delete o MyUninstaller

 

 

3.

*Baixe este arquivo e salve-o no desktop

 

*Execute-o e cole o relatório

[Magro Costa 0]

Boa tarde segue o mesmo:

 

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

@="Live Search"

"DisplayName"="@ieframe.dll,-12512"

"URL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

 

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

"DownloadUpdates"=dword:00000001

"Version"=dword:00000002

"UpgradeTime"=hex:a8,91,a0,31,a8,82,cc,01

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}"

"FaviconURLFallback"="http://www.bing.com/favicon.ico"

"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

"FaviconPath"="C:\\Documents and Settings\\Magro\\Configura‡äes locais\\Dados de aplicativos\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"

"DisplayName"="Bing"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

"DisplayName"="Search the web (Babylon)"

"URL"="http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=442fafa40000000000000025221da991"

"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]

"DisplayName"="v9"

"URL"="http://www.google.com.br/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A8691855295&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4E68199B-B77D-4D65-B331-BEAEF2CE0C79}]

"DisplayName"="Yahoo! Search"

"URL"="http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}"

"OSDFileURL"="file:///C:/Arquivos%20de%20programas/Arquivos%20comuns/Spigot/Search%20Settings/yahoo_ie.xml"

"FaviconURL"="http://www.yahoo.com/favicon.ico"

"FaviconPath"="C:\\Documents and Settings\\Magro\\Configura‡äes locais\\Dados de aplicativos\\Microsoft\\Internet Explorer\\Services\\search_{4E68199B-B77D-4D65-B331-BEAEF2CE0C79}.ico"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6B7A3D08-EEB9-44F9-81C3-66BE037987D4}]

"DisplayName"="Live Search"

"URL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[wings 22]

1.

*Baixe o Revo Uninstaller

 

*Extraia para o Desktop (Área de Trabalho)

 

 

2.

*Feche o Internet Explorer

 

 

3.

*Execute o Revo Uninstaller. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Localize o programa V9Software

 

*Dê duplo clique nele e clique [sim]

 

 

4.

*Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/sof/sof_1333028206_416525

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/sof/sof_1333028206_416525

IE - HKU\S-1-5-21-1409082233-1614895754-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/sof/sof_1333028206_416525

IE - HKU\S-1-5-21-1409082233-1614895754-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/sof/sof_1333028206_416525

IE - HKU\S-1-5-21-1409082233-1614895754-682003330-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1409082233-1614895754-682003330-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=442fafa40000000000000025221da991

O33 - MountPoints2\{7fc9e420-ac0f-11e1-b4ba-0025221da991}\Shell\AutoRun\command - "" = J:\urDrive.exe

[2012/06/21 02:57:24 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

:Reg

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

 

:Commands

[EMPTYJAVA]

[EMPTYTEMP]

*Clique [Consertar]

 

*Clique [OK] e o PC será reiniciado

 

*Cole o relatório apresentado

[Magro Costa 0]

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-1409082233-1614895754-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-1409082233-1614895754-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-1409082233-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1409082233-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fc9e420-ac0f-11e1-b4ba-0025221da991}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fc9e420-ac0f-11e1-b4ba-0025221da991}\ not found.

File J:\urDrive.exe not found.

C:\Documents and Settings\Magro\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: Magro

->Java cache emptied: 3857444 bytes

 

User: NetworkService

 

Total Java Files Cleaned = 4,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Magro

->Temp folder emptied: 9961302 bytes

->Temporary Internet Files folder emptied: 11399980 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 61013342 bytes

->Google Chrome cache emptied: 452593505 bytes

->Flash cache emptied: 59746 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2339411 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 10596072 bytes

 

Total Files Cleaned = 523,00 mb

 

 

OTL by OldTimer - Version 3.2.51.0 log created on 06222012_183507

[wings 22]

O PC está limpo.

 

 

1.

*Delete a pasta do Revo Uninstaller

 

 

2.

*Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

Recomendações finais...

 

 

A) Sobre o Java

 

*É altamente recomendável que os usuários removam do sistema versões antigas do Java, pois representam um sério risco à segurança do PC. Clique aqui para verificar se o Java está atualizado.

 

 

*Clique aqui para saber como desinstalar versões antigas do Java.

 

 

*Clique aqui para instalar a última versão do Java

 

 

B) Desative e ative a Restauração do Sistema conforme seu Windows

 

Windows XP

 

Desativar

*Clique com o botão direito do mouse em Meu Computador e selecione Propriedades

 

*Clique Restauração do Sistema

 

*Selecione a opção Desativar Restauração do Sistema

 

*Clique [Aplicar] > [sim] > [OK]

 

Ativar

*Desmarque a opção Desativar Restauração do Sistema

 

*Clique [Aplicar] > [sim] > [OK]

 

 

C) Leia a cartilha de segurança

 

 

Um abraço.

[Magro Costa 0]

Agradeço novamente a atenção, fiz conforme descreveu.

 

 

Muito Obrigado

 

Magro

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.