[Resolvido!] Paginas abrem sozinha utilizando Firefox 3.6 e IE 8.

[Rocko! 0]

Senhores, boa tarde

 

infelizmente aqui em casa cada um faz o que quer e acessa o que quer na internet, devido a isso alguem andou clicando no que não deveria e o computador passou a abrir paginas sozinhas, tanto no Firefox quanto no IE, já no Chrome isso não acontece. Particularmente eu uso muito o Firefox e essas paginas abrindo sozinhas me atrapalham bastante.

 

Andei pesquisando no Google e cheguei até aqui, sou um pouco leigo no assunto de virus, malware, spy e outros. Já instalei um monte de programas por aqui e até agora nada resolveu meu problema.

 

Segue abaixo o log do HiJackThis:

 

-----------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:54:31, on 2/3/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\vsnpstd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Rocko\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Rocko\CONFIG~1\Temp\Rar$EX00.797\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Arquivos de programas\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll

O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Arquivos de programas\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Arquivos de programas\Content Management Wizard\1.1.0.1990\CMWIE.dll

O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Arquivos de programas\Textual Content Provider\1.1.0.1810\TCPIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Arquivos de programas\Web Search Operator\4.1.0.1990\wso.dll

O3 - Toolbar: HottieStar Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Arquivos de programas\HottieStar Toolbar\2.1.3.6670\mvb0.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rocko\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226315876551

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226321608281

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14A00777-8C70-45BA-BCCF-1A1D66E162B1}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{14A00777-8C70-45BA-BCCF-1A1D66E162B1}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

 

--

End of file - 9887 bytes

 

 

 

 

----------------------------------------------------------------

 

Desde já agradeço pela ajuda.

 

Atenciosamente,

 

Rocko Carvalho

[wings 22]

Boa tarde...

 

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle S > [ENTER]

*Aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

[Rocko! 0]

Boa tarde...

 

*Baixe o AD-Remover'>http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe"]AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle S > [ENTER]

*Aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

Boa tarde Wings ..

 

primeiramente muito obrigado pela ajuda.

 

segue abaixo o relatorio:

 

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 29.01.2010 at 16:43

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 15:48:29, qua 02/03/aaaa | Normal Boot | Option: SCAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: P-3879999DA0D14 | Current user: Rocko

.

============== FOUND ELEMENT(S) ==============

.

 

C:\DOCUME~1\Rocko\CONFIG~1\Temp\cmw

C:\Arquivos de programas\Automated Content Enhancer

C:\Arquivos de programas\Content Management Wizard

C:\Arquivos de programas\Customized Platform Advancer

C:\Arquivos de programas\HottieStar Toolbar

C:\Arquivos de programas\Internet Today

C:\Arquivos de programas\QuestService

C:\Arquivos de programas\Textual Content Provider

C:\Arquivos de programas\Web Search Operator

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\AskToolbar

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\AskToolbar

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Automated Content Enhancer

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Automated Content Enhancer

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Customized Platform Advancer

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Customized Platform Advancer

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\HottieStar Toolbar

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Internet Today

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Dados de aplicativos\ShoppingReport

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Textual Content Provider

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Textual Content Provider

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Web Search Operator

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Web Search Operator

.

HKCU\software\Automated Content Enhancer

HKCU\software\CMW

HKCU\software\Customized Platform Advancer

HKCU\software\HottieStar Toolbar

HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}

HKLM\software\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}

HKLM\software\appdatalow\software\Internet Today

HKLM\software\Automated Content Enhancer

HKLM\Software\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}

HKLM\Software\Classes\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}

HKLM\Software\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}

HKLM\Software\Classes\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKLM\Software\Classes\CLSID\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}

HKLM\Software\Classes\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}

HKLM\software\classes\ExplorerBar.CMW

HKLM\software\classes\ExplorerBar.CMW.1

HKLM\software\classes\ExplorerBar.FunExplorer

HKLM\software\classes\ExplorerBar.FunExplorer.1

HKLM\software\classes\ExplorerBar.FunRedirector

HKLM\software\classes\ExplorerBar.FunRedirector.1

HKLM\software\classes\ExplorerBar.TCP

HKLM\software\classes\ExplorerBar.TCP.1

HKLM\software\classes\installer\Products\389A53F28A92DE34BB6637CE409493CC

HKLM\Software\Classes\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78}

HKLM\Software\Classes\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}

HKLM\Software\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}

HKLM\Software\Classes\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF}

HKLM\Software\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}

HKLM\Software\Classes\TypeLib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C}

HKLM\Software\Classes\TypeLib\{565DD573-549E-4DA9-8CD7-6AE3DF25339A}

HKLM\Software\Classes\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F}

HKLM\Software\Classes\TypeLib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA}

HKLM\Software\Classes\TypeLib\{F5B8C69C-9B45-4A6A-9380-DF225C546AE7}

HKLM\software\Customized Platform Advancer

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\389A53F28A92DE34BB6637CE409493CC

HKLM\software\microsoft\windows\currentversion\uninstall\{2F35A983-29A8-43ED-BB66-73EC044939CC}

HKLM\Software\Mozilla\Firefox\Extensions\\{40f1eb95-4de4-4f36-a826-054ee36bb905}

HKLM\Software\Mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}

HKLM\Software\Mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}

HKLM\Software\Mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}

HKLM\software\Web Search Operator

HKU\s-1-5-21-1708537768-1336601894-839522115-1004\software\Automated Content Enhancer

HKU\s-1-5-21-1708537768-1336601894-839522115-1004\software\CMW

HKU\s-1-5-21-1708537768-1336601894-839522115-1004\software\Customized Platform Advancer

HKU\s-1-5-21-1708537768-1336601894-839522115-1004\software\HottieStar Toolbar

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.6 [pt-BR] *

.

ProfilePath: vote3dcl.default (Rocko)

.

(Rocko, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{40f1eb95-4de4-4f36-a826-054ee36bb905}:2.1.3.0,{E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.1990,{8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5260,{E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1850,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

.

(Rocko, prefs.js) FOUND - General.useragent.extra.hotvideobar, hotvideobar_3_1_573561454139387_82_35 VB_hottiestar

(Rocko, prefs.js) FOUND - Hotvideobar.startonce, false

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Search Page: &hxxp://home.microsoft.com/intl/br/access/allinone.asp

Enable Browser Extensions: yes

Use Search Asst: no

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Search Bar: hxxp://www.mirarsearch.com/?useie5=1&q=

Use Custom Search URL: 1 (0x1)

SearchAssistant: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Temporary Internet Files\Content.IE5\50J3AMAY\SPT_38_DB_3.012.017.0000_patch_3.012.016.000[1].torrent

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Temporary Internet Files\Content.IE5\CXE0OK48\SPT_38_DB_4.001.007.0000_patch_4.001.006.000[1].torrent

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Temporary Internet Files\Content.IE5\ICEIDKS2\SPT_38_DB_3.012.031.0000_patch_3.012.030.000[1].torrent

C:\Documents and Settings\Tr‚cko\Meus documentos\Mu Dance\MUDANCE1.04x_patch.exe

C:\Documents and Settings\Tr‚cko\Meus documentos\Mu Profecy\Patch Mu Profecy.rar

C:\Documents and Settings\Tr‚cko\Meus documentos\Mu Profecy\Patch\Mu Profecy\Mu Profecy.exe

.

===================================

.

9922 Byte(s) - C:\Ad-Report-SCAN[1].log

.

435 File(s) - C:\DOCUME~1\Rocko\CONFIG~1\Temp

4 File(s) - C:\WINDOWS\Temp

129 File(s) - C:\WINDOWS\Prefetch

.

2 File(s) - C:\Ad-Remover\BACKUP

0 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 16:28:45 | qua 02/03/aaaa - SCAN[1]

.

============== E.O.F ==============

.

 

 

Atenciosamente,

 

Rocko Carvalho

[wings 22]

*Execute novamente o AD-Remover

*Tecle L > [ENTER]...aguarde, pode demorar e o seu PC poderá ser reiniciado ou não.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack

[Rocko! 0]

Wings,

 

executei tudo por aqui e segue os log

 

Ad-Report

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 29.01.2010 at 16:43

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 18:08:48, qua 02/03/aaaa | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: P-3879999DA0D14 | Current user: Rocko

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\DOCUME~1\Rocko\CONFIG~1\Temp\cmw

C:\Arquivos de programas\Automated Content Enhancer

C:\Arquivos de programas\Content Management Wizard

C:\Arquivos de programas\Customized Platform Advancer

C:\Arquivos de programas\HottieStar Toolbar

C:\Arquivos de programas\Internet Today

C:\Arquivos de programas\QuestService

C:\Arquivos de programas\Textual Content Provider

C:\Arquivos de programas\Web Search Operator

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\AskToolbar

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\AskToolbar

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Automated Content Enhancer

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Automated Content Enhancer

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Customized Platform Advancer

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Customized Platform Advancer

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\HottieStar Toolbar

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Internet Today

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Dados de aplicativos\ShoppingReport

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Textual Content Provider

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Textual Content Provider

C:\Documents and Settings\Renatinha.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Web Search Operator

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Dados de aplicativos\Web Search Operator

 

(!) -- Temp files deleted.

 

.

HKCU\software\Automated Content Enhancer

HKCU\software\CMW

HKCU\software\Customized Platform Advancer

HKCU\software\HottieStar Toolbar

HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}

HKLM\software\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}

HKLM\software\appdatalow\software\Internet Today

HKLM\software\Automated Content Enhancer

HKLM\Software\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}

HKLM\Software\Classes\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}

HKLM\Software\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}

HKLM\Software\Classes\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKLM\Software\Classes\CLSID\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}

HKLM\Software\Classes\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}

HKLM\software\classes\ExplorerBar.CMW

HKLM\software\classes\ExplorerBar.CMW.1

HKLM\software\classes\ExplorerBar.FunExplorer

HKLM\software\classes\ExplorerBar.FunExplorer.1

HKLM\software\classes\ExplorerBar.FunRedirector

HKLM\software\classes\ExplorerBar.FunRedirector.1

HKLM\software\classes\ExplorerBar.TCP

HKLM\software\classes\ExplorerBar.TCP.1

HKLM\software\classes\installer\Products\389A53F28A92DE34BB6637CE409493CC

HKLM\Software\Classes\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78}

HKLM\Software\Classes\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}

HKLM\Software\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}

HKLM\Software\Classes\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF}

HKLM\Software\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}

HKLM\Software\Classes\TypeLib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C}

HKLM\Software\Classes\TypeLib\{565DD573-549E-4DA9-8CD7-6AE3DF25339A}

HKLM\Software\Classes\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F}

HKLM\Software\Classes\TypeLib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA}

HKLM\Software\Classes\TypeLib\{F5B8C69C-9B45-4A6A-9380-DF225C546AE7}

HKLM\software\Customized Platform Advancer

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\389A53F28A92DE34BB6637CE409493CC

HKLM\software\microsoft\windows\currentversion\uninstall\{2F35A983-29A8-43ED-BB66-73EC044939CC}

HKLM\Software\Mozilla\Firefox\Extensions\\{40f1eb95-4de4-4f36-a826-054ee36bb905}

HKLM\Software\Mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}

HKLM\Software\Mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}

HKLM\Software\Mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}

HKLM\software\Web Search Operator

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.6 [pt-BR] *

.

ProfilePath: vote3dcl.default (Rocko)

.

(Rocko, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{40f1eb95-4de4-4f36-a826-054ee36bb905}:2.1.3.0,{E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.1990,{8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5260,{E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1850,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

.

(Rocko, prefs.js) ERASED - General.useragent.extra.hotvideobar, hotvideobar_3_1_573561454139387_82_35 VB_hottiestar

(Rocko, prefs.js) ERASED - Hotvideobar.startonce, false

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Enable Browser Extensions: yes

Use Search Asst: no

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Start Page: hxxp://fr.msn.com/

Search Bar: hxxp://search.msn.com/spbasic.htm

Use Custom Search URL: 1 (0x1)

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Temporary Internet Files\Content.IE5\50J3AMAY\SPT_38_DB_3.012.017.0000_patch_3.012.016.000[1].torrent

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Temporary Internet Files\Content.IE5\CXE0OK48\SPT_38_DB_4.001.007.0000_patch_4.001.006.000[1].torrent

C:\Documents and Settings\Paty.P-3879999DA0D14\Configura‡äes locais\Temporary Internet Files\Content.IE5\ICEIDKS2\SPT_38_DB_3.012.031.0000_patch_3.012.030.000[1].torrent

C:\Documents and Settings\Tr‚cko\Meus documentos\Mu Dance\MUDANCE1.04x_patch.exe

C:\Documents and Settings\Tr‚cko\Meus documentos\Mu Profecy\Patch Mu Profecy.rar

C:\Documents and Settings\Tr‚cko\Meus documentos\Mu Profecy\Patch\Mu Profecy\Mu Profecy.exe

.

===================================

.

9787 Byte(s) - C:\Ad-Report-CLEAN[1].log

10247 Byte(s) - C:\Ad-Report-SCAN[1].log

.

429 File(s) - C:\DOCUME~1\Rocko\CONFIG~1\Temp

4 File(s) - C:\WINDOWS\Temp

0 File(s) - C:\WINDOWS\Prefetch

.

19 File(s) - C:\Ad-Remover\BACKUP

569 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 18:18:29 | qua 02/03/aaaa - CLEAN[1]

.

============== E.O.F ==============

.

 

 

------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:19:42, on 2/3/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\vsnpstd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Rocko\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Documents and Settings\Rocko\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [MSSE] "C:\Arquivos de programas\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rocko\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Arquivos de programas\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226315876551

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226321608281

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

 

--

End of file - 8454 bytes

 

 

---------------------------------------------------------------------

 

 

Atenciosamente,

 

Rocko Carvalho

[wings 22]

OK...log limpo.

 

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

Informe se o problema ainda persiste. Caso negativo, um abraço.

[Rocko! 0]

Wings,

 

Muito obrigado brother ... Tudo voltou a funcionar perfeitamente, já não sofro mais fechando diversas paginas .. rsrs

 

Atenciosamente,

 

Rocko Carvalho

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.