[Arquivado] &nbspErro de aplicativo "avgwdsvc.exe"

Luizfc_ · Maio 8, 2011

Toda vez que ligo meu pc esse Erro de aplicativo "avgwdsvc.exe" aparece 2 vezes

Fiz um log com o Hijackthis. Segue o Log!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:47:42, on 8/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery 2.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Documents and Settings\Luizinho\Meus documentos\Downloads\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=48e6e46f0000000000000025d30f9274&tlver=1.4.19.19&affID=17159

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=48e6e46f0000000000000025d30f9274&tlver=1.4.19.19&affID=17159

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll (file missing)

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Tango - {9C398D3F-95C3-49AB-A00E-3C4089ECD048} - C:\WINDOWS\system32\e178.dll (file missing)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll (file missing)

O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll

O3 - Toolbar: Tango - {9C398D3E-95C3-49AB-A00E-3C4089ECD048} - C:\WINDOWS\system32\e178.dll (file missing)

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &SHOUTcast Search - C:\Documents and Settings\All Users\Dados de aplicativos\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Luizinho\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Luizinho\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206

O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208

O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210

O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205

O8 - Extra context menu item: LG Air Sync Option - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257104335869

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: QuestBrowser Service - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\QuestBrowser\questbrowser117.exe (file missing)

O23 - Service: STSService - Unknown owner - C:\Arquivos de programas\SoundTaxi Media Suite\STSService.exe (file missing)

--

End of file - 13541 bytes

Power Max · Maio 8, 2011

:) Olá Luizfc_!

:seta: Vá no menu: Iniciar > Painel de Controle > Adicionar ou remover programas > clique no Avg e clique em Remover > aí é só ir seguindo os passos que o desinstalador do Avg vai lhe passando para desinstalar ele.

Depois de desinstalar o Avg, sugiro que você o troque pelo Avira ou outro antivirus gratuito de sua preferência, pois o Avg está tendo problemas ultimamente. Caso queira trocá-lo pelo Avira, é só seguir as dicas destes tutoriais para instalá-lo, configurá-lo e utilizá-lo corretamente:

Tutorial do Avira AntiVir Personal Edition Classic (Instalação e Configuração)

Tutorial do Avira AntiVir Personal Edition Classic (como usá-lo corretamente)

________________________

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo....19&affID=17159

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Tango - {9C398D3F-95C3-49AB-A00E-3C4089ECD048} - C:\WINDOWS\system32\e178.dll (file missing)

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Arquivos de programas\Winamp Toolbar\winamptb.dll (file missing)

O3 - Toolbar: Tango - {9C398D3E-95C3-49AB-A00E-3C4089ECD048} - C:\WINDOWS\system32\e178.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

______________________

:seta: Siga também estas dicas:

Tutorial do Ad-Remover

Tutorial do Malwarebytes Anti-Malware

_______________________

:seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC após estes procedimentos.

Ficamos no aguardo.

Luizfc_ · Maio 9, 2011

Boa Noite, obrigado pela ajuda,

Segue Logs.:

Ad-Remover

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:50:37 on 08/05/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)

Luizinho@CASA-72A2ETXOUB ( )

============== ACTION(S) ==============

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

Folder deleted: C:\Documents and Settings\Luizinho\Dados de aplicativos\Mozilla\FireFox\Profiles\dzuv881t.default\conduit

File deleted: C:\Documents and Settings\Luizinho\Dados de aplicativos\Mozilla\FireFox\Profiles\dzuv881t.default\searchplugins\conduit.xml

Folder deleted: C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

Folder deleted: C:\Documents and Settings\Luizinho\Dados de aplicativos\GabPath

Folder deleted: C:\Documents and Settings\Luizinho\Dados de aplicativos\Toolbar4

(!) -- Temporary files deleted.

-- File opened: C:\Documents and Settings\Luizinho\Dados de aplicativos\Mozilla\FireFox\Profiles\dzuv881t.default\Prefs.js --

Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&Sea...

-- File closed --

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{65B3F26E-13AE-418E-AC22-ECDB8D9FD6D3}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{65B3F26E-13AE-418E-AC22-ECDB8D9FD6D3}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT2737658

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\IEBarProperties

Key deleted: HKCU\Software\MarketPrecision

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Adparatus

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{213DD725-3D40-4EEF-AAEE-7A48A1070CFA}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key deleted: HKLM\Software\Microsoft\ESENT\Process\Adparatus

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [4.0.1 (pt-BR)] ****

Plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)

Plugins\npdivx32.dll (DivX,Inc.)

Plugins\npDivxPlayerPlugin.dll (DivX, Inc)

Plugins\NpFv501.dll (1 mal 1 Software GmbH)

Plugins\npganymedenet.dll ( )

Plugins\npwachk.dll (Nullsoft, Inc.)

Plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)

HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)

HKCU_MozillaPlugins\electronicarts.com/GameFacePlugin (x)

Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=48e6e46f0000000000000025d30f9274&tlver=1.4.19.19&affID=17159/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

Extensions\{B13721C7-F507-4982-B2E5-502A71474FED} (Skype extension for Firefox )

Extensions\{B9B81A55-9C8B-4FD5-B140-714613DED7B6} (QuestBrowser)

HKLM_Extensions|{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} - C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\

-- C:\Documents and Settings\Luizinho\Dados de aplicativos\Mozilla\FireFox\Profiles\dzuv881t.default --

Extensions\newtaburl@sogame.cat (NewTabURL)

Extensions\SkipScreen@SkipScreen (SkipScreen)

Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox)

Extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} (Charles Autoconfiguration)

Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil)

Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} (DVDVideoSoft Menu)

Extensions\{cc409fe8-42b4-405b-a9fa-02dfcffbedde} (OMusic)

Searchplugins\search-the-web.xml (?)

Searchplugins\winamp-search.xml (?)

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Luizinho\\Desktop

Prefs.js - browser.search.defaultenginename,

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.buildID, 20110413222027

Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=48e6e46f0000000000000025d30f9274&tlver=1.4.19.19&instlRef=ss...

========================================

**** Google Chrome Version [11.0.696.60] ****

Extension\dhkplhfnhceodhffomolpfigojocbpcb (C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx) (x)

-- C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Oryte Games Brazil Customized Web Search" (Enabled: true) (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2444516&SearchSource=3&q={searchTerms})

Preferences - homepage: hxxp://www.google.com.br/

Preferences - homepage_is_newtabpage: false

Plugin - Flatcast Viewer Plugin 5.0.225 (Enabled: true) (C:\Arquivos de programas\Mozilla Firefox\plugins\NpFv501.dll)

Plugin - Office Genuine Advantage (Enabled: true) (C:\Arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll)

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npdrmv2.dll)

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll)

Plugin - Unity Player (Enabled: true) (C:\Documents and Settings\Luizinho\Configuraes locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll) (x)

Plugin - "Flatcast Viewer Plugin 5.0.225" (Enabled: true)

Plugin - "DivX Player" (Enabled: true)

Plugin - "DivX Player Netscape Plugin" (Enabled: true)

Plugin - "Office Genuine Advantage" (Enabled: true)

Plugin - "Unity Player" (Enabled: true)

Plugin - "Microsoft DRM" (Enabled: true)

Plugin - "GanymedeNet.Detector" (Enabled: true)

Plugin - "Winamp Application Detector" (Enabled: true)

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{14f0d511-36a2-41ca-ae01-ba4f87282c97} - "SHOUTcast Toolbar Search Class" (C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll)

HKCU_URLSearchHooks|{f999a48b-1950-4d81-9971-79018f807b4b} - "FreeOnlineRadioPlayerRecorder Toolbar" (C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll)

HKLM_URLSearchHooks|{14f0d511-36a2-41ca-ae01-ba4f87282c97} - "SHOUTcast Toolbar Search Class" (C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll)

HKLM_URLSearchHooks|{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} (x)

HKCU_SearchScopes\{41A30F3E-E976-40CC-B5E5-1BBFFDA94D9A} - "Search" (hxxp://www.tangosearch.com/?q={searchTerms}&a=SEARCH)

HKCU_SearchScopes\{B576BAFD-FED1-4474-A7D6-CB89D2E13B5D} - "SpeedBit Search" (hxxp://search.speedbit.com/searchresults.asp?src=default&q={searchTerms})

HKLM_SearchScopes\{41A30F3E-E976-40CC-B5E5-1BBFFDA94D9A} - "Search" (hxxp://www.tangosearch.com/?q={searchTerms}&a=SEARCH)

HKCU_Toolbar\WebBrowser|{0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} (C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll)

HKCU_Toolbar\WebBrowser|{F999A48B-1950-4D81-9971-79018F807B4B} (C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll)

HKCU_Toolbar\WebBrowser|{9C398D3E-95C3-49AB-A00E-3C4089ECD048} (C:\WINDOWS\system32\e178.dll) (x)

HKLM_Toolbar|{0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} (C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll)

HKLM_Toolbar|{f999a48b-1950-4d81-9971-79018f807b4b} (C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll)

HKCU_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Arquivos de programas\SpeedBit Video Downloader\Converter.exe (x)

HKLM_ElevationPolicy\11f8c830-530a-4313-886a-2b0b4415c22a - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\FreeOnlineRadioPlayerRecorderToolbarHelper.exe (?)

HKLM_ElevationPolicy\75645006-7c35-42d5-8fe8-608475805c58 - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\FreeOnlineRadioPlayerRecorderToolbarHelper.exe (?)

HKLM_ElevationPolicy\{1ACB6FDD-83AF-424C-8164-23197A94AC36} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\FreeOnlineRadioPlayerRecorderToolbarHelper1.exe (?)

HKLM_ElevationPolicy\{1F949079-DC18-40B2-A3D4-45545FA02DE0} - C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\Conduit\CT2737658\FreeOnlineRadioPlayerRecorderAutoUpdaterHelper.exe (x)

HKLM_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Arquivos de programas\SpeedBit Video Downloader\Converter.exe (x)

HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Arquivos de programas\IMinent Toolbar\TbHelper2.exe (x)

HKLM_ElevationPolicy\{ADADAEE2-457A-4984-A57C-E01C3A2BA612} - c:\arquivos de programas\shoutcast radio toolbar\SHOUTcastTbServer.exe (AOL LLC)

HKLM_ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} - C:\Arquivos de programas\Iminent\MMServer\Iminent.MMServer.exe (x)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll)

BHO\{21A88CB9-84D2-4020-A2D1-B25A21034884} - "HistoryTriggerBHO Class" (C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll)

BHO\{ccec60fc-2608-4e58-9659-3ffc159e8ea9} - "SHOUTcast Loader" (C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll)

BHO\{f999a48b-1950-4d81-9971-79018f807b4b} - "FreeOnlineRadioPlayerRecorder Toolbar" (C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll)

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 88 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 08/05/2011 20:51:27 (10120 Byte(s))

End at: 20:52:41, 08/05/2011

============== E.O.F ==============

Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versão da Base de Dados: 6534

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

8/5/2011 22:28:33

mbam-log-2011-05-08 (22-28-32).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 221623

Tempo decorrido: 1 hora(s), 14 minuto(s), 44 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowser (Adware.QuestBrowser) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

c:\arquivos de programas\questbrowser\uninstall.exe (Adware.QuestBrowser) -> Quarantined and deleted successfully.

hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:34:17, on 8/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Luizinho\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery 2.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Luizinho\Meus documentos\Downloads\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Arquivos de programas\SHOUTcast Radio Toolbar\shoutcasttb.dll

R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Arquivos de programas\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (file missing)