[Arquivado] IE Abre Sozinho com paginas para jogos!

[Priscila Trovo 0]

Boa Tarde.

A alguns dias estou com um problema com meu IE..

Ele esta abrindo sozinho paginas de jogo on line, compra etc.

Uso internet banda larga e tenho certeza que nao apertei em nenhum link desconhecido, creio que possa ter sido algum pen drive q meu marido usou!.

 

Segue Log para analise..

Desde já mto obrigada..

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:37:36, on 3/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\ENLTV\ENLTV\RemoteService\RS.exe

C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\drivers\comrepl.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE

C:\ARQUIV~1\ENLTV\ENLTV\TVTray.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Corel\Corel Snapfire\Corel Photo Downloader.exe

C:\Arquivos de programas\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\TweetDeck\TweetDeck.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

F:\Programa\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: (no name) - *{06663B56-0D73-4f9f-BCC5-4AA941470AFD} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Arquivos de programas\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\comrepl.exe

O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Arquivos de programas\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Arquivos de programas\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"

O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\ENLTV\TVTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Arquivos de programas\Corel\Corel Snapfire\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iso data fast cast] C:\Documents and Settings\All Users\Dados de aplicativos\save time iso data\ooze meet.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [listbias] C:\DOCUME~1\PRISCI~1\DADOSD~1\BOREME~1\Eggs 64.exe

O4 - HKCU\..\Run: [Pando] C:\Arquivos de programas\Pando Networks\Pando\Pando.exe /Minimized

O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System32\drivers\esentutl.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [sessMgr] C:\WINDOWS\System32\drivers\sessmgr.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp\comrepl.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\logman.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\mstsc.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\Priscila Trovo\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRISCI~1\DADOSD~1\dllhst3g.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [sessMgr] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\sessmgr.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [iEudinit] C:\Documents and Settings\Priscila Trovo\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp\comrepl.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [spool] C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp\spoolsv.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\mstsc.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System32\drivers\esentutl.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [iEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [iEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Arquivos de programas\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Arquivos de programas\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Arquivos de programas\ENLTV\ENLTV\RemoteService\RS.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

 

--

End of file - 13626 bytes

[wings 22]

Boa tarde Priscila Trovo

 

1.

*Desative seu antivírus temporariamente

 

Iniciar > Programas > AVG > AVG Control Center > Proteção Residente do AVG > Desative a opção Ativar a Proteção Residente do AVG > OK

*Faça o download do LopUninstall e salve-o no desktop

*Execute-o. Digite os números e clique em [uninstall]

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle S > [ENTER]

*Aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

[Priscila Trovo 0]

Segui tudo que voce pediu..

Segue log..

 

 

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 03.12.2009 at 20:53

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 16:01:56, qui 03/12/2009 | Normal Boot | Option: SCAN

Executed from: C:\Arquivos de programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: PRISCILATROVO | Current user: Priscila Trovo

.

============== FOUND ELEMENT(S) ==============

.

 

C:\DOCUME~1\PRISCI~1\DADOSD~1\DesktopIcon

C:\DOCUME~1\PRISCI~1\DADOSD~1\Mozilla\Firefox\Profiles\5lyq44ib.default\extensions\toolbar@ask.com

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\Arquivos de programas\Ask.com

C:\Arquivos de programas\Mozilla FireFox\Plugins\NPPandBr.dll

C:\Arquivos de programas\PandoBar

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

C:\DOCUME~1\PRISCI~1\Cookies\priscila trovo@ask[1].txt

.

HKCU\software\Ask.com

HKCU\software\AskToolbar

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{06663B56-0D73-4f9f-BCC5-4AA941470AFD}

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\software\classes\appid\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\Software\Classes\CLSID\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\Software\Classes\CLSID\{3B8B90F0-A76C-4a02-B44A-BB338D8D00F0}

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\CLSID\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}

HKLM\Software\Classes\CLSID\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKLM\Software\Classes\CLSID\{E3EA4FDB-CADE-4ae5-84F7-086EEE888BE4}

HKLM\software\classes\GenericAskToolbar.ToolbarWnd

HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1

HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{08AA0598-6A23-4364-9BF4-6D5F57F42993}

HKLM\Software\Classes\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}

HKLM\Software\Classes\Interface\{C7F127DF-8877-4E1E-A196-FBBECBC5BC6D}

HKLM\Software\Classes\Interface\{E3EA4FDA-CADE-4AE5-84F7-086EEE888BE4}

HKLM\Software\Classes\Interface\{E3EA4FDC-CADE-4AE5-84F7-086EEE888BE4}

HKLM\software\classes\PandoBar.SettingsPlugin

HKLM\software\classes\PandoBar.SettingsPlugin.1

HKLM\software\classes\PandoBar.ToolbarPlugin

HKLM\software\classes\PandoBar.ToolbarPlugin.1

HKLM\Software\Classes\TypeLib\{E3EA4FD0-CADE-4AE5-84F7-086EEE888BE4}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\software\microsoft\windows\currentversion\uninstall\PandoBar Uninstall

HKLM\software\PandoBar

HKU\s-1-5-21-1993962763-527237240-1801674531-1003\software\Ask.com

HKU\s-1-5-21-1993962763-527237240-1801674531-1003\software\AskToolbar

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.5 [pt-BR] *

.

ProfilePath: 5lyq44ib.default (Priscila Trovo)

.

(PRISCI~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Priscila Trovo\Meus documentos

(PRISCI~1, prefs.js) Browser.download.lastDir, F:\Artesanato\Niver Tema Jardim\Cha de Bonecas

(PRISCI~1, prefs.js) Browser.search.defaultenginename, Yahoo! Search

(PRISCI~1, prefs.js) Browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

(PRISCI~1, prefs.js) Browser.search.selectedEngine, Google

(PRISCI~1, prefs.js) Browser.startup.homepage, www.orkut.com

.

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.cbid, T8

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.default-channel-url-mask, hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.fresh-install, false

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.l, dis

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.last-config-req, 1259759229849

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.locale, pt_BR

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.o, 14670

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.overlay-reloaded-using-restart, true

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.qsrc, 2871

(PRISCI~1, prefs.js) FOUND - Extensions.asktb.r, 8

(PRISCI~1, prefs.js) FOUND - Extensions.enabledItems, toolbar@ask.com:3.4.0.464,{3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424,avg@igeared:2.609.002.003,{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,jqs@sun.com:1.0,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://www.orkut.com/

Search Page: hxxp://www.google.com

Search Bar: hxxp://www.google.com/ie

Default_Search_URL: hxxp://www.google.com/ie

Start Page Restore: hxxp://search.speedbit.com

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Priscila Trovo\Configura‡äes locais\Temp\1011182400000e1cf4a0qw9jfq\PHOTODEX - Proshow Gold 3.2 Serial VALIDO.rar

C:\Documents and Settings\Priscila Trovo\Configura‡äes locais\Temp\1011182400000e1cf4a0qw9jfq\Photodex.ProShow.Producer.v3.0.1974.Incl.Keymaker-CORE\keygen.exe

C:\Documents and Settings\Priscila Trovo\Meus documentos\DescobrirSenhaWinrar_xh0t_the_www.baixarsim.blogspot.com\crack\crack\urpwdr11rc16.exe

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica Cd Dvd Label Maker v3.29 Incl Keygen-Fallen.zip

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\Acoustica-CD-Label-Maker-Installer.exe

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\Acoustica-CD-Label-Maker-Installer.part1.rar

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\Acoustica-CD-Label-Maker-Installer.part2.rar

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\cddvd-k.exe

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\fallen.nfo

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\flnl329a.zip

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\flnl329b.zip

C:\Documents and Settings\Priscila Trovo\Meus documentos\Photomatix_Pro_3.2_Beta_5\Keygen\keygen.exe

.

===================================

.

527 Byte(s) - C:\Ad-Report-SCAN[1].log

9910 Byte(s) - C:\Ad-Report-SCAN[2].log

.

2383 File(s) - C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp

1112 File(s) - C:\WINDOWS\Temp

.

2 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP

0 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE

.

End at: 16:13:19 | qui 03/12/2009 - SCAN[2]

.

============== E.O.F ==============

.

[wings 22]

*Execute novamente o AD-Remover

*Tecle L > [ENTER]

*Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack

[Priscila Trovo 0]

Log do Ad-Report-Clean.log

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 03.12.2009 at 20:53

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 16:58:48, qui 03/12/2009 | Normal Boot | Option: CLEAN

Executed from: C:\Arquivos de programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: PRISCILATROVO | Current user: Priscila Trovo

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\DOCUME~1\PRISCI~1\DADOSD~1\DesktopIcon

C:\DOCUME~1\PRISCI~1\DADOSD~1\Mozilla\Firefox\Profiles\5lyq44ib.default\extensions\toolbar@ask.com

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\Arquivos de programas\Ask.com

C:\Arquivos de programas\Mozilla FireFox\Plugins\NPPandBr.dll

C:\Arquivos de programas\PandoBar

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

C:\DOCUME~1\PRISCI~1\Cookies\priscila trovo@ask[1].txt

 

(!) -- Temp files deleted.

 

.

HKCU\software\Ask.com

HKCU\software\AskToolbar

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{06663B56-0D73-4f9f-BCC5-4AA941470AFD}

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\software\classes\appid\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\Software\Classes\CLSID\{06663B56-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\Software\Classes\CLSID\{3B8B90F0-A76C-4a02-B44A-BB338D8D00F0}

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\CLSID\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}

HKLM\Software\Classes\CLSID\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKLM\Software\Classes\CLSID\{E3EA4FDB-CADE-4ae5-84F7-086EEE888BE4}

HKLM\software\classes\GenericAskToolbar.ToolbarWnd

HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1

HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{08AA0598-6A23-4364-9BF4-6D5F57F42993}

HKLM\Software\Classes\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}

HKLM\Software\Classes\Interface\{C7F127DF-8877-4E1E-A196-FBBECBC5BC6D}

HKLM\Software\Classes\Interface\{E3EA4FDA-CADE-4AE5-84F7-086EEE888BE4}

HKLM\Software\Classes\Interface\{E3EA4FDC-CADE-4AE5-84F7-086EEE888BE4}

HKLM\software\classes\PandoBar.SettingsPlugin

HKLM\software\classes\PandoBar.SettingsPlugin.1

HKLM\software\classes\PandoBar.ToolbarPlugin

HKLM\software\classes\PandoBar.ToolbarPlugin.1

HKLM\Software\Classes\TypeLib\{E3EA4FD0-CADE-4AE5-84F7-086EEE888BE4}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\software\microsoft\windows\currentversion\uninstall\PandoBar Uninstall

HKLM\software\PandoBar

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.5 [pt-BR] *

.

ProfilePath: 5lyq44ib.default (Priscila Trovo)

.

(PRISCI~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Priscila Trovo\Meus documentos

(PRISCI~1, prefs.js) Browser.download.lastDir, F:\Artesanato\Niver Tema Jardim\Cha de Bonecas

(PRISCI~1, prefs.js) Browser.search.defaultenginename, Yahoo! Search

(PRISCI~1, prefs.js) Browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

(PRISCI~1, prefs.js) Browser.search.selectedEngine, Google

(PRISCI~1, prefs.js) Browser.startup.homepage, www.orkut.com

.

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.cbid, T8

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.default-channel-url-mask, hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.fresh-install, false

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.l, dis

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.last-config-req, 1259759229849

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.locale, pt_BR

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.o, 14670

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.overlay-reloaded-using-restart, true

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.qsrc, 2871

(PRISCI~1, prefs.js) ERASED - Extensions.asktb.r, 8

(PRISCI~1, prefs.js) ERASED - Extensions.enabledItems, toolbar@ask.com:3.4.0.464,{3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424,avg@igeared:2.609.002.003,{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,jqs@sun.com:1.0,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://fr.msn.com/

Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Priscila Trovo\Meus documentos\DescobrirSenhaWinrar_xh0t_the_www.baixarsim.blogspot.com\crack\crack\urpwdr11rc16.exe

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica Cd Dvd Label Maker v3.29 Incl Keygen-Fallen.zip

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\Acoustica-CD-Label-Maker-Installer.exe

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\Acoustica-CD-Label-Maker-Installer.part1.rar

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\Acoustica-CD-Label-Maker-Installer.part2.rar

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\cddvd-k.exe

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\fallen.nfo

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\flnl329a.zip

C:\Documents and Settings\Priscila Trovo\Meus documentos\Minhas m£sicas\Acoustica.CD.DVD.Label.Maker.v3.29.Incl.Keygen-FALLEN\flnl329b.zip

C:\Documents and Settings\Priscila Trovo\Meus documentos\Photomatix_Pro_3.2_Beta_5\Keygen\keygen.exe

.

===================================

.

8809 Byte(s) - C:\Ad-Report-CLEAN[1].log

527 Byte(s) - C:\Ad-Report-SCAN[1].log

10251 Byte(s) - C:\Ad-Report-SCAN[2].log

.

0 File(s) - C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp

2 File(s) - C:\WINDOWS\Temp

.

19 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP

100 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE

.

End at: 17:08:36 | qui 03/12/2009 - CLEAN[1]

.

============== E.O.F ==============

.

 

 

 

Log do Hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:13:57, on 3/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\ENLTV\ENLTV\RemoteService\RS.exe

C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\drivers\comrepl.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE

C:\ARQUIV~1\ENLTV\ENLTV\TVTray.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Corel\Corel Snapfire\Corel Photo Downloader.exe

C:\Arquivos de programas\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\Arquivos de programas\TweetDeck\TweetDeck.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

F:\Programa\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\comrepl.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Arquivos de programas\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"

O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\ENLTV\TVTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Arquivos de programas\Corel\Corel Snapfire\Corel Photo Downloader.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [Pando] C:\Arquivos de programas\Pando Networks\Pando\Pando.exe /Minimized

O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System32\drivers\esentutl.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [sessMgr] C:\WINDOWS\System32\drivers\sessmgr.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp\comrepl.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\logman.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\mstsc.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Documents and Settings\Priscila Trovo\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\PRISCI~1\DADOSD~1\dllhst3g.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [sessMgr] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\sessmgr.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [iEudinit] C:\Documents and Settings\Priscila Trovo\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp\comrepl.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [spool] C:\DOCUME~1\PRISCI~1\CONFIG~1\Temp\spoolsv.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\PRISCI~1\DADOSD~1\MICROS~1\mstsc.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System32\drivers\esentutl.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [iEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [iEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Arquivos de programas\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Arquivos de programas\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SuperTV Pro Remote Control Service (RemoteControlService) - Unknown owner - C:\Arquivos de programas\ENLTV\ENLTV\RemoteService\RS.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

 

--

End of file - 11644 bytes

[wings 22]

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

2.

*Baixe o Dr.WebCureit e salve-o no desktop

*Duplo clique em launch.exe

*Clique em [Opções] e altere o idioma para "Português"

*Selecione a opção [Verificação completa] e clique na seta para iniciar o scan

*Ao término, clique em [Ficheiro] e selecione a opção [Guardar lista de relatórios] e salve-o no desktop

*Cole o relatório criado

[Priscila Trovo 0]

Estou passando pela 3x vez esse ultimo programa...

Ele faz a verificaçao, encontra ameaças, pede para eu clicar em deletar e quando esta concluindo a verificaçao ele reinicia o computador antes mesmo de eu poder salvar o relatorio!!

 

É assim mesmo???

[wings 22]

Boa noite Priscila Trovo

 

 

 

Não costuma dar este problema não.

 

Caso persista, reinicie o PC em Modo de Segurança e faça o scan com ele.

 

Para iniciar o Modo de Segurança:

 

Reinicie o PC e aperte de forma intermitente a tecla F8 durante a inicialização.

 

Selecione no menu de opções: "Modo Seguro"

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.