[Arquivado] &nbspAnalisem esse log

[ItaloCCSL 0]

Pessoal este pc que estou usando agora está bem estranho...

Bom, basicamente é a demora dele que é muito estranha, porque quando eu entro na internet tudo trava se eu não esperar um pouco. Tipo se eu quiser mudar de música ou mexer em alguma pasta e outra demorar também é estranha... A de quando eu faço o login em qualquer site tudo trava e tenho que esperar um pouco para voltar a funcionar. Outra coisa ele não resistra qualquer pendrive que boto(no caso é aquele icone que era para aparecer do lado do relógio que você chica nele para retirar com segurança). Por favor me ajudem a resolver esse problema.

 

Esta ai o log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:23:13, on 29/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ROCKWE~1\RSCommon\RSOBSERV.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\OpcEnum.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\ARQUIV~1\ROCKWE~1\RSLinx\RSLINX.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Microsoft Office\Office12\POWERPNT.EXE

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Arquivos de programas\FileHippo.com\UpdateChecker.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll

R3 - URLSearchHook: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O1 - Hosts: 69.162.74.214 www.itau.com.br

O1 - Hosts: 69.162.74.214 itau.com.br

O1 - Hosts: 69.162.74.214 www.itaupersonnalite.com.br

O1 - Hosts: 69.162.74.214 itaupersonnalite.com.br

O1 - Hosts: 69.162.74.214 www.itaupersonnalite.com

O1 - Hosts: 69.162.74.214 itaupersonnalite.com

O1 - Hosts: 69.162.74.214 www.itauprivatebank.com.br

O1 - Hosts: 69.162.74.214 itauprivatebank.com.br

O1 - Hosts: 69.162.74.214 www.itautrade.com.br

O1 - Hosts: 69.162.74.214 www.itautrade.com

O1 - Hosts: 69.162.74.215 www.santander.com.br

O1 - Hosts: 69.162.74.215 santander.com.br

O1 - Hosts: 69.162.74.217 www.nossacaixa.com.br

O1 - Hosts: 69.162.74.217 nossacaixa.com.br

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226682423968

O17 - HKLM\System\CCS\Services\Tcpip\..\{AD5BB95A-9D55-41F0-ADB6-749145D1E934}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: dnWhoDisp - Unknown owner - C:\Arquivos de programas\Rockwell Software\RSLINX\dnwhodisp.exe

O23 - Service: Harmony - Rockwell Software Inc. - C:\ARQUIV~1\ROCKWE~1\RSCommon\RSOBSERV.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: RSLinx - Rockwell Software, Inc. - C:\ARQUIV~1\ROCKWE~1\RSLinx\RSLINX.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 12509 bytes

 

 

Desde já obrigado.

[wings 22]

Bom dia....

 

 

1.

*Baixe o HostsXpert e salve-o no desktop

*Extraia para o desktop e execute-o.

*Clique em > [Restore Microsoft's Hosts File]

 

2.

*Baixe o DDS e salve-o no desktop

*Desative temporariamente seu antivírus

 

  Citar

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Duplo clique em dds e aguarde. Salve os relatórios no desktop

*Cole o relatório criado em DDS.txt

[ItaloCCSL 0]

  Em 03/07/2010 at 11:09, wings disse:

Bom dia....

 

 

1.

*Baixe o HostsXpert'>http://www.funkytoad.com/download/HostsXpert.zip"]HostsXpert e salve-o no desktop

*Extraia para o desktop e execute-o.

*Clique em > [Restore Microsoft's Hosts File]

 

2.

*Baixe o DDS'>http://download.bleepingcomputer.com/sUBs/dds.scr"]DDS e salve-o no desktop

*Desative temporariamente seu antivírus

 

  Citar

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Duplo clique em dds e aguarde. Salve os relatórios no desktop

*Cole o relatório criado em DDS.txt

 

 

Boa tarde Wings! =)

 

 

Está aqui o que você pediu.

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Priscila Araujo at 15:15:58,42 on dom 04/07/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.289 [GMT -3:00]

 

AV: avast! antivirus 4.8.1351 [VPS 100704-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\ARQUIV~1\ROCKWE~1\RSCommon\RSOBSERV.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\OpcEnum.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\ARQUIV~1\ROCKWE~1\RSLinx\RSLINX.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Priscila Araujo\Desktop\utorrent.exe

C:\Documents and Settings\Priscila Araujo\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://google.flashget.com/

uSearch Page =

uSearch Bar =

mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s

mSearchAssistant =

uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\arquivos de programas\asksearch\bin\DefaultSearch.dll

uURLSearchHooks: D'Accord Music Software BR Toolbar: {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - c:\arquivos de programas\d'accord_music_software_br\tbD'A0.dll

BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\arquivos de programas\askbardis\bar\bin\askBar.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: D'Accord Music Software BR Toolbar: {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - c:\arquivos de programas\d'accord_music_software_br\tbD'A0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\arquivos de programas\askbardis\bar\bin\askBar.dll

TB: D'Accord Music Software BR Toolbar: {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - c:\arquivos de programas\d'accord_music_software_br\tbD'A0.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [PC Suite Tray] "c:\arquivos de programas\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [skyTel] SkyTel.EXE

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [Lexmark X1100 Series] "c:\arquivos de programas\lexmark x1100 series\lxbkbmgr.exe"

mRun: [AnyDVD] c:\arquivos de programas\slysoft\anydvd\AnyDVD.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\prisci~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Save YouTube Video as MP3 - c:\arquivos de programas\arquivos comuns\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226682423968

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {AD5BB95A-9D55-41F0-ADB6-749145D1E934} = 200.165.132.155 200.149.55.140

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\prisci~1\dadosd~1\mozilla\firefox\profiles\170q3atr.default\

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - component: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-5 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-5 20560]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2008-11-5 138680]

R2 Iprip;RIP de escuta;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]

S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\virtualbackplane.sys --> c:\windows\system32\drivers\VirtualBackplane.sys [?]

S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [2004-9-29 71448]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2008-11-5 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2008-11-5 352920]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]

S3 RS_SS_NT;RSLinx S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [2004-9-29 142592]

S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2004-9-29 30166]

S3 RSSERIAL;RSLinx Serial Driver;c:\windows\system32\rsserial.sys [2004-9-29 155440]

 

=============== Created Last 30 ================

 

2010-06-30 16:08:35 0 d-----w- c:\arquivos de programas\arquivos comuns\xing shared

2010-06-30 16:04:25 0 d-----w- c:\arquivos de programas\arquivos comuns\Apple

2010-06-29 20:54:57 0 d-----w- c:\docume~1\prisci~1\dadosd~1\Malwarebytes

2010-06-29 20:54:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-29 20:54:44 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2010-06-29 20:54:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-29 20:54:42 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-06-29 20:20:03 0 d-----w- c:\arquivos de programas\Trend Micro

2010-06-29 19:56:30 0 d-----w- c:\arquivos de programas\FileHippo.com

 

==================== Find3M ====================

 

2010-06-23 11:43:35 645596 ----a-w- c:\windows\system32\perfh016.dat

2010-06-23 11:43:35 137148 ----a-w- c:\windows\system32\perfc016.dat

2010-05-02 08:26:15 1851008 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:47:37 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 15:36:51 664064 ----a-w- c:\windows\system32\wininet.dll

2010-04-16 15:36:46 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-03-28 01:14:45 0 ----a-w- c:\arquivos de programas\G200902B.log

 

============= FINISH: 15:16:39,59 ===============

 

Desde já obrigado.

[wings 22]

1.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

 

2.

*Baixe e instale o CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

3.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack

[ItaloCCSL 0]

  Em 04/07/2010 at 18:38, wings disse:

1.

*Baixe o AD-Remover'>http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe"]AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

 

2.

*Baixe e instale o CCleaner'>http://www.piriform.com/ccleaner/download/slim/downloadfile"]CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

3.

*Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack

 

 

3. tá aqui:

 

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 23/06/10 at 19:20

Contact: AdRemover.contact@gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 18:26:22 on 04/07/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 2 (X86)

Priscila Araujo@PRISCILA ( )

 

============== ACTION(S) ==============

 

 

0,File deleted: C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js

0,Folder deleted: C:\Documents and Settings\Priscila Araujo\Dados de aplicativos\Mozilla\FireFox\Profiles\170q3atr.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

0,File deleted: C:\Documents and Settings\Priscila Araujo\Dados de aplicativos\Mozilla\FireFox\Profiles\170q3atr.default\searchplugins\ask.xml

0,Folder deleted: C:\Arquivos de programas\AskBarDis

0,Folder deleted: C:\Arquivos de programas\AskSearch

0,Folder deleted: C:\Documents and Settings\Priscila Araujo\Configurações locais\Dados de aplicativos\Conduit

0,Folder deleted: C:\Arquivos de programas\Conduit

 

(!) -- Temporary files deleted.

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}

1,Key deleted: HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}

1,Key deleted: HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}

1,Key deleted: HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}

1,Key deleted: HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

1,Key deleted: HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}

1,Key deleted: HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}

1,Key deleted: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}

1,Key deleted: HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}

1,Key deleted: HKLM\Software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

1,Key deleted: HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}

1,Key deleted: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}

1,Key deleted: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}

1,Key deleted: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}

1,Key deleted: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}

1,Key deleted: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}

1,Key deleted: HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}

0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton

0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1

0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl

0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1

0,Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin

0,Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1

0,Key deleted: HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook

0,Key deleted: HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1

0,Key deleted: HKLM\Software\AskBarDis

0,Key deleted: HKLM\Software\Conduit

0,Key deleted: HKLM\Software\Freeze.com

0,Key deleted: HKCU\Software\Conduit

0,Key deleted: HKCU\Software\Freeze.com

0,Key deleted: HKCU\Software\AppDataLow\AskBarDis

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1

 

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{C94E154B-1459-4A47-966B-4B843BEFC7DB}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.6 (pt-BR)] **

 

-- C:\Documents and Settings\Priscila Araujo\Dados de aplicativos\Mozilla\FireFox\Profiles\170q3atr.default\Prefs.js --

browser.download.dir, C:\\Documents and Settings\\Priscila Araujo\\Desktop

browser.download.lastDir, C:\\Documents and Settings\\Priscila Araujo\\Meus documentos\\Minhas imagens

browser.startup.homepage, hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

browser.startup.homepage_override.mstone, rv:1.9.2.6

 

========================================

 

** Internet Explorer Version [6.0.2900.2180] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

SearchAssistant:

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 42 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 04/07/2010 (1156 Byte(s))

 

End at: 18:34:35, 04/07/2010

 

============== E.O.F ==============

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:14:50, on 6/7/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\ROCKWE~1\RSCommon\RSOBSERV.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\OpcEnum.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\ARQUIV~1\ROCKWE~1\RSLinx\RSLINX.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Documents and Settings\Priscila Araujo\Desktop\utorrent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226682423968

O17 - HKLM\System\CCS\Services\Tcpip\..\{AD5BB95A-9D55-41F0-ADB6-749145D1E934}: NameServer = 200.165.132.155 200.149.55.140

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: dnWhoDisp - Unknown owner - C:\Arquivos de programas\Rockwell Software\RSLINX\dnwhodisp.exe

O23 - Service: Harmony - Rockwell Software Inc. - C:\ARQUIV~1\ROCKWE~1\RSCommon\RSOBSERV.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: RSLinx - Rockwell Software, Inc. - C:\ARQUIV~1\ROCKWE~1\RSLinx\RSLINX.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 11259 bytes

[wings 22]

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

Como está o PC?

[ItaloCCSL 0]

  Em 06/07/2010 at 18:29, wings disse:

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

Como está o PC?

 

 

Bom, ainda está travando quando entra na internet (A barra de baixo onde tem o menu iniciar) e o botão para retirar os pendrives ainda não voltou a aparecer.

Mesmo assim teve uma certa melhoria; está mais rápido e obrigado por tudo que você tem feito para melhorar o pc até agora.

[wings 22]

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[ItaloCCSL 0]

  Em 06/07/2010 at 20:55, wings disse:

*Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam/program/mbam-setup.exe"]MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

 

Está aqui:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4285

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

9/7/2010 17:32:45

mbam-log-2010-07-09 (17-32-45).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 225660

Tempo decorrido: 49 minuto(s), 20 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'Ac.dll (Adware.NetPumper) -> Quarantined and deleted successfully.

 

 

Uma pergunta... Eu percebi que alguns programas desse computador estão com a prioridade alta (Eu olhei nos processos do gerenciador de programa), você acha que pode ter alguma relação?

[wings 22]

Não acredito que seja isso....

 

 

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término....

*Retire o CD e reinicie o PC

[ItaloCCSL 0]

  Em 09/07/2010 at 21:00, wings disse:

Não acredito que seja isso....

 

 

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término....

*Retire o CD e reinicie o PC

 

Vixe cara, essa máquina é da minha namorada e ela disse que não sabe de cd do windows (Se realmente existir ela não sabe onde guardou).

 

Teria mais alguma alternativa?

Continua travando quando liga o pc e principalmente quando liga a internet.

[wings 22]

*Desative temporariamente seu antivírus

 

  Citar

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

[ItaloCCSL 0]

ComboFix 10-07-27.05 - Priscila Araujo 28/07/2010 19:32:51.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.465 [GMT -3:00]

Executando de: c:\documents and settings\Priscila Araujo\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 100728-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Criado um novo ponto de restauração

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\vbzlib1.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))

.

 

2010-07-27 16:55 . 2010-07-27 16:56 -------- d-----w- c:\arquivos de programas\Ask.com

2010-07-27 16:55 . 2010-07-27 16:55 -------- d-----w- c:\arquivos de programas\WinPcap

2010-07-27 16:54 . 2010-07-27 16:54 -------- d-----w- c:\arquivos de programas\DsNET Corp

2010-07-24 14:44 . 2010-07-24 14:44 -------- d-----w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\IObit

2010-07-24 14:44 . 2010-07-24 14:44 -------- d-----w- c:\arquivos de programas\IObit

2010-07-14 12:01 . 2010-07-14 12:01 503808 ----a-w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4c730f73-n\msvcp71.dll

2010-07-14 12:01 . 2010-07-14 12:01 499712 ----a-w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4c730f73-n\jmc.dll

2010-07-14 12:01 . 2010-07-14 12:01 348160 ----a-w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4c730f73-n\msvcr71.dll

2010-07-14 11:58 . 2010-07-14 11:58 61440 ----a-w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-178d051e-n\decora-sse.dll

2010-07-14 11:58 . 2010-07-14 11:58 12800 ----a-w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-178d051e-n\decora-d3d.dll

2010-07-14 11:58 . 2010-07-14 11:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-07-14 11:57 . 2010-07-14 11:57 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-30 16:09 . 2010-06-30 16:09 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-06-30 16:09 . 2010-06-30 16:09 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-06-30 16:09 . 2010-06-30 16:09 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-06-29 20:54 . 2010-06-29 20:54 -------- d-----w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Malwarebytes

2010-06-29 20:54 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-29 20:54 . 2010-06-29 20:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-06-29 20:54 . 2010-06-29 20:54 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-06-29 20:54 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-29 20:20 . 2010-06-29 20:20 388096 ----a-r- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-29 20:20 . 2010-06-29 20:20 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-06-29 19:56 . 2010-06-29 19:56 -------- d-----w- c:\arquivos de programas\FileHippo.com

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 14:26 . 2009-05-17 19:00 -------- d-----w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\uTorrent

2010-07-16 00:02 . 2008-11-11 00:48 -------- d-----w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\PC Suite

2010-07-15 06:02 . 2008-11-05 00:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-07-14 00:18 . 2008-12-23 23:11 -------- d-----w- c:\arquivos de programas\Any Video Converter

2010-07-01 18:58 . 2008-11-08 01:47 -------- d-----w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Media Player Classic

2010-06-30 16:09 . 2010-06-30 01:33 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-06-30 16:09 . 2010-06-30 01:33 49152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-06-30 16:09 . 2010-06-30 01:33 308808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-06-30 16:09 . 2010-06-30 16:09 40960 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-06-30 16:09 . 2010-06-30 16:09 14848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-06-30 16:09 . 2010-06-30 16:09 341600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-06-30 16:09 . 2008-11-16 08:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-06-30 16:08 . 2008-11-16 08:57 -------- d-----w- c:\arquivos de programas\Real

2010-06-30 16:08 . 2010-06-30 16:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-06-30 16:06 . 2010-06-30 16:04 -------- d-----w- c:\arquivos de programas\QuickTime

2010-06-30 16:04 . 2010-06-30 16:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-06-30 16:04 . 2010-06-30 16:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-06-29 20:07 . 2010-05-22 23:40 -------- d-----w- c:\arquivos de programas\CCleaner

2010-06-23 11:43 . 2001-10-28 18:07 645596 ----a-w- c:\windows\system32\perfh016.dat

2010-06-23 11:43 . 2001-10-28 18:07 137148 ----a-w- c:\windows\system32\perfc016.dat

2010-06-14 14:30 . 2008-11-05 00:17 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-13 23:47 . 2010-05-28 22:39 -------- d-----w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\PhotoScape

2010-05-25 00:18 . 2010-04-07 21:18 439816 ----a-w- c:\documents and settings\Priscila Araujo\Dados de aplicativos\Real\Update\setup3.10\setup.exe

2010-05-02 08:26 . 2004-08-04 03:38 1851008 ----a-w- c:\windows\system32\win32k.sys

2009-03-28 01:14 . 2009-03-28 01:14 0 ----a-w- c:\arquivos de programas\G200902B.log

.

 

------- Sigcheck -------

 

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\2a60e602cf3ad9f8995c50d6eb232bb8\tcpip.sys

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-07-27_16.43.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-28 21:49 . 2010-07-28 21:49 16384 c:\windows\Temp\Perflib_Perfdata_920.dat

+ 2010-07-28 19:27 . 2010-07-28 19:27 16384 c:\windows\Temp\Perflib_Perfdata_648.dat

+ 2009-11-16 16:33 . 2009-11-16 16:33 53299 c:\windows\system32\pthreadVC.dll

+ 2008-08-19 00:18 . 2008-08-19 00:18 77824 c:\windows\system32\fmcodec.DLL

+ 2009-11-16 16:33 . 2009-11-16 16:33 50704 c:\windows\system32\drivers\npf.sys

+ 2010-07-27 16:55 . 2010-07-27 16:55 77824 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe

+ 2009-11-16 16:33 . 2009-11-16 16:33 281104 c:\windows\system32\wpcap.dll

+ 2009-11-16 16:33 . 2009-11-16 16:33 100880 c:\windows\system32\Packet.dll

+ 2010-02-20 18:38 . 2010-07-28 21:53 227886 c:\windows\system32\inetsrv\MetaBase.bin

+ 2009-12-17 04:53 . 2009-12-17 04:53 1386496 c:\windows\system32\msvbvm60.dll

+ 2010-07-27 16:55 . 2010-07-27 16:55 1860096 c:\windows\Installer\b58bf.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-03-10 1397224]

"{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}"= "c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll" [2010-03-30 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

 

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

2010-03-30 22:50 2349080 ----a-w- c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-03-10 23:59 1397224 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}"= "c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll" [2010-03-30 2349080]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-03-10 1397224]

 

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}"= "c:\arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll" [2010-03-30 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-15 2235920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"AnyDVD"="c:\arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe" [2008-12-23 454144]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-06-30 202256]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Priscila Araujo\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Documents and Settings\\Priscila Araujo\\Desktop\\utorrent.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"$INSTDIR\\FlvDetector.exe"= c:\\Arquivos de programas\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Agrupamento de Mesmo Nível do Windows

"3540:UDP"= 3540:UDP:Protocolo PNRP (Peer Name Resolution Protocol)

"25468:TCP"= 25468:TCP:BitComet 25468 TCP

"25468:UDP"= 25468:UDP:BitComet 25468 UDP

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/11/2008 16:54 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/11/2008 16:54 20560]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 13:33 50704]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]

S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [29/9/2004 11:20 71448]

S3 RS_SS_NT;RSLinx S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [29/9/2004 11:20 142592]

S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [29/9/2004 11:20 30166]

S3 RSSERIAL;RSLinx Serial Driver;c:\windows\system32\rsserial.sys [29/9/2004 11:20 155440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-117609710-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

 

2010-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-117609710-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09]

 

2010-07-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\arquivos de programas\Ask.com\UpdateTask.exe [2010-03-10 23:59]

 

2010-07-28 c:\windows\Tasks\Symantec NetDetect.job

- c:\arquivos de programas\Symantec\LiveUpdate\NDETECT.EXE [2008-12-24 17:15]

 

2010-07-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.search-results.com?o=102348&l=dis

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Save YouTube Video as MP3 - c:\arquivos de programas\Arquivos comuns\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

TCP: {AD5BB95A-9D55-41F0-ADB6-749145D1E934} = 200.165.132.155 200.149.55.140

FF - ProfilePath - c:\documents and settings\Priscila Araujo\Dados de aplicativos\Mozilla\Firefox\Profiles\170q3atr.default\

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - component: c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-28 19:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-07-28 19:37:36

ComboFix-quarantined-files.txt 2010-07-28 22:37

ComboFix2.txt 2010-07-27 16:48

 

Pré-execução: 10 pasta(s) 27.708.579.840 bytes disponíveis

Pós execução: 11 pasta(s) 27.698.339.840 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 3918C2980052CA891F7E00CB613395B4

[wings 22]

O log está limpo....

 

1.

*Acesse a pasta c:\arquivos de programas\Ask.com e execute o arquivo uninstall.exe

 

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

3.

*Atualize seu Internet Explorer...

http://www.microsoft.com/downloads/details.aspx?displaylang=pt-br&FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b

 

4.

*Baixe o ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner

*Selecione: [] Select All

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera:

*Clique na aba "Firefox" ou em "Opera"

*Selecione: [] Select All

*Clique em [sim] > [Empty Selected] > [sim]

*Clique em [Exit] ou no [X] para sair do programa

 

Um abraço.

[ItaloCCSL 0]

  Em 02/08/2010 at 00:05, wings disse:

O log está limpo....

 

1.

*Acesse a pasta c:\arquivos de programas\Ask.com e execute o arquivo uninstall.exe

 

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

3.

*Atualize seu Internet Explorer...

http://www.microsoft.com/downloads/details.aspx?displaylang=pt-br&FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b

 

4.

*Baixe o ATF'>http://www.atribune.org/ccount/click.php?id=1"]ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner

*Selecione: [] Select All

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera:

*Clique na aba "Firefox" ou em "Opera"

*Selecione: [] Select All

*Clique em [sim] > [Empty Selected] > [sim]

*Clique em [Exit] ou no [X] para sair do programa

 

Um abraço.

 

Tudo feito cara, mas ainda trava =/ Bem menos que antes, mesmo assim não da para ligar o pc sair fazendo as coisas e nem quando coneta a internet, já tenho que deixar o firefox aberto se não vai travar tudo se for abrir depois de conectar.

Outra coisa, o autorun não está funcionando. Creio que algum progama desativou ele e eu queria de volta.

Obrigado por tudo.

[wings 22]

  Em 05/08/2010 at 22:29, ItaloCCSL disse:

Outra coisa, o autorun não está funcionando. Creio que algum progama desativou ele e eu queria de volta.

Obrigado por tudo.

 

1.

*Baixe o Autofix e salve-o no desktop

*Execute o AutoFix

*Clique em [Avançar]. Na segunda janela, verifique se está tudo OK e clique em [Avançar], caso tenha alguma opção sem estar OK, clique em [Repair].

*Selecione a unidade de CD e clique em [Avançar] > [Repair]

*Reinicie o PC

*Caso a unidade do Pen Drive também esteja desativada, conecte o Pen Drive no PC

*Execute novamente o AutoFix

*Clique [Avançar] > [Avançar]. Selecione a unidade do Pen Drive, clique em [Repair] > [Avançar] > [Concluir]

*Reinicie o PC

 

2.

*Verifique sua fonte e a temperatura do HD.

[ItaloCCSL 0]

  Em 05/08/2010 at 23:43, wings disse:

2.

*Verifique sua fonte e a temperatura do HD.

 

 

Como faço?

[wings 22]

Bom...você pode usar o Everest para obter algumas informações do PC ou o HWMonitor.

 

Segue um link explicando alguns motivos de travamentos:

http://forum.wmonline.com.br/topic/95921-como-evitar-que-o-pc-trave/

 

1.

*Baixe novamente o AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique em [scan]....aguarde o término

*Cole o relatório criado em C:\Ad-Report-SCAN.log

[ItaloCCSL 0]

Boa noite.

Poh cara desculpa a demora milenar, mas finalmente tive tempo para responder e vamos direto ao assunto.

 

1º Verifique sua fonte e a temperatura do HD.

Usei o HWMonitor e creio que o que você queira está aqui: (Não sabia qual das temperatura era a que você queria)

 

 

  Mostrar conteúdo oculto

 

 

 

CPUID HWMonitor Report

-------------------------------------------------------------------------

 

Binaries

-------------------------------------------------------------------------

 

HWMonitor version 1.1.6.0

 

Monitoring

-------------------------------------------------------------------------

 

Mainboard Model 945GCM-S2C (0x0000026E - 0x12301058)

 

LPCIO

-------------------------------------------------------------------------

 

LPCIO Vendor ITE

LPCIO Model IT8718

LPCIO Vendor ID 0x90

LPCIO Chip ID 0x8718

LPCIO Revision ID 0x5

Config Mode I/O address 0x2E

Config Mode LDN 0x4

Config Mode registers

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00

10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

20 87 18 05 00 00 40 3F 00 41 08 00 00 00 00 00 00

30 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

60 02 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00

70 00 02 00 00 04 04 00 00 00 00 00 00 00 00 00 00

Register space LPC, base address = 0x0290

 

 

Hardware Monitors

-------------------------------------------------------------------------

 

Hardware monitor ITE IT87

Voltage 0 1.20 Volts [0x4B] (CPU VCORE)

Voltage 1 1.81 Volts [0x71] (VIN1)

Voltage 2 3.34 Volts [0xD1] (+3.3V)

Voltage 4 12.54 Volts [0xC4] (+12V)

Voltage 6 -3.84 Volts [0x3C] (-5V)

Voltage 8 3.10 Volts [0xC2] (VBAT)

Temperature 0 -54°C (-66°F) [0xC9] (TMPIN0)

Temperature 1 -4°C (23°F) [0xFB] (TMPIN1)

Temperature 2 36°C (96°F) [0x24] (TMPIN2)

Fan 0 1790 RPM [0x179] (FANIN0)

Fan PWM 0 99 pc [0x7F] (FANPWM0)

Fan PWM 1 99 pc [0x7F] (FANPWM1)

Fan PWM 2 0 pc [0x0] (FANPWM2)

Register space LPC, base address = 0x0290

 

00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00 11 10 A8 00 FF FF 00 37 FF 87 54 09 07 7A FF FF

10 FF FF FF 76 D7 7F 7F 82 01 FF FF FF FF FF FF FF

20 4A 71 D1 FF C4 00 2F FF C2 C9 FB 24 80 ED F9 F9

30 FF 00 FF 00 FF 00 FF 00 FF 00 FF 00 FF 00 FF 00

40 7F 7F 7F 7F 7F 7F 5F 74 2D 40 9C 22 FF FF FF FF

50 FF 1C 7F 7F 7F 50 FD FD 90 FD 06 12 60 00 00 00

60 00 14 41 23 90 03 FF FF 7F 7F 7F 00 00 7F FF FF

70 00 14 41 23 90 03 FF FF FF FF FF FF FF FF FF FF

80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00

90 FF 00 00 00 FF 00 00 00 FF FF FF FF FF FF FF FF

A0 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF

B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

 

Hardware monitor Intel Pentium E2180

Temperature 0 37°C (98°F) [0x30] (Core #0)

Temperature 1 34°C (93°F) [0x33] (Core #1)

 

Hardware monitor MAXTOR STM3250310AS

Temperature 0 42°C (107°F) [0x2A] (Assembly)

Temperature 2 42°C (107°F) [0x2A] (Air Flow)

 

 

Processors

-------------------------------------------------------------------------

 

Number of processors 1

Number of threads 2

 

APICs

-------------------------------------------------------------------------

 

Processor 0

-- Core 0

-- Thread 0 0

-- Core 1

-- Thread 0 1

 

Processors Information

-------------------------------------------------------------------------

 

Processor 1 ID = 0

Number of cores 2 (max 2)

Number of threads 2 (max 2)

Name Intel Pentium E2180

Codename Conroe

Specification Intel® Pentium® Dual CPU E2180 @ 2.00GHz

Package (platform ID) Socket 775 LGA (0x0)

CPUID 6.F.D

Extended CPUID 6.F

Core Stepping M0

Technology 65 nm

Core Speed 1200.1 MHz

Multiplier x FSB 6.0 x 200.0 MHz

Rated Bus speed 800.1 MHz

Stock frequency 2000 MHz

Instructions sets MMX, SSE, SSE2, SSE3, SSSE3, EM64T

L1 Data cache 2 x 32 KBytes, 8-way set associative, 64-byte line size

L1 Instruction cache 2 x 32 KBytes, 8-way set associative, 64-byte line size

L2 cache 1024 KBytes, 4-way set associative, 64-byte line size

FID/VID Control yes

FID range 6.0x - 10.0x

Max VID 1.325 V

 

 

 

Thread dumps

-------------------------------------------------------------------------

 

CPU Thread 0

APIC ID 0

Topology Processor ID 0, Core ID 0, Thread ID 0

Type 01008006h

Max CPUID level 0000000Ah

Max CPUID ext. level 80000008h

Cache descriptor Level 1, D, 32 KB, 1 thread(s)

Cache descriptor Level 1, I, 32 KB, 1 thread(s)

Cache descriptor Level 2, U, 1 MB, 2 thread(s)

 

CPUID

0x00000000 0x0000000A 0x756E6547 0x6C65746E 0x49656E69

0x00000001 0x000006FD 0x00020800 0x0000E39D 0xBFEBFBFF

0x00000002 0x05B0B101 0x005657F0 0x00000000 0x2CB43078

0x00000003 0x00000000 0x00000000 0x00000000 0x00000000

0x00000004 0x04000121 0x01C0003F 0x0000003F 0x00000001

0x00000004 0x04000122 0x01C0003F 0x0000003F 0x00000001

0x00000004 0x04004143 0x00C0003F 0x00000FFF 0x00000001

0x00000005 0x00000040 0x00000040 0x00000003 0x00000220

0x00000006 0x00000001 0x00000002 0x00000001 0x00000000

0x00000007 0x00000000 0x00000000 0x00000000 0x00000000

0x00000008 0x00000400 0x00000000 0x00000000 0x00000000

0x00000009 0x00000000 0x00000000 0x00000000 0x00000000

0x0000000A 0x07280202 0x00000000 0x00000000 0x00000503

0x80000000 0x80000008 0x00000000 0x00000000 0x00000000

0x80000001 0x00000000 0x00000000 0x00000001 0x20100000

0x80000002 0x65746E49 0x2952286C 0x6E655020 0x6D756974

0x80000003 0x20295228 0x6C617544 0x50432020 0x45202055

0x80000004 0x30383132 0x20402020 0x30302E32 0x007A4847

0x80000005 0x00000000 0x00000000 0x00000000 0x00000000

0x80000006 0x00000000 0x00000000 0x04004040 0x00000000

0x80000007 0x00000000 0x00000000 0x00000000 0x00000000

0x80000008 0x00003024 0x00000000 0x00000000 0x00000000

 

MSR 0x0000001B 0x00000000 0xFEE00900

MSR 0x0000003A 0x00000000 0x00000000

MSR 0x00000017 0x00000000 0x8B008A28

MSR 0x000000CD 0x00000000 0x00000802

MSR 0x0000003F 0x00000000 0x000000EA

MSR 0x000000CE 0x001D0A28 0x7F7F0616

MSR 0x000001A0 0x00000040 0x62872489

MSR 0x000000EE 0xA8000000 0xC37D4700

MSR 0x0000011E 0x00000000 0xBE702105

MSR 0x0000019C 0x00000000 0x88300000

MSR 0x00000198 0x0A280A28 0x06000A28

MSR 0x00000199 0x00000000 0x00000A28

 

CPU Thread 1

APIC ID 1

Topology Processor ID 0, Core ID 1, Thread ID 0

Type 01008006h

Max CPUID level 0000000Ah

Max CPUID ext. level 80000008h

Cache descriptor Level 1, D, 32 KB, 1 thread(s)

Cache descriptor Level 1, I, 32 KB, 1 thread(s)

Cache descriptor Level 2, U, 1 MB, 2 thread(s)

 

CPUID

0x00000000 0x0000000A 0x756E6547 0x6C65746E 0x49656E69

0x00000001 0x000006FD 0x01020800 0x0000E39D 0xBFEBFBFF

0x00000002 0x05B0B101 0x005657F0 0x00000000 0x2CB43078

0x00000003 0x00000000 0x00000000 0x00000000 0x00000000

0x00000004 0x04000121 0x01C0003F 0x0000003F 0x00000001

0x00000004 0x04000122 0x01C0003F 0x0000003F 0x00000001

0x00000004 0x04004143 0x00C0003F 0x00000FFF 0x00000001

0x00000005 0x00000040 0x00000040 0x00000003 0x00000220

0x00000006 0x00000001 0x00000002 0x00000001 0x00000000

0x00000007 0x00000000 0x00000000 0x00000000 0x00000000

0x00000008 0x00000400 0x00000000 0x00000000 0x00000000

0x00000009 0x00000000 0x00000000 0x00000000 0x00000000

0x0000000A 0x07280202 0x00000000 0x00000000 0x00000503

0x80000000 0x80000008 0x00000000 0x00000000 0x00000000

0x80000001 0x00000000 0x00000000 0x00000001 0x20100000

0x80000002 0x65746E49 0x2952286C 0x6E655020 0x6D756974

0x80000003 0x20295228 0x6C617544 0x50432020 0x45202055

0x80000004 0x30383132 0x20402020 0x30302E32 0x007A4847

0x80000005 0x00000000 0x00000000 0x00000000 0x00000000

0x80000006 0x00000000 0x00000000 0x04004040 0x00000000

0x80000007 0x00000000 0x00000000 0x00000000 0x00000000

0x80000008 0x00003024 0x00000000 0x00000000 0x00000000

 

MSR 0x0000001B 0x00000000 0xFEE00800

MSR 0x0000003A 0x00000000 0x00000000

MSR 0x00000017 0x00000000 0x8B008A28

MSR 0x000000CD 0x00000000 0x00000802

MSR 0x0000003F 0x00000000 0x000000EA

MSR 0x000000CE 0x001D0A28 0x7F7F0616

MSR 0x000001A0 0x00000040 0x62872489

MSR 0x000000EE 0xA8000000 0xC37D4700

MSR 0x0000011E 0x00000000 0xBE702105

MSR 0x0000019C 0x00000000 0x88330000

MSR 0x00000198 0x0A280A28 0x06000A28

MSR 0x00000199 0x00000000 0x00000A28

 

 

 

Storage

-------------------------------------------------------------------------

 

USB Device USB Mass Storage Device, class=0x00, subclass=0x00, vendor=0x05E3, product=0x0716

USB Device USB Mass Storage Device, class=0x00, subclass=0x00, vendor=0x0930, product=0x6545

 

Graphic APIs

-------------------------------------------------------------------------

 

API Intel I/O

 

Display Adapters

-------------------------------------------------------------------------

 

 

 

2º Aqui está o relatório do AD-Remover

 

======= REPORT FROM AD-REMOVER 2.0.0.1,E | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 06/09/10 at 15:20

Contact: AdRemover.contact[AT]gmail.com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (SCAN [1]) -> Launched at 15:39:20 on 08/09/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 2 (X86)

Priscila Araujo@PRISCILA ( )

 

============== SEARCH ==============

 

 

0,Folder found: C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File found: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

0,Folder found: C:\Documents and Settings\Priscila Araujo\Dados de aplicativos\Mozilla\FireFox\Profiles\170q3atr.default\extensions\toolbar@ask.com

0,Folder found: C:\Documents and Settings\Priscila Araujo\Configurações locais\Dados de aplicativos\AskToolbar

3,File found: C:\WINDOWS\Installer\a9ac4.msi

 

-- File opened: C:\Documents and Settings\Priscila Araujo\Dados de aplicativos\Mozilla\FireFox\Profiles\170q3atr.default\Prefs.js --

Line found: user_pref("extensions.asktb.cbid", "Q8");

Line found: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://int.search-results.com/web?o={o}&l={l...

Line found: user_pref("extensions.asktb.fresh-install", false);

Line found: user_pref("extensions.asktb.l", "dis");

Line found: user_pref("extensions.asktb.last-config-req", "1283904043882");

Line found: user_pref("extensions.asktb.locale", "pt_ZZ");

Line found: user_pref("extensions.asktb.o", "102365");

Line found: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line found: user_pref("extensions.asktb.qsrc", "2871");

Line found: user_pref("extensions.asktb.r", "2");

Line found: user_pref("extensions.asktb.search-suggestions-enabled", false);

Line found: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0...

-- File closed --

 

 

1,Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

1,Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

1,Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key found: HKLM\Software\Classes\Toolbar.CT1158440

0,Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key found: HKCU\Software\Ask.com

0,Key found: HKCU\Software\AskToolbar

0,Key found: HKCU\Software\Conduit

0,Key found: HKCU\Software\AppDataLow\AskToolbarInfo

3,Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

0,Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}

0,Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

 

-- C:\Documents and Settings\Priscila Araujo\Dados de aplicativos\Mozilla\FireFox\Profiles\170q3atr.default\Prefs.js --

browser.download.dir, C:\\Documents and Settings\\Priscila Araujo\\Desktop

browser.download.lastDir, C:\\Documents and Settings\\Priscila Araujo\\Desktop

browser.search.defaultenginename, Search-Results

browser.search.selectedEngine, Google

browser.startup.homepage, hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

browser.startup.homepage_override.mstone, rv:1.9.2.8

keyword.URL, hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=ATU-SRS&o=102365&locale=pt_ZZ&apn_uid=453C...

 

========================================

 

** Internet Explorer Version [6.0.2900.2180] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Show_ToolBar: yes

Start Page: hxxp://www.search-results.com?o=102348&l=dis

Use Custom Search URL: 1

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 1 File(s)

 

C:\Ad-Report-SCAN[1].txt - 08/09/2010 (1924 Byte(s))

 

End at: 15:47:15, 08/09/2010

 

============== E.O.F ==============

 

 

Pronto Wings, desculpa a demora.

 

Abraços

[wings 22]

1.

*Execute o AD-Remover

*Clique [Clean]...aguarde o término. A reinicialização do PC poderá ou não ser solicitada pelo programa.

 

2.

*Baixe o MV RegClean e instale-o

*Execute o MV RegClean. Uma página da internet será aberta. Feche-a.

*Clique [iniciar] e aguarde

*Ao finalizar, clique [Remover] > [sim] > [OK]

*Feche o MV RegClean

 

3.

*Baixe o WContig e salve-o no desktop

*Crie uma pasta em C:\ chamada WContig e extraia para ela

*Execute o WContig

*Clique na seta ao lado de [Adiciona]

*Clique [Adiciona pasta...] > selecione a partição onde seu Windows está instalado. Geralmente é "Disco local (C:)"

*Clique [Adiciona pasta] > [Fecha]

*Clique [Desfragmenta] > [Checa disco] > [inicia limpeza de disco]

*Ao finalizar surgirá uma janela com o resultado

*Clique [Fecha]

 

4.

*Cole o relatório C:\Ad-Report-CLEAN.log

 

Informe.