Ir para conteúdo
    • João Batista Neto

      iMasters InterCon 2017   10-10-2017

      Ainda dá tempo de se inscrever no iMasters InterCon 2017, o maior evento dev do Brasil!  

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

vandinhoneves

[Resolvido] &nbspExplorer abre sozinho

Recommended Posts

Olá, de uma hora pra outra a internet explorer começou a abrir sozinho, quase sempre em sites de mercados. já tentei de tudo. executei o bankerfix e rodei o antispy do marcos velasco mas nada adiantou. preciso muito de ajuda. AGRADEÇO DESDE JÁ.

 

o log segue abaixo:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:34:19, on 2/6/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\cacaoweb\cacaoweb.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\rundll32.exe

C:\DOCUME~1\PhD\CONFIG~1\Temp\Fz2.exe

C:\WINDOWS\Fborua.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\DOCUME~1\PhD\CONFIG~1\Temp\Fz1.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PhD\Desktop\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plasmoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q=....19&affID=17159

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\RunOnce: [AskTBar Uninstall] rundll32 C:\ARQUIV~1\UNINST~1.DLL,O -2

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [cacaoweb] "C:\Arquivos de programas\cacaoweb\cacaoweb.exe" -noplayer

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [YDZ1QVAGOJ] C:\DOCUME~1\PhD\CONFIG~1\Temp\Fz1.exe

O4 - HKCU\..\Run: [OPLE7CLDO2] C:\WINDOWS\Fborua.exe

O4 - Startup: Registros Seagate 2GH1LVAF.lnk = C:\Documents and Settings\PhD\Dados de aplicativos\Leadertech\PowerRegister\Registros Seagate 2GH1LVAF.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá vandinhoneves

 

 

1.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá vandinhoneves

 

 

1.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

 

olá wings, eu segui todos os passos que você disse. o primeiro relatorio apareceu o seguinte:

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 6753

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2/6/2011 11:53:55

mbam-log-2011-06-02 (11-53-55).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 208587

Tempo decorrido: 1 hora(s), 6 minuto(s), 4 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 7

Valores de Registro Infectados: 2

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 1

Arquivos Infectados: 5

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\OPLE7CLDO2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\YDZ1QVAGOJ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ople7cldo2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ydz1qvagoj (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

C:\Documents and Settings\PhD\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4} (Spyware.Banker) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fborua.exe (Trojan.FakeAlert.SA) -> Delete on reboot.

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

 

 

 

E no segundo relatório apareceu isto:

 

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:08:20 on 02/06/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

PhD@PHD-9FAE5951927 ( )

 

============== ACTION(S) ==============

 

 

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\conduit

Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\ConduitEngine

Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\extensions\engine@conduit.com

File deleted: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\searchplugins\conduit.xml

Folder deleted: C:\Arquivos de programas\AskTBar

Folder deleted: C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

Folder deleted: C:\Documents and Settings\PhD\Dados de aplicativos\PriceGong

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default\Prefs.js --

Line deleted: user_pref("CT1460988.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Line deleted: user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT146...

Line deleted: user_pref("CT1460988.ct1669100.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_S...

Line deleted: user_pref("CT2552374.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255...

Line deleted: user_pref("CT2949154.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT294...

Line deleted: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2949154");

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1341008/1336676/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2949154", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.5...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2....

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2552374/CT2552374...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2949154/CT2949154...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize....

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-gb", "\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"...

Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2552374");

Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");

Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_brasil");

Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2552374");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_brasil");

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://us.yhs.search.yahoo.com/avg/searc...

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT1460988,ConduitEngine,CT2552374,CT2949154");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT1460988,CT2552374,CT2949154");

Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 22:34:02 GMT-03...

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 27 2011 16:58:47 GMT-0300 (Hora ...

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 27 2011 16:58:38 GMT-0300 (Hora ofic...

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "83db5a79-682b-4d5a-9568-0abd0618ead8");

Line deleted: user_pref("CommunityToolbar.globalUserId", "bf5b0b12-e7f3-4ade-a35c-b8807df73a11");

Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2949154");

Line deleted: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 27 2011 16:58:54 GMT-0300 (Hora ofici...

Line deleted: user_pref("ConduitEngine.FirstServerDate", "03/15/2011 16");

Line deleted: user_pref("ConduitEngine.FirstTime", true);

Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);

Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Line deleted: user_pref("ConduitEngine.Initialize", true);

Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line deleted: user_pref("ConduitEngine.InstalledDate", "Tue Mar 15 2011 11:18:45 GMT-0300 (Hora oficial do Brasil)...

Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);

Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Apr 27 2011 16:58:55 GMT-0300 (Hora oficia...

Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Mar 31 2011 22:54:04 GMT-0300 (Hora oficial do Bra...

Line deleted: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 28 2011 10:19:56 GMT-0300 (Hora oficial do Bra...

Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 28 2011 10:19:58 GMT-0300 (Hora oficial do...

Line deleted: user_pref("ConduitEngine.UserID", "UN49121076498373084");

Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");

Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Apr 27 2011 16:58:55 GMT-0300 (Hora ...

Line deleted: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 28 2011 10:19:41 GMT-0300 (Hora...

Line deleted: user_pref("ConduitEngine.initDone", true);

Line deleted: user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2949154&Sea...

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{AE9F8E3A-E8DB-49DC-88D0-CFBB6844B4E8}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AE9F8E3A-E8DB-49DC-88D0-CFBB6844B4E8}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT2949154

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\PriceGong

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7B8F9EF-6154-49DE-819A-C042525D9F89}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}

 

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [3.6.15 (pt-BR)] ****

 

Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=$isYahoo$&ychte=$ychte$ /)

Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=94fbefbc0000000000006cf049f23579&tlver=1.4.19.19&affID=17159/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

HKLM_Extensions|{3f963a5b-e555-4543-90e2-c3908898db71} - C:\Arquivos de programas\AVG\AVG9\Firefox

HKLM_Extensions|avg@igeared - C:\Arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared

 

-- C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\FireFox\Profiles\kkpb9zek.default --

Extensions\cacaoweb@cacaoweb.org (cacaoweb)

Extensions\engine@plasmoo.com (Plasmoo Search Engine)

Extensions\ffxtlbr@babylon.com (Babylon)

Extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} (Softonic_Brasil Community Toolbar)

Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)

Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} (DVDVideoSoftTB Community Toolbar)

Extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} (myBabylon English Toolbar)

Extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} (Messenger Plus Community Toolbar)

Prefs.js - browser.download.lastDir, D:\\Meus Arquivos\\Vandinho\\Baixados\\Nova pasta

Prefs.js - browser.search.defaultenginename, Google

Prefs.js - browser.search.selectedEngine, Search the web (Babylon)

Prefs.js - browser.startup.homepage, hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=94fbefbc0000000000006cf049f23579&tlver=1.4.19.1...

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

Prefs.js - keyword.URL, hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

 

========================================

 

**** Google Chrome Version [11.0.696.71] ****

 

Extension - dhkplhfnhceodhffomolpfigojocbpcb (x)

 

-- C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t)

Preferences - homepage: hxxp://plasmoo.com

Preferences - homepage_is_newtabpage: true

Plugin - Windows Genuine Advantage (Enabled: true) (C:\Arquivos de programas\Mozilla Firefox\plugins\npLegitCheckPlugin.dll)

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npdrmv2.dll)

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll)

Plugin - Windows Live Photo Gallery (Enabled: true) (C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll)

Plugin - "Silverlight" (Enabled: true)

Plugin - "Babylon Chrome Plugin" (Enabled: true)

Plugin - "Windows Genuine Advantage" (Enabled: true)

Plugin - "Microsoft DRM" (Enabled: true)

Plugin - "Picasa" (Enabled: true)

Plugin - "Windows Live Photo Gallery" (Enabled: true)

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} - "AVG Security Toolbar BHO" (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)

HKCU_URLSearchHooks|{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - "Messenger Plus Toolbar" (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)

HKCU_SearchScopes\Plasmoo - "Plasmoo" (hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms})

HKCU_SearchScopes\{534E49EC-E38B-4241-A2E9-CA7A69860181} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerm...)

HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)

HKCU_Toolbar\WebBrowser|{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)

HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)

HKLM_Toolbar|{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)

HKLM_ElevationPolicy\{96C8F331-A029-4C1F-9AE5-68868536EDC6} - C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Conduit\CT2949154\Messenger_PlusAutoUpdateHelper.exe (x)

HKLM_ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\ToolbarBroker.exe (?)

HKLM_ElevationPolicy\{F99FCA50-4838-450B-A928-9E3C8D2F1856} - C:\Arquivos de programas\Messenger_Plus\Messenger_PlusToolbarHelper1.exe (?)

HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{A3BC75A2-1F87-4686-AA43-5347D756017C} - "AVG Security Toolbar BHO" (C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll)

BHO\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - "Messenger Plus Toolbar" (C:\Arquivos de programas\Messenger_Plus\prxtbMess.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 256 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 02/06/2011 12:08:51 (16108 Byte(s))

 

End at: 12:09:39, 02/06/2011

 

============== E.O.F ==============

 

 

 

 

não dá pra saber se deu certo ainda, vou passar o dia no PC e te informo mais tarde. Agradeço desde de já a atenção.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

2.

*Baixe o Cacaokiller e salve-o no desktop

*Execute-o e tecle 2 > [ENTER]

*Cole o relatório apresentado

 

3.

*Desative o seu firewall

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do AVG ao lado do relógio e selecione "Abrir Interface de Usuário do AVG"

Clique [Ferramentas] > [Configurações avançadas]

Na coluna da esquerda localize e clique em "Desativar a proteção do AVG temporariamente"

Selecione: [x]Desativar a proteção do AVG temporariamente

Clique [OK]

Selecione: [x]Desativar a proteção do firewall e clique [Desativar a proteção em tempo real]

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop!

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

oi wings, o relatorio que o cacaukiller mostrou foi o seguinte:

 

 

============================================================

########### Cacaokiller By Juju666 ###########

============================================================

Version 1.1.0.0

bits

Exécuté par PhD le qui 02/06/2011 à 17:55:55

 

##################### Suppression:

 

### Fichiers et dossiers supprimés:

 

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 872 'cacaoweb.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of opera.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 724 'msnmsgr.exe'

Killing PID 724 'msnmsgr.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of iexplore.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of firefox.exe

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of safari.exe

Mis en quarantaine & Supprimé !! : "C:\Arquivos de programas\cacaoweb"

Mis en quarantaine & Supprimé !! : "C:\Arquivos de programas\cacaoweb\cacaoweb.exe"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\adstorage.db"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\replicatingABBE426A223691FCA1BD716E428E1C84.cacao"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\replicatingB62004C1ACEEA4DBAC8453447F1AE2B0.cacao"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\replicatingD77641A6A6CF609F6A4A3982EB39DA98.cacao"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\cacaoweb\storage.db"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome.manifest"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\defaults"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\install.rdf"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\content"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.js"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.xul"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE\cacaoweb.properties"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US\cacaoweb.properties"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES\cacaoweb.properties"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR\cacaoweb.properties"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\cacaoweb.css"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_box.png"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btn.png"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btnmu.png"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\icon.png"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64-off.png"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64.png"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences"

Mis en quarantaine & Supprimé !! : "C:\Documents and Settings\PhD\Dados de aplicativos\Mozilla\Firefox\Profiles\kkpb9zek.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences\prefs.js"

 

### Vérification :

 

 

### Objets du registre supprimés :

 

Supprimé : HKCU\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb

Supprimé : HKCU\Software\cacaoweb

 

 

### Terminé avec succès le qui 02/06/2011 à 17:56:42 !!!

 

============================================================

########### Cacaokiller By Juju666 ---- Terminé ###########

============================================================

 

EM RELAÇÃO AOS DEMAIS PROCEDIMENTOS EU OLHEI ATENTAMENTE MAS NÃO ENCONTREI A OPÇÃO "DESATIVAR PROTEÇÃO DO AVG TEMPORARIAMENTE". SEGUI OS PASSOS CORRETAMENTE MAS QUANDO ABRO AS CONFIGURAÇÕES AVANÇADAS NÃO APARECE ESSA ALTERNATIVA. SE PODER DAR UMA OLHADA VÉ SE TEM OUTRA FORMA.

OBRIGADO.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o Cacaokiller e tecle 4 > [ENTER]

 

2.

*Baixe o DDS e salve-o no desktop

*Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop

*Cole o relatório DDS.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi wings, não de certo de novo. desabilitei a proteção residente do AVG e desativei firewall do windows mas quando executo o combofix ele manda desinstalar o AVG. Por outro lado o explorer não abriu mas sozinho. e ai o que faço?

 

executei o DDS e apareceu estes dois relatorios:

 

 

 

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

Adobe Flash Player 10 Plugin

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)

Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)

Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB2393802)

Atualização de Segurança para Windows XP (KB2412687)

Atualização de Segurança para Windows XP (KB2419632)

Atualização de Segurança para Windows XP (KB2423089)

Atualização de Segurança para Windows XP (KB2440591)

Atualização de Segurança para Windows XP (KB2443105)

Atualização de Segurança para Windows XP (KB2476687)

Atualização de Segurança para Windows XP (KB2478960)

Atualização de Segurança para Windows XP (KB2478971)

Atualização de Segurança para Windows XP (KB2479628)

Atualização de Segurança para Windows XP (KB2479943)

Atualização de Segurança para Windows XP (KB2481109)

Atualização de Segurança para Windows XP (KB2483185)

Atualização de Segurança para Windows XP (KB2485376)

Atualização de Segurança para Windows XP (KB2485663)

Atualização de Segurança para Windows XP (KB2503658)

Atualização de Segurança para Windows XP (KB2506212)

Atualização de Segurança para Windows XP (KB2506223)

Atualização de Segurança para Windows XP (KB2507618)

Atualização de Segurança para Windows XP (KB2508272)

Atualização de Segurança para Windows XP (KB2508429)

Atualização de Segurança para Windows XP (KB2509553)

Atualização de Segurança para Windows XP (KB2511455)

Atualização de Segurança para Windows XP (KB2524375)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971029)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

AVG Free 9.0

Dic Michaelis - UOL

EasySaver B9.0410.1

Ferramenta de Carregamento do Windows Live

Google Chrome

High Definition Audio Driver Package - KB835221

HijackThis 1.99.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB2443685)

Hotfix para Windows XP (KB961118)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

K-Lite Mega Codec Pack 6.0.0

Malwarebytes' Anti-Malware

Messenger Plus Toolbar

Messenger Plus! 5

Messenger Plus! Live

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC90 CRT + OMP

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.6.15)

MSVC80_x86_v2

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MV AntiSpy 4.0

MV Antivirus for Pen Drive 1.0

MV Defrag 1.9

MV Internet Optimizer 1.0

MV RegClean 6.0

MV RegCompact 1.3

Nero 8

neroxml

PC Connectivity Solution

PC MEGA RAPIDO PRO 2.1

Picasa 3

PokerStars

PokerTH

PowerISO

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2536413)

USB Disk Win98 Driver

WebFldrs XP

WinAVI Video Converter

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

.

==== End Of File ===========================

 

 

 

 

e o segundo é:

 

 

.

DDS (Ver_2011-06-02.03) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by PhD at 22:21:07 on 2011-06-02

.

============== Running Processes ===============

.

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Gigabyte\EasySaver\ESSVR.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PhD\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

D:\Meus Arquivos\Vandinho\Baixados\Nova pasta\dds.com

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uWindow Title =

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\arquivos de programas\messenger_plus\prxtbMess.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll

BHO: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\arquivos de programas\messenger_plus\prxtbMess.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\arquivos de programas\messenger_plus\prxtbMess.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "c:\documents and settings\phd\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AVG9_TRAY] c:\arquiv~1\avg\avg9\avgtray.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [uSB Storage Toolbox] c:\arquivos de programas\usb disk win98 driver\Res.EXE

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [PWRISOVM.EXE] c:\arquivos de programas\poweriso\PWRISOVM.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34

TCP: Interfaces\{340C96D1-AB82-4D84-91D6-23BA9CF5364D} : DhcpNameServer = 189.124.128.32 189.124.128.33 189.124.128.34

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\arquivos de programas\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=94fbefbc0000000000006cf049f23579&tlver=1.4.19.19&affID=17159

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\engine@conduit.com\components\RadioWMPCore.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\phd\dados de aplicativos\mozilla\firefox\profiles\kkpb9zek.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll

FF - plugin: c:\arquivos de programas\google\picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\phd\configuraã§ãµes locais\dados de aplicativos\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: Softonic_Brasil Community Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - %profile%\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}

FF - Ext: Messenger Plus Community Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - %profile%\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\arquivos de programas\avg\avg9\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R? asc3360pr;asc3360pr

R? AVG Security Toolbar Service;AVG Security Toolbar Service

S? avg9wd;AVG Free WatchDog

S? AvgLdx86;AVG Free AVI Loader Driver x86

S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86

S? AvgTdiX;AVG Free Network Redirector

S? ES lite Service;ES lite Service for program management.

S? MVAVPD;MVAVPD

.

=============== Created Last 30 ================

.

2011-06-02 13:28:58 -------- d-----w- c:\documents and settings\phd\dados de aplicativos\Malwarebytes

2011-06-02 13:28:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-02 13:28:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-02 13:28:46 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Malwarebytes

2011-06-02 13:28:45 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-06-02 02:42:41 -------- d-----w- C:\LinhaDefensiva

2011-06-01 20:32:30 -------- d-----w- c:\documents and settings\phd\configurações locais\dados de aplicativos\WinAVI

2011-06-01 20:32:09 -------- d-----w- c:\arquivos de programas\WinAVI

2011-05-19 19:54:51 152848 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-05-19 19:54:51 118784 ----a-w- c:\windows\system32\ActiveDate.ocx

2011-05-19 19:54:50 81920 ----a-w- c:\windows\system32\Gold Button.ocx

2011-05-19 19:54:50 409600 ----a-w- c:\windows\system32\nslock15vb5.ocx

2011-05-19 19:54:50 229376 ----a-w- c:\windows\system32\XTAB.ocx

2011-05-19 19:54:50 221184 ----a-w- c:\windows\system32\HookMenu.ocx

2011-05-14 00:10:40 81920 ----a-w- c:\windows\amcap.exe

.

==================== Find3M ====================

.

2011-06-02 22:40:27 17488 ----a-w- c:\windows\gdrv.sys

2011-05-06 11:35:00 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-03-27 23:07:11 87608 ----a-w- c:\documents and settings\phd\dados de aplicativos\inst.exe

2011-03-27 23:07:11 47360 ----a-w- c:\documents and settings\phd\dados de aplicativos\pcouffin.sys

2011-03-17 00:49:09 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-03-17 00:49:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-07 05:33:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 22:21:34,10 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...log limpo.

 

1.

*Delete o DDS e seus relatórios.

 

2.

*Execute o Malwarebytes, clique na aba [Quarentena], selecione todos os resultados e clique [Apagar tudo]

*Clique na aba [Logs], selecione o relatório e clique [Apagar]

*Feche o Malwarebytes

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

Este projeto é mantido e patrocinado pelas empresas:
Hospedado por: