Ir para o conteúdo

Publicidade

 Estatísticas do Fórum

  • 0 Usuários ativos

    0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

Foto:

[Resolvido]  Explorer abre sozinho

  • Por favor, faça o login para responder
9 respostas neste tópico

#1 vandinhoneves

vandinhoneves
  • Membros
  • 25 posts

Postado 02 junho 2011 - 00:57

Olá, de uma hora pra outra a internet explorer começou a abrir sozinho, quase sempre em sites de mercados. já tentei de tudo. executei o bankerfix e rodei o antispy do marcos velasco mas nada adiantou. preciso muito de ajuda. AGRADEÇO DESDE JÁ.

o log segue abaixo:


Logfile of HijackThis v1.99.1
Scan saved at 00:34:19, on 2/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\cacaoweb\cacaoweb.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\PhD\CONFIG~1\Temp\Fz2.exe
C:\WINDOWS\Fborua.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\PhD\CONFIG~1\Temp\Fz1.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PhD\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plasmoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\RunOnce: [AskTBar Uninstall] rundll32 C:\ARQUIV~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cacaoweb] "C:\Arquivos de programas\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [YDZ1QVAGOJ] C:\DOCUME~1\PhD\CONFIG~1\Temp\Fz1.exe
O4 - HKCU\..\Run: [OPLE7CLDO2] C:\WINDOWS\Fborua.exe
O4 - Startup: Registros Seagate 2GH1LVAF.lnk = C:\Documents and Settings\PhD\Dados de aplicativos\Leadertech\PowerRegister\Registros Seagate 2GH1LVAF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
  • 0

#2 wings

wings
  • Membros
  • 3.597 posts

Postado 02 junho 2011 - 05:47

Olá vandinhoneves


1.
*Baixe o MalwareBytes e salve-o no desktop
*Instale o programa e aguarde a atualização
*O programa será aberto automaticamente
*Na aba [Verificação], selecione [Verificação completa]
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [SIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado

2.
*Baixe o AD-Remover e salve-o no desktop
*Execute-o, clique [Clean] > [Sim] > [OK] > [Sim]
*O PC será reiniciado
*Cole o relatório C:\Ad-Report-CLEAN[1].txt
  • 0

#3 vandinhoneves

vandinhoneves
  • Membros
  • 25 posts

Postado 02 junho 2011 - 12:21

Olá vandinhoneves


1.
*Baixe o MalwareBytes e salve-o no desktop
*Instale o programa e aguarde a atualização
*O programa será aberto automaticamente
*Na aba [Verificação], selecione [Verificação completa]
*Clique [Verificar] e selecione a partição onde o Windows está instalado
*Ao finalizar o scan, clique [SIM] > [OK] > [Ver Resultados] > [Remover Selecionados]
*Cole o relatório apresentado

2.
*Baixe o AD-Remover e salve-o no desktop
*Execute-o, clique [Clean] > [Sim] > [OK] > [Sim]
*O PC será reiniciado
*Cole o relatório C:\Ad-Report-CLEAN[1].txt


olá wings, eu segui todos os passos que você disse. o primeiro relatorio apareceu o seguinte:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 6753

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/6/2011 11:53:55
mbam-log-2011-06-02 (11-53-55).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 208587
Tempo decorrido: 1 hora(s), 6 minuto(s), 4 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 7
Valores de Registro Infectados: 2
Itens de Dados no Registro Infectados: 1
Pastas Infectadas: 1
Arquivos Infectados: 5

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OPLE7CLDO2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YDZ1QVAGOJ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ople7cldo2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ydz1qvagoj (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:
C:\Documents and Settings\PhD\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4} (Spyware.Banker) -> Quarantined and deleted successfully.

Arquivos Infectados:
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fborua.exe (Trojan.FakeAlert.SA) -> Delete on reboot.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.



E no segundo relatório apareceu isto:



======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:08:20 on 02/06/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
PhD@PHD-9FAE5951927 ( )

============== ACTION(S) ==============


File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\conduit
Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\ConduitEngine
Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\extensions\engine@conduit.com
File deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\searchplugins\conduit.xml
Folder deleted: C:\Arquivos de programas\AskTBar
Folder deleted: C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Conduit
Folder deleted: C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\ConduitEngine
Folder deleted: C:\Arquivos de programas\ConduitEngine
Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\PriceGong

(!) -- Temporary files deleted.


-- File opened: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\Prefs.js --
Line deleted: user_pref("CT1460988.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line deleted: user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT146...
Line deleted: user_pref("CT1460988.ct1669100.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_S...
Line deleted: user_pref("CT2552374.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255...
Line deleted: user_pref("CT2949154.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT294...
Line deleted: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2949154");
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1341008/1336676/BR", "\"0\"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2949154", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.5...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2....
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2552374/CT2552374...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2949154/CT2949154...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize....
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-gb", "\"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"...
Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2552374");
Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_brasil");
Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2552374");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_brasil");
Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://us.yhs.search.yahoo.com/avg/searc...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT1460988,ConduitEngine,CT2552374,CT2949154");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT1460988,CT2552374,CT2949154");
Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 22:34:02 GMT-03...
Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 27 2011 16:58:47 GMT-0300 (Hora ...
Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.locale", "en");
Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 27 2011 16:58:38 GMT-0300 (Hora ofic...
Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line deleted: user_pref("CommunityToolbar.alert.userId", "83db5a79-682b-4d5a-9568-0abd0618ead8");
Line deleted: user_pref("CommunityToolbar.globalUserId", "bf5b0b12-e7f3-4ade-a35c-b8807df73a11");
Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2949154");
Line deleted: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 27 2011 16:58:54 GMT-0300 (Hora ofici...
Line deleted: user_pref("ConduitEngine.FirstServerDate", "03/15/2011 16");
Line deleted: user_pref("ConduitEngine.FirstTime", true);
Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);
Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line deleted: user_pref("ConduitEngine.Initialize", true);
Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line deleted: user_pref("ConduitEngine.InstalledDate", "Tue Mar 15 2011 11:18:45 GMT-0300 (Hora oficial do Brasil)...
Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);
Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Apr 27 2011 16:58:55 GMT-0300 (Hora oficia...
Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Mar 31 2011 22:54:04 GMT-0300 (Hora oficial do Bra...
Line deleted: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 28 2011 10:19:56 GMT-0300 (Hora oficial do Bra...
Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 28 2011 10:19:58 GMT-0300 (Hora oficial do...
Line deleted: user_pref("ConduitEngine.UserID", "UN49121076498373084");
Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");
Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Apr 27 2011 16:58:55 GMT-0300 (Hora ...
Line deleted: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 28 2011 10:19:41 GMT-0300 (Hora...
Line deleted: user_pref("ConduitEngine.initDone", true);
Line deleted: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2949154&Sea...
-- File closed --


Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Classes\CLSID\{AE9F8E3A-E8DB-49DC-88D0-CFBB6844B4E8}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AE9F8E3A-E8DB-49DC-88D0-CFBB6844B4E8}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT2949154
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\conduitEngine
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\conduitEngine
Key deleted: HKCU\Software\PriceGong
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7B8F9EF-6154-49DE-819A-C042525D9F89}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.15 (pt-BR)] ****

Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=$isYahoo$&ychte=$ychte$ /)
Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=94fbefbc0000000000006cf049f23579&tlver=1.4.19.19&affID=17159/)
Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)
Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)
Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)
Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)
HKLM_Extensions|{3f963a5b-e555-4543-90e2-c3908898db71} - C:\Arquivos de programas\AVG\AVG9\Firefox
HKLM_Extensions|avg@igeared - C:\Arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared

-- C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default --
Extensions\cacaoweb@cacaoweb.org (cacaoweb)
Extensions\engine@plasmoo.com (Plasmoo Search Engine)
Extensions\ffxtlbr@babylon.com (Babylon)
Extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} (Softonic_Brasil Community Toolbar)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} (DVDVideoSoftTB Community Toolbar)
Extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} (myBabylon English Toolbar)
Extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} (Messenger Plus Community Toolbar)
Prefs.js - browser.download.lastDir, D:\\Meus Arquivos\\Vandinho\\Baixados\\Nova pasta
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.selectedEngine, Search the web (Babylon)
Prefs.js - browser.startup.homepage, hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=94fbefbc0000000000006cf049f23579&tlver=1.4.19.1...
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15
Prefs.js - keyword.URL, hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

========================================

**** Google Chrome Version [11.0.696.71] ****

Extension - dhkplhfnhceodhffomolpfigojocbpcb (x)

-- C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t)
Preferences - homepage: hxxp://plasmoo.com
Preferences - homepage_is_newtabpage: true
Plugin - Windows Genuine Advantage (Enabled: true) (C:\Arquivos de programas\Mozilla Firefox\plugins\npLegitCheckPlugin.dll)
Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npdrmv2.dll)
Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll)
Plugin - Windows Live Photo Gallery (Enabled: true) (C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll)
Plugin - "Silverlight" (Enabled: true)
Plugin - "Babylon Chrome Plugin" (Enabled: true)
Plugin - "Windows Genuine Advantage" (Enabled: true)
Plugin - "Microsoft DRM" (Enabled: true)
Plugin - "Picasa" (Enabled: true)
Plugin - "Windows Live Photo Gallery" (Enabled: true)

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} - "AVG Security Toolbar BHO" (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)
HKCU_URLSearchHooks|{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - "Messenger Plus Toolbar" (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)
HKCU_SearchScopes\Plasmoo - "Plasmoo" (hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms})
HKCU_SearchScopes\{534E49EC-E38B-4241-A2E9-CA7A69860181} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerm...)
HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)
HKCU_Toolbar\WebBrowser|{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)
HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)
HKLM_Toolbar|{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)
HKLM_ElevationPolicy\{96C8F331-A029-4C1F-9AE5-68868536EDC6} - C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Conduit\CT2949154\Messenger_PlusAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe (?)
HKLM_ElevationPolicy\{F99FCA50-4838-450B-A928-9E3C8D2F1856} - C:\Arquivos de programas\Messenger_Plus\Messenger_PlusToolbarHelper1.exe (?)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
BHO\{A3BC75A2-1F87-4686-AA43-5347D756017C} - "AVG Security Toolbar BHO" (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)
BHO\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - "Messenger Plus Toolbar" (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 256 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 02/06/2011 12:08:51 (16108 Byte(s))

End at: 12:09:39, 02/06/2011

============== E.O.F ==============




não dá pra saber se deu certo ainda, vou passar o dia no PC e te informo mais tarde. Agradeço desde de já a atenção.
  • 0

#4 wings

wings
  • Membros
  • 3.597 posts

Postado 02 junho 2011 - 13:42

1.
*Execute o AD-Remover e clique [Uninstall] > [Não] > [Close]

2.
*Baixe o Cacaokiller e salve-o no desktop
*Execute-o e tecle 2 > [ENTER]
*Cole o relatório apresentado

3.
*Desative o seu firewall
*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do AVG ao lado do relógio e selecione "Abrir Interface de Usuário do AVG"
Clique [Ferramentas] > [Configurações avançadas]
Na coluna da esquerda localize e clique em "Desativar a proteção do AVG temporariamente"
Selecione: [x]Desativar a proteção do AVG temporariamente
Clique [OK]
Selecione: [x]Desativar a proteção do firewall e clique [Desativar a proteção em tempo real]

*Baixe o ComboFix e salve-o no desktop
*Execute-o e aceite o contrato
*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação
*Após a instalação do Console, clique [Sim] e aguarde a conclusão das etapas
*Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop!
*Cole o relatório apresentado
  • 0

#5 vandinhoneves

vandinhoneves
  • Membros
  • 25 posts

Postado 02 junho 2011 - 18:19

oi wings, o relatorio que o cacaukiller mostrou foi o seguinte:


============================================================
########### Cacaokiller By Juju666 ###########
============================================================
Version 1.1.0.0
bits
Exécuté par PhD le qui 02/06/2011 à 17:55:55

##################### Suppression:

### Fichiers et dossiers supprimés:


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 872 'cacaoweb.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of opera.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 724 'msnmsgr.exe'
Killing PID 724 'msnmsgr.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of iexplore.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of firefox.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of safari.exe
Mis en quarantaine & Supprimé !! : "C:\Arquivos de programas\cacaoweb"
Mis en quarantaine & Supprimé !! : "C:\Arquivos de programas\cacaoweb\cacaoweb.exe"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\adstorage.db"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\replicatingABBE426A223691FCA1BD716E428E1C84.cacao"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\replicatingB62004C1ACEEA4DBAC8453447F1AE2B0.cacao"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\replicatingD77641A6A6CF609F6A4A3982EB39DA98.cacao"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\storage.db"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome.manifest"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\defaults"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\install.rdf"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\content"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.js"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.xul"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE\cacaoweb.properties"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US\cacaoweb.properties"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES\cacaoweb.properties"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR\cacaoweb.properties"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\cacaoweb.css"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_box.png"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btn.png"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btnmu.png"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\icon.png"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64-off.png"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64.png"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences"
Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences\prefs.js"

### Vérification :


### Objets du registre supprimés :

Supprimé : HKCU\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb
Supprimé : HKCU\Software\cacaoweb


### Terminé avec succès le qui 02/06/2011 à 17:56:42 !!!

============================================================
########### Cacaokiller By Juju666 ---- Terminé ###########
============================================================

EM RELAÇÃO AOS DEMAIS PROCEDIMENTOS EU OLHEI ATENTAMENTE MAS NÃO ENCONTREI A OPÇÃO "DESATIVAR PROTEÇÃO DO AVG TEMPORARIAMENTE". SEGUI OS PASSOS CORRETAMENTE MAS QUANDO ABRO AS CONFIGURAÇÕES AVANÇADAS NÃO APARECE ESSA ALTERNATIVA. SE PODER DAR UMA OLHADA VÉ SE TEM OUTRA FORMA.
OBRIGADO.
  • 0

#6 wings

wings
  • Membros
  • 3.597 posts

Postado 02 junho 2011 - 19:17

1.
*Execute o Cacaokiller e tecle 4 > [ENTER]

2.
*Baixe o DDS e salve-o no desktop
*Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop
*Cole o relatório DDS.txt
  • 0

#7 vandinhoneves

vandinhoneves
  • Membros
  • 25 posts

Postado 02 junho 2011 - 22:25

Oi wings, não de certo de novo. desabilitei a proteção residente do AVG e desativei firewall do windows mas quando executo o combofix ele manda desinstalar o AVG. Por outro lado o explorer não abriu mas sozinho. e ai o que faço?

executei o DDS e apareceu estes dois relatorios:



.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 10 Plugin
Arquivo do WinRAR
Assistente de Conexão do Windows Live
Atualização de Segurança para o Windows Media Player (KB2378111)
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player (KB954155)
Atualização de Segurança para o Windows Media Player (KB973540)
Atualização de Segurança para o Windows Media Player (KB975558)
Atualização de Segurança para o Windows Media Player (KB978695)
Atualização de Segurança para o Windows Media Player 11 (KB954154)
Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)
Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)
Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)
Atualização de Segurança para Windows Internet Explorer 8 (KB971961)
Atualização de Segurança para Windows Internet Explorer 8 (KB981332)
Atualização de Segurança para Windows XP (KB2079403)
Atualização de Segurança para Windows XP (KB2115168)
Atualização de Segurança para Windows XP (KB2121546)
Atualização de Segurança para Windows XP (KB2229593)
Atualização de Segurança para Windows XP (KB2259922)
Atualização de Segurança para Windows XP (KB2296011)
Atualização de Segurança para Windows XP (KB2347290)
Atualização de Segurança para Windows XP (KB2360937)
Atualização de Segurança para Windows XP (KB2387149)
Atualização de Segurança para Windows XP (KB2393802)
Atualização de Segurança para Windows XP (KB2412687)
Atualização de Segurança para Windows XP (KB2419632)
Atualização de Segurança para Windows XP (KB2423089)
Atualização de Segurança para Windows XP (KB2440591)
Atualização de Segurança para Windows XP (KB2443105)
Atualização de Segurança para Windows XP (KB2476687)
Atualização de Segurança para Windows XP (KB2478960)
Atualização de Segurança para Windows XP (KB2478971)
Atualização de Segurança para Windows XP (KB2479628)
Atualização de Segurança para Windows XP (KB2479943)
Atualização de Segurança para Windows XP (KB2481109)
Atualização de Segurança para Windows XP (KB2483185)
Atualização de Segurança para Windows XP (KB2485376)
Atualização de Segurança para Windows XP (KB2485663)
Atualização de Segurança para Windows XP (KB2503658)
Atualização de Segurança para Windows XP (KB2506212)
Atualização de Segurança para Windows XP (KB2506223)
Atualização de Segurança para Windows XP (KB2507618)
Atualização de Segurança para Windows XP (KB2508272)
Atualização de Segurança para Windows XP (KB2508429)
Atualização de Segurança para Windows XP (KB2509553)
Atualização de Segurança para Windows XP (KB2511455)
Atualização de Segurança para Windows XP (KB2524375)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB923789)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956744)
Atualização de Segurança para Windows XP (KB956844)
Atualização de Segurança para Windows XP (KB958869)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB960859)
Atualização de Segurança para Windows XP (KB961501)
Atualização de Segurança para Windows XP (KB969059)
Atualização de Segurança para Windows XP (KB970430)
Atualização de Segurança para Windows XP (KB971657)
Atualização de Segurança para Windows XP (KB972270)
Atualização de Segurança para Windows XP (KB973507)
Atualização de Segurança para Windows XP (KB973869)
Atualização de Segurança para Windows XP (KB973904)
Atualização de Segurança para Windows XP (KB974112)
Atualização de Segurança para Windows XP (KB974318)
Atualização de Segurança para Windows XP (KB974392)
Atualização de Segurança para Windows XP (KB974571)
Atualização de Segurança para Windows XP (KB975025)
Atualização de Segurança para Windows XP (KB975467)
Atualização de Segurança para Windows XP (KB975560)
Atualização de Segurança para Windows XP (KB975562)
Atualização de Segurança para Windows XP (KB975713)
Atualização de Segurança para Windows XP (KB977816)
Atualização de Segurança para Windows XP (KB977914)
Atualização de Segurança para Windows XP (KB978338)
Atualização de Segurança para Windows XP (KB978542)
Atualização de Segurança para Windows XP (KB978601)
Atualização de Segurança para Windows XP (KB978706)
Atualização de Segurança para Windows XP (KB979309)
Atualização de Segurança para Windows XP (KB979482)
Atualização de Segurança para Windows XP (KB979687)
Atualização de Segurança para Windows XP (KB980195)
Atualização de Segurança para Windows XP (KB980232)
Atualização de Segurança para Windows XP (KB980436)
Atualização de Segurança para Windows XP (KB981322)
Atualização de Segurança para Windows XP (KB981997)
Atualização de Segurança para Windows XP (KB982132)
Atualização de Segurança para Windows XP (KB982214)
Atualização de Segurança para Windows XP (KB982665)
Atualização para Windows Internet Explorer 8 (KB976662)
Atualização para Windows XP (KB2141007)
Atualização para Windows XP (KB2345886)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB955759)
Atualização para Windows XP (KB961503)
Atualização para Windows XP (KB968389)
Atualização para Windows XP (KB971029)
Atualização para Windows XP (KB971737)
Atualização para Windows XP (KB973687)
Atualização para Windows XP (KB973815)
AVG Free 9.0
Dic Michaelis - UOL
EasySaver B9.0410.1
Ferramenta de Carregamento do Windows Live
Google Chrome
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB2443685)
Hotfix para Windows XP (KB961118)
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
K-Lite Mega Codec Pack 6.0.0
Malwarebytes' Anti-Malware
Messenger Plus Toolbar
Messenger Plus! 5
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC90 CRT + OMP
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.15)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV AntiSpy 4.0
MV Antivirus for Pen Drive 1.0
MV Defrag 1.9
MV Internet Optimizer 1.0
MV RegClean 6.0
MV RegCompact 1.3
Nero 8
neroxml
PC Connectivity Solution
PC MEGA RAPIDO PRO 2.1
Picasa 3
PokerStars
PokerTH
PowerISO
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
USB Disk Win98 Driver
WebFldrs XP
WinAVI Video Converter
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Mail
Windows Live Messenger
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
.
==== End Of File ===========================




e o segundo é:


.
DDS (Ver_2011-06-02.03) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by PhD at 22:21:07 on 2011-06-02
.
============== Running Processes ===============
.
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\AVG\AVG9\avgnsx.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
D:\Meus Arquivos\Vandinho\Baixados\Nova pasta\dds.com
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\arquivos de programas\messenger_plus\prxtbMess.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll
BHO: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\arquivos de programas\messenger_plus\prxtbMess.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
TB: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\arquivos de programas\messenger_plus\prxtbMess.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\phd\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG9_TRAY] c:\arquiv~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [USB Storage Toolbox] c:\arquivos de programas\usb disk win98 driver\Res.EXE
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\arquivos de programas\poweriso\PWRISOVM.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34
TCP: Interfaces\{340C96D1-AB82-4D84-91D6-23BA9CF5364D} : DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=94fbefbc0000000000006cf049f23579&tlver=1.4.19.19&affID=17159
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll
FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\phd\configuraã§ãµes locais\dados de aplicativos\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Softonic_Brasil Community Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - %profile%\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: Messenger Plus Community Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - %profile%\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\arquivos de programas\avg\avg9\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R? asc3360pr;asc3360pr
R? AVG Security Toolbar Service;AVG Security Toolbar Service
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free Network Redirector
S? ES lite Service;ES lite Service for program management.
S? MVAVPD;MVAVPD
.
=============== Created Last 30 ================
.
2011-06-02 13:28:58 -------- d-----w- c:\documents and settings\phd\dados de aplicativos\Malwarebytes
2011-06-02 13:28:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 13:28:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:28:46 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Malwarebytes
2011-06-02 13:28:45 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2011-06-02 02:42:41 -------- d-----w- C:\LinhaDefensiva
2011-06-01 20:32:30 -------- d-----w- c:\documents and settings\phd\configurações locais\dados de aplicativos\WinAVI
2011-06-01 20:32:09 -------- d-----w- c:\arquivos de programas\WinAVI
2011-05-19 19:54:51 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-05-19 19:54:51 118784 ----a-w- c:\windows\system32\ActiveDate.ocx
2011-05-19 19:54:50 81920 ----a-w- c:\windows\system32\Gold Button.ocx
2011-05-19 19:54:50 409600 ----a-w- c:\windows\system32\nslock15vb5.ocx
2011-05-19 19:54:50 229376 ----a-w- c:\windows\system32\XTAB.ocx
2011-05-19 19:54:50 221184 ----a-w- c:\windows\system32\HookMenu.ocx
2011-05-14 00:10:40 81920 ----a-w- c:\windows\amcap.exe
.
==================== Find3M ====================
.
2011-06-02 22:40:27 17488 ----a-w- c:\windows\gdrv.sys
2011-05-06 11:35:00 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-27 23:07:11 87608 ----a-w- c:\documents and settings\phd\dados de aplicativos\inst.exe
2011-03-27 23:07:11 47360 ----a-w- c:\documents and settings\phd\dados de aplicativos\pcouffin.sys
2011-03-17 00:49:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-17 00:49:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 22:21:34,10 ===============
  • 0

#8 wings

wings
  • Membros
  • 3.597 posts

Postado 02 junho 2011 - 23:45

OK...log limpo.

1.
*Delete o DDS e seus relatórios.

2.
*Execute o Malwarebytes, clique na aba [Quarentena], selecione todos os resultados e clique [Apagar tudo]
*Clique na aba [Logs], selecione o relatório e clique [Apagar]
*Feche o Malwarebytes


Um abraço.
  • 0

#9 vandinhoneves

vandinhoneves
  • Membros
  • 25 posts

Postado 03 junho 2011 - 08:26

olá wings, muito obrigado pela sua atenção. fico bastante grato. o trabalho que vcs realizam é exelente.

um abraço.
  • 0

#10 wings

wings
  • Membros
  • 3.597 posts

Postado 03 junho 2011 - 08:42

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
  • 0