[Arquivado] Análise de Log - Hijackthis

[P@TY 0]

Bom dia!! Gostaria que fosse feita a análise do log do hijackthis, estava tentando remover alguns malwares do meu pc e não estou conseguindo!

Segue abaixo o LOG:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:47:08, on 1/10/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ANIWConnService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Western Digital\WD SmartWare\WDDMService.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe

C:\Arquivos de programas\D-Link\DWA-140 revB\AirNCFG.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMConfig.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Keyboard & Mouse Driver\KMProcess.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Western Digital\WD SmartWare\WDFME.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qword.com/?s=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - (no file)

O2 - BHO: QWBandToolBar - {8270927A-FB8B-4647-8E21-C9459BB2610D} - C:\Arquivos de programas\46E396C367B64024B889076D0508A000\QWS.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: QWBandToolBar - {8270927A-FB8B-4647-8E21-C9459BB2610D} - C:\Arquivos de programas\46E396C367B64024B889076D0508A000\QWS.dll

O3 - Toolbar: (no name) - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\lgfw.exe" blrun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe

O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Arquivos de programas\D-Link\DWA-140 revB\AirNCFG.exe

O4 - HKLM\..\Run: [KMCONFIG] C:\Arquivos de programas\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Download by NBget Internet Download - C:\Arquivos de programas\NBget\InternetDownload\adddownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.itau.com.br

O15 - Trusted Zone: *.qword.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196535377125

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\docume~1\alluse~1\dadosd~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1c987ad39f38f48) (gupdate1c987ad39f38f48) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Arquivos de programas\Keyboard & Mouse Driver\KMWDSrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: WDDMService - WDC - C:\Arquivos de programas\Western Digital\WD SmartWare\WDDMService.exe

O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Arquivos de programas\Western Digital\WD Drive Manager\WDDriveService.exe

O23 - Service: WDFME (WDFMEService) - Western Digital - C:\Arquivos de programas\Western Digital\WD SmartWare\WDFME.exe

O23 - Service: WDRules (WDRulesService) - Western Digital - C:\Arquivos de programas\Western Digital\WD SmartWare\WDRulesEngine.exe

 

--

End of file - 12617 bytes

[wings 22]

Boa tarde P@TY

 

 

 

:seta: Desinstale o Spybot.

 

 

 

:seta: Baixe o AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o.

 

 

*Clique [Delete]

 

*Cole o relatório apresentado

[P@TY 0]

# AdwCleaner v2.003 - Logfile created 10/02/2012 at 11:21:03

# Updated 23/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : usuario - USER-3705

# Boot Mode : Normal

# Running from : C:\Documents and Settings\usuario\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : Browser Manager

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Documents and Settings\All Users\Dados de aplicativos\Browser Manager

File Deleted : C:\Arquivos de programas\Mozilla Firefox\.autoreg

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

Folder Deleted : C:\Arquivos de programas\Arquivos comuns\AVG Secure Search

Folder Deleted : C:\Arquivos de programas\AVG Secure Search

Folder Deleted : C:\DOCUME~1\usuario\CONFIG~1\Temp\avg@toolbar

Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search

Folder Deleted : C:\Documents and Settings\usuario\Dados de aplicativos\AVG Secure Search

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\BrowserMngr

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8270927A-FB8B-4647-8E21-C9459BB2610D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qword.com

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8270927A-FB8B-4647-8E21-C9459BB2610D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKU\S-1-5-21-725345543-1844823847-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

 

*************************

 

AdwCleaner[s1].txt - [6645 octets] - [02/10/2012 11:21:03]

 

########## EOF - C:\AdwCleaner[s1].txt - [6705 octets] ##########

[wings 22]

:seta: Execute o AdwCleaner, clique [uninstall] > [sim]

 

 

:seta: Baixe o OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o.

 

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

regedit /e c:\registrybackup.reg /c

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

 

*Clique [Verificar]

 

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:veja: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[P@TY 0]

http://mydoc.tk/3/6034OTL.Txt

 

http://mydoc.tk/3/8337Extras.Txt

[wings 22]

:seta: Abra o Chrome, clique na chave inglesa no alto a direita e clique Opções

 

*Clique Básicas

 

*Em Página inicial, selecione Abrir esta página e coloque www.google.com.br

 

*Clique Extensões e remova qualquer extensão referente a Babylon

 

 

 

:seta: Execute o OTL.

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

 

:OTL

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"

O3 - HKLM\..\Toolbar: (no name) - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.

O3 - HKU\S-1-5-21-725345543-1844823847-682003330-1003\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.

O4 - HKLM..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe" File not found

[2012/09/28 19:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

[2012/09/28 19:06:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Spybot - Search & Destroy

 

:Reg

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{381008FE-8669-48F0-8A0B-BB6146D70CDF}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

:Services

catchme

 

:Commands

[emptytemp]

 

*Clique [Consertar]

 

 

*Clique [OK] para reiniciar o PC

 

 

*Cole o relatório criado em C:\_OTL\MovedFiles\mêsdiaano_horaminutossegundos.log

 

 

:seta: É altamente recomendável que os usuários removam do sistema todas as versões anteriores do Java.

 

*Desinstale Java 6 Update 3 e Java 6 Update 12

 

*Instale a última versão do Java

 

 

:seta: Manter versões antigas de programas, sem atualização, compromete a segurança e o desempenho do seu sistema.

 

*Desinstale Adobe Flash Player 10

 

*Atualize o Adobe Flash Player

[P@TY 0]

All processes killed

========== OTL ==========

Service vToolbarUpdater12.2.6 stopped successfully!

Service vToolbarUpdater12.2.6 deleted successfully!

File C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe not found.

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine

Prefs.js: "Search the web (Babylon)" removed from sweetim.toolbar.previous.browser.search.defaultenginename

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{376CA00C-3F95-46F7-8F04-E69906E52A1F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376CA00C-3F95-46F7-8F04-E69906E52A1F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.

Registry value HKEY_USERS\S-1-5-21-725345543-1844823847-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Logs folder moved successfully.

Folder move failed. C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy scheduled to be moved on reboot.

C:\Arquivos de programas\Spybot - Search & Destroy folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{381008FE-8669-48F0-8A0B-BB6146D70CDF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381008FE-8669-48F0-8A0B-BB6146D70CDF}\ not found.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope" | {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /E : value set successfully!

========== SERVICES/DRIVERS ==========

Service catchme stopped successfully!

Service catchme deleted successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49554 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: usuario

->Temp folder emptied: 69501020 bytes

->Temporary Internet Files folder emptied: 5008999 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 82508127 bytes

->Google Chrome cache emptied: 10327089 bytes

->Flash cache emptied: 3016 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134162 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 31003057 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 191,00 mb

 

 

OTL by OldTimer - Version 3.2.70.1 log created on 10022012_223307

 

Files\Folders moved on Reboot...

Folder move failed. C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy scheduled to be moved on reboot.

C:\Documents and Settings\usuario\Configurações locais\Temp\TeamViewer\Version7\tv_w32.dll moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

Faço uma observação, desde que notei que o pc estava com problemas, eu não consigo acessar o email hotmail, depois que faço login e senha, ele nunca carrega, sempre aparece mensagem de erro. Antes ia para uma página 'qword'. Ainda não estou conseguindo acessar... Não sei se isso tem alguma coisa relacionada.

 

Faço uma observação, desde que notei que o pc estava com problemas, eu não consigo acessar o email hotmail, depois que faço login e senha, ele nunca carrega, sempre aparece mensagem de erro. Antes ia para uma página 'qword'. Ainda não estou conseguindo acessar... Não sei se isso tem alguma coisa relacionada.

[wings 22]

O hotmail tem destas coisas de vez em quando. Acaba sendo difícil dizer qual o problema.

 

Aqui vai um link para ajudar.

 

http://melhorescoisas.com/nao-consigo-entrar-email-hotmail/

 

O item de remoção de vírus e spywares estamos encerrando.

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

 

:seta: Instale o MalwareBytes

 

*Aguarde a atualização e o programa será aberto automaticamente

 

*Selecione [Verificação Rápida]

 

*Clique [Verificar]

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

[P@TY 0]

Fiz o 1o procedimento e depois que o pc reiniciou, na tela de boas vindas, aparece uma mensagem de erro, algo do tipo: 'Um problema está impedindo que o Windows verifique com precisão a licença para este computador." e não consegue logar.

[wings 22]

Fiz o 1o procedimento e depois que o pc reiniciou, na tela de boas vindas, aparece uma mensagem de erro, algo do tipo: 'Um problema está impedindo que o Windows verifique com precisão a licença para este computador." e não consegue logar.

Qual procedimento você está se referindo?

 

Há algum código de erro? Ex. 0x80004005

[P@TY 0]

Cliquei em 'limpeza', ele fez o processo e reiniciou dessa forma

[wings 22]

Cliquei em 'limpeza', ele fez o processo e reiniciou dessa forma

Estranho....não era para acontecer isso.

 

Ao clicar em Limpeza, a ferramenta vai desinstalar e remover outros programas utilizados em remoção de malwares....não tem nenhuma relação.

 

Reinicie o PC em Modo de Segurança.

 

Execute o arquivo C:\registrybackup.reg e aceite a entrada no registro.

 

Reinicie o PC em Modo Normal.

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.