Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Leandrueo

[Arquivado] &nbspEstou com virus!

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:45, on 21/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15425&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfir.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfir.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfir.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\ARQUIV~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000343&p=ZKfox000&si=&a=N8HySxhIqJr.Vju4r_r81w&n=2010102516

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG8\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 10690 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá Leandrueo!

 

:seta: Siga, por gentileza, estas dicas:

 

'>http://www.caixadedicas.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://www.caixadedicas.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D

_________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

RcAuto1.gif

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://www.caixadedicas.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e o log do Toolbar S&D que estará em C:\ToolBar SD\TB_1.txt em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:57:39, on 22/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\Microsoft Application Virtualization Client\sftvsa.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Microsoft Application Virtualization Client\sftlist.exe

C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfir.dll

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfir.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Arquivos de programas\XfireXO\tbXfir.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG8\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 9552 bytes

 

 

 

 

 

 

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 13/06/10 at 20:40

Contact: AdRemover.contact@gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:29:42 on 22/11/2010, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

windows, ALESSANDRO ( )

 

============== ACTION(S) ==============

 

Service: "MyWebSearchService" Service stopped and deleted

 

0,File deleted: C:\WINDOWS\system32\f3PSSavr.scr

0,Folder deleted: C:\Documents and Settings\windows\Configurações locais\Dados de aplicativos\Conduit

0,Folder deleted: C:\Arquivos de programas\Conduit

0,Folder deleted: C:\Arquivos de programas\FunWebProducts

0,Folder deleted: C:\Arquivos de programas\MyWebSearch

 

(!) -- Temporary files deleted.

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

1,Key deleted: HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

1,Key deleted: HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

1,Key deleted: HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

1,Key deleted: HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}

1,Key deleted: HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}

1,Key deleted: HKLM\Software\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

1,Key deleted: HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}

1,Key deleted: HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}

1,Key deleted: HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}

1,Key deleted: HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

1,Key deleted: HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

1,Key deleted: HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}

1,Key deleted: HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

1,Key deleted: HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

1,Key deleted: HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

1,Key deleted: HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

1,Key deleted: HKLM\Software\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

1,Key deleted: HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}

1,Key deleted: HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

1,Key deleted: HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

1,Key deleted: HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

1,Key deleted: HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

1,Key deleted: HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

1,Key deleted: HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

1,Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

1,Key deleted: HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

1,Key deleted: HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

1,Key deleted: HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

1,Key deleted: HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

1,Key deleted: HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}

1,Key deleted: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

1,Key deleted: HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

1,Key deleted: HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}

1,Key deleted: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

1,Key deleted: HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

1,Key deleted: HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

1,Key deleted: HKLM\Software\Classes\Interface\{D8F245F7-60CF-4370-A70D-6867467ECBF2}

1,Key deleted: HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

1,Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

1,Key deleted: HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

1,Key deleted: HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}

1,Key deleted: HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}

1,Key deleted: HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}

1,Key deleted: HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}

1,Key deleted: HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}

1,Key deleted: HKLM\Software\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

1,Key deleted: HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}

1,Key deleted: HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}

1,Key deleted: HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}

1,Key deleted: HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

1,Key deleted: HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

1,Key deleted: HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}

1,Key deleted: HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl

0,Key deleted: HKLM\Software\Classes\FunWebProducts.DataControl.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.HTMLMenu.2

0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager

0,Key deleted: HKLM\Software\Classes\FunWebProducts.IECookiesManager.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager

0,Key deleted: HKLM\Software\Classes\FunWebProducts.KillerObjManager.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl

0,Key deleted: HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel

0,Key deleted: HKLM\Software\Classes\MyWebSearch.HTMLPanel.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.MultipleButton

0,Key deleted: HKLM\Software\Classes\MyWebSearch.MultipleButton.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.OutlookAddin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearch.UrlAlertButton

0,Key deleted: HKLM\Software\Classes\MyWebSearch.UrlAlertButton.1

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin

0,Key deleted: HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1

0,Key deleted: HKLM\Software\Classes\screensavercontrol.screensaverinstaller

0,Key deleted: HKLM\Software\Classes\screensavercontrol.screensaverinstaller.1

0,Key deleted: HKLM\Software\Conduit

0,Key deleted: HKLM\Software\FocusInteractive

0,Key deleted: HKLM\Software\Fun Web Products

0,Key deleted: HKLM\Software\MyWebSearch

0,Key deleted: HKCU\Software\Conduit

0,Key deleted: HKCU\Software\FunWebProducts

0,Key deleted: HKCU\Software\MyWebSearch

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall

0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search

0,Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}

0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

0,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

0,Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

0,Key deleted: HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall

0,Key deleted: HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin

 

0,Value deleted: HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources|F3PopularScreenSavers

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform|FunWebProducts

0,Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin

0,Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar

0,Value deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.12 (pt-BR)] **

 

-- C:\Documents and Settings\windows\Dados de aplicativos\Mozilla\FireFox\Profiles\g9cswzeo.default\Prefs.js --

browser.download.dir, C:\\Documents and Settings\\windows\\Desktop

browser.download.lastDir, C:\\Program Files\\Neoact\\Carom3D\\ 

browser.startup.homepage, hxxp://www.globo.com/

browser.startup.homepage_override.mstone, rv:1.9.2.12

keyword.URL, hxxp://search.avg.com/route/?d=4cc72a25&v=6.010.006.004&i=23&tp=ab&iy=&ychte=br&lng=pt-BR&q=

 

========================================

 

** Internet Explorer Version [6.0.2900.5512] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 91 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 22/11/2010 (16510 Byte(s))

 

End at: 12:33:06, 22/11/2010

 

============== E.O.F ==============

 

 

 

 

 

 

 

 

 

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : windows ( Administrator )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:29 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

Q:\ (Local Disk)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [1] ( seg 22/11/2010|12:40 )

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

C:\DOCUME~1\windows\Cookies\windows@mywebsearch[1].txt

 

-----------\\ Extensions

 

(windows) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://fr.msn.com/"

"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://fr.msn.com/"

"Search bar"="http://search.msn.com/spbasic.htm"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

 

1 - "C:\ToolBar SD\TB_1.txt" - seg 22/11/2010|12:41 - Option : [1]

 

 

 

 

 

 

 

 

 

 

 

O combofix deu erro,

 

imagemdji.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
O combofix deu erro

:seta: Você está usando uma versão bem antiga do Avg. Desinstale-o e depois siga os procedimentos para usar o Combofix que tinha te passado e poste o log dele juntamente com um novo log do Hijackthis.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nao consigo desisntalar o avg =\

 

dá esse erro

:seta: Para remover completamente o Avg de seu computador você pode usar o desinstalador que o Avg oferece:

 

AVG Remover(32bit) - Use esta opção se o seu sistema for de 32 bit:

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

 

AVG Remover(64bit) - Use esta opção se o seu sistema for de 64 bit:

http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

_________________________

 

:seta: Depois disto tente executar novamente o Combofix, veja se é possível, e se for possível poste o log dele junto com um novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.