[Resolvido] &nbspAnálise de Log

[wrongdoer 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:23:20, on 22/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\wrongdoer\Meus documentos\Downloads\setup_11.0.0.1245.x01_2011_08_19_03_15.exe

C:\DOCUME~1\WRONGD~1\CONFIG~1\Temp\RarSFX0\0975950.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\wrongdoer\Meus documentos\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sM56ACL] sm56hlpr.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229926012593

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228830943531

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7949F209-ABF5-4046-9D63-ABA1F07D9A16}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

 

--

End of file - 9292 bytes

________________________________________---

 

PC muito lento

[Power Max 54]

:) Olá wrongdoer!

 

:seta: Baixe e execute este programa que desativa o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://www.4shared.com/file/SbRBSSRi/TurnOffBonjour.html

___________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento, tais como estes abaixo:

 

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

 

Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

____________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

Para instalá-lo e utilizá-lo corretamente siga as dicas deste tutorial:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

[wrongdoer 0]

:) Olá wrongdoer!

 

:seta: Baixe e execute este programa que desativa o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://www.4shared.com/file/SbRBSSRi/TurnOffBonjour.html

___________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento, tais como estes abaixo:

 

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

 

Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

____________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

Para instalá-lo e utilizá-lo corretamente siga as dicas deste tutorial:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento.

 

Ficamos no aguardo.

 

Malware Bytes

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Versão da Base de Dados: 7539

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

22/8/2011 23:30:19

mbam-log-2011-08-22 (23-30-19).txt

 

Tipo de Verificação: Verificação Completa (C:\|E:\|)

Objetos escaneados: 292035

Tempo decorrido: 1 hora(s), 35 minuto(s), 6 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 6

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\arquivos1\programas\patch.exe (Trojan.Downloader) -> Not selected for removal.

c:\arquivos1\programas\adobe indesign cs4\indesign cs4 crack\keygen.exe (Trojan.Downloader) -> Not selected for removal.

c:\arquivos1\programas\ativador do windows 7\7loader\windows loader.exe (PUP.HackTool.Windowsloader) -> Not selected for removal.

c:\arquivos1\programas\ativador do windows 7\removewat\removewat.exe (HackTool.Wpakill) -> Not selected for removal.

c:\system volume information\_restore{2ab292ee-f82e-4be1-aa88-68c3a22d9256}\RP298\A0294953.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\WINDOWS\winexec32.txt (Malware.Trace) -> Quarantined and deleted successfully.

________________________________________________________________________________________________________________

 

O pc continua um pouco lento

alguns arquivos eu deixei que é uns programas crack que preciso

[Power Max 54]

:seta: Você se esqueceu de postar um novo log do Hijackthis.

______________________

 

O pc continua um pouco lento

alguns arquivos eu deixei que é uns programas crack que preciso

:!: O problema é que a maioria dos programas e o próprio Windows pirateados ou crackeados é que a maioria deles costuma vir com virus ou malwares embutidos neles, além de normalmente conterem brechas de segurança que facilitam a invasão de seu PC. E neste caso estes programas crackeados podem estes malwares embutidos nestes cracks podem estar causando esta lentidão no seu PC.

____________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

[wrongdoer 0]

Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:42:59, on 24/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\wrongdoer\Meus documentos\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sM56ACL] sm56hlpr.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCTray.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229926012593

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228830943531

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7949F209-ABF5-4046-9D63-ABA1F07D9A16}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

 

--

End of file - 8777 bytes

________________________________________________________________

 

Log Eset

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=0f2b1304152ee748aa2b9564fa886fa1

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-24 04:04:14

# local_time=2011-08-24 01:04:14 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=770 16774141 100 100 0 89986734 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 9 0 56290 0 0

# scanned=129924

# found=9

# cleaned=9

# scan_time=10607

C:\Arquivos de programas\Ares\chatServer.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\server.km92.reg Win32/HackAV.BI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Arquivos1\Programas\Ares Galaxy 2.1.0.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Arquivos1\Programas\CorelDraw X4 Keygen.rar probably a variant of Win32/Agent.MEZGMEC trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Arquivos1\Programas\patch.exe a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Arquivos1\Programas\VSO.Software.ConvertXtoDVD.v3.0.0.7.Crack.Only.rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Arquivos1\Programas\NOD 32 Até 2050\Patch By KM92.exe Win32/HackAV.BI application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Arquivos1\Programas\NOD 32 Até 2050\Programa de extenção de validade\NOD32_v3.0.642_32bits_FiX_1.2-TemDono.exe Win32/HackAV.BG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Programas\ESET\Patch By KM92\server.km92.reg Win32/HackAV.BI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

______________________________________________------

 

deu uma melhorada mais ainda está um pouco lento.

[Power Max 54]

:) Outros problemas foram removidos pelo Nod32.

________________

 

:seta: Faça, por gentileza, um Full Scan (escaneamento completo) com o Norman Malware Cleaner seguindo as dicas deste tutorial:

 

Tutorial do Norman Malware Cleaner

 

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

[wrongdoer 0]

Log Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:00:21, on 3/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Ask.com\Updater\Updater.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Zecter\ZumoDrive\zumodrive.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\wrongdoer\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14672

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sM56ACL] sm56hlpr.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ApnUpdater] "C:\Arquivos de programas\Ask.com\Updater\Updater.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ZumoDrive] C:\Arquivos de programas\Zecter\ZumoDrive\ZumoLauncher.lnk

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229926012593

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228830943531

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7949F209-ABF5-4046-9D63-ABA1F07D9A16}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

 

--

End of file - 9513 bytes

 

_______________________________________

 

O log do Norman ficou muito grande com 3.88 Megas, ent'ao tive que colocar no mega upload

 

Aqui esta o link Log Norman Malware

 

Os arquivos foram enviados para quarentena no norman malware, agora é só excluir de lá?

[Power Max 54]

:!: Você se esqueceu de postar o log do Norman Malware Cleaner.

____________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

____________________

 

:seta: Siga também esta dica:

 

Tutorial do Ad-Remover

______________________

 

:seta: Na sua próxima resposta poste o log do Norman Malware Cleaner, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está seu PC depois disto.

[wrongdoer 0]

O log do Norman ficou muito grande com 3.88 Megas, ent'ao tive que colocar no mega upload

 

Aqui esta o link: Log Norman

 

Os arquivos foram enviados para quarentena no norman malware, agora é só excluir de lá?

 

Log Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:10:47, on 5/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\wrongdoer\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sM56ACL] sm56hlpr.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229926012593

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228830943531

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7949F209-ABF5-4046-9D63-ABA1F07D9A16}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

 

--

End of file - 8315 bytes

_______________________

 

LOG AD REMOVER

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 17:59:32 on 05/09/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

wrongdoer@RAFAEL ( )

 

============== ACTION(S) ==============

 

 

File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

Folder deleted: C:\Documents and Settings\wrongdoer\Dados de aplicativos\Mozilla\FireFox\Profiles\dum0u5gf.default\extensions\toolbar@ask.com

File deleted: C:\Documents and Settings\wrongdoer\Dados de aplicativos\Mozilla\FireFox\Profiles\dum0u5gf.default\searchplugins\askcom.xml

Folder deleted: C:\Arquivos de programas\Ask.com

Folder deleted: C:\Documents and Settings\wrongdoer\Configurações locais\Dados de aplicativos\AskToolbar

Folder deleted: C:\Documents and Settings\wrongdoer\Dados de aplicativos\DesktopIcon

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\wrongdoer\Dados de aplicativos\Mozilla\FireFox\Profiles\dum0u5gf.default\Prefs.js --

Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{ABDE892B-13A8-...

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKLM\Software\AskToolbar

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AskToolbar

Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [6.0.1 (pt-BR)] ****

 

HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

 

-- C:\Documents and Settings\wrongdoer\Dados de aplicativos\Mozilla\FireFox\Profiles\dum0u5gf.default --

Prefs.js - browser.startup.homepage, www.uol.com.br

Prefs.js - browser.startup.homepage_override.buildID, 20110830092941

Prefs.js - browser.startup.homepage_override.mstone, rv:6.0.1

 

========================================

 

**** Internet Explorer Version [6.0.2900.5512] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)

HKCU_Toolbar\WebBrowser|{4064EA35-578D-4073-A834-C96D82CBCF40} (C:\Arquivos de programas\Save Flash\SaveFlash.dll)

HKLM_Toolbar|{4064EA35-578D-4073-A834-C96D82CBCF40} (C:\Arquivos de programas\Save Flash\SaveFlash.dll)

HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 159 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 05/09/2011 18:00:23 (5435 Byte(s))

 

End at: 18:02:17, 05/09/2011

 

============== E.O.F ==============

__________________________________

 

O log do Normar Malware está na resposta acima.

[Power Max 54]

:) Outros problemas foram removidos.

___________________

 

:seta: Siga, por gentileza, esta dica:

 

Tutorial do Ad-Aware Free Internet Security 9 (Instalação e utilização)

 

Depois disto poste o log do Ad-Aware e nos diga como está o PC depois disto.

[wrongdoer 0]

estou tentando resolver um problema com o programa que está pedindo para reiniciar, sendo que já reiniciei a máquina, estou verificando o que pode ser

[Power Max 54]

estou tentando resolver um problema com o programa que está pedindo para reiniciar, sendo que já reiniciei a máquina, estou verificando o que pode ser

Se este problema for no Ad-Aware, tente executá-lo no Modo Seguro e veja se assim é possível executá-lo.

 

Se mesmo assim não funcionar, me diga pois ai lhe passou outro programa semelhante.

[wrongdoer 0]

O problema não é com o Ad Adware, porque o mesmo está acontecendo com as atualizações automáticas

[Power Max 54]

O problema não é com o Ad Adware, porque o mesmo está acontecendo com as atualizações automáticas

Sim, mas caso não seja possível fazer o escaneamento com o Ad-Aware, tente fazer com este outro abaixo:

 

Tutorial do SUPERAntispyware (instalação e utilização)

 

Depois disto poste o log do SUPERAntispyware, nos diga se os problemas encontrados por ele foram removidos e como está o PC depois disto.

[wrongdoer 0]

Log Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:54:45, on 28/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\wrongdoer\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sM56ACL] sm56hlpr.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Speedy.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229926012593

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228830943531

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7949F209-ABF5-4046-9D63-ABA1F07D9A16}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 11352 bytes

 

 

__________________________________

 

 

Log Ad-Aware

 

Logfile created: 28/9/2011 01:16:31

Ad-Aware version: 9.5.1

Extended engine: 3

Extended engine version: 3.1.2770

User performing scan: wrongdoer

 

*********************** Definitions database information ***********************

Lavasoft definition file: 150.582

Genotype definition file version: 2011/09/21 13:56:01

Extended engine definition file: 10600.0

 

******************************** Scan results: *********************************

Scan profile name: Full Scan (ID: full)

Objects scanned: 172619

Objects detected: 3

 

 

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 0

Files...........: 1

Folders.........: 0

LSPs............: 0

Cookies.........: 2

Browser hijacks.: 0

MRU objects.....: 0

 

 

 

Removed items:

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0

 

Quarantined items:

Description: c:\banco de arquivos\programas\adobe indesign cs4\indesign cs4 crack\keygen.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 4a0924ec5a96895ef65666a0cc97b48c

 

Scan and cleaning complete: Finished correctly after 19101 seconds

 

*********************************** Settings ***********************************

 

Scan profile:

ID: full, enabled:1, value: Full Scan

ID: folderstoscan, enabled:1, value: C:\

ID: useantivirus, enabled:1, value: true

ID: sections, enabled:1

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: true

ID: scanhostsfile, enabled:1, value: true

ID: scanmru, enabled:1, value: true

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: true

ID: onlyexecutables, enabled:1, value: false

ID: skiplargerthan, enabled:1, value: 20480

ID: scanrootkits, enabled:1, value: true

ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

ID: usespywareheuristics, enabled:1, value: true

 

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: N/A

 

Scheduled scan settings:

<Empty>

 

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently

ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily1, enabled:1, value: Daily 1

ID: time, enabled:1, value: Wed Sep 28 00:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily2, enabled:1, value: Daily 2

ID: time, enabled:1, value: Wed Sep 28 06:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily3, enabled:1, value: Daily 3

ID: time, enabled:1, value: Wed Sep 28 12:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily4, enabled:1, value: Daily 4

ID: time, enabled:1, value: Wed Sep 28 18:48:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly1, enabled:1, value: Weekly

ID: time, enabled:1, value: Wed Sep 28 00:48:00 2011

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: true

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: true

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

 

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: autoentertainmentmode, enabled:1, value: true

ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple

ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

 

Realtime protection settings:

ID: realtime, enabled:1

ID: layers, enabled:1

ID: useantivirus, enabled:1, value: true

ID: usespywareheuristics, enabled:1, value: true

ID: maintainbackup, enabled:1, value: true

ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

ID: modules, enabled:1

ID: processprotection, enabled:0, value: true

ID: onaccessprotection, enabled:0, value: true

ID: registryprotection, enabled:0, value: true

ID: networkprotection, enabled:0, value: true

 

 

****************************** System information ******************************

Computer name: RAFAEL

Processor name: Intel® Pentium® 4 CPU 2.40GHz

Processor identifier: x86 Family 15 Model 4 Stepping 1

Processor speed: ~2394MHZ

Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1025, number of processors 1, processor features: [MMX,SSE,SSE2]

Physical memory available: 112476160 bytes

Physical memory total: 534491136 bytes

Virtual memory available: 1895813120 bytes

Virtual memory total: 2147352576 bytes

Memory load: 78%

Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Windows startup mode:

 

Running processes:

PID: 576 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 632 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 656 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 700 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 712 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 880 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 944 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: AUTORIDADE NT

PID: 1012 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 1080 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: AUTORIDADE NT

PID: 1180 name: C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe owner: <UNKNOWN> domain: <UNKNOWN>

PID: 1380 name: C:\WINDOWS\Explorer.EXE owner: wrongdoer domain: RAFAEL

PID: 1436 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 1820 name: C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 1844 name: C:\WINDOWS\system32\hkcmd.exe owner: wrongdoer domain: RAFAEL

PID: 1852 name: C:\WINDOWS\SOUNDMAN.EXE owner: wrongdoer domain: RAFAEL

PID: 1864 name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe owner: wrongdoer domain: RAFAEL

PID: 1872 name: C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe owner: wrongdoer domain: RAFAEL

PID: 1888 name: C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>

PID: 1904 name: C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe owner: wrongdoer domain: RAFAEL

PID: 1928 name: C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe owner: wrongdoer domain: RAFAEL

PID: 1952 name: C:\WINDOWS\system32\ctfmon.exe owner: wrongdoer domain: RAFAEL

PID: 1960 name: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe owner: wrongdoer domain: RAFAEL

PID: 324 name: C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 276 name: C:\Arquivos de programas\Java\jre6\bin\jqs.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 508 name: c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 388 name: C:\WINDOWS\system32\wdfmgr.exe owner: LOCAL SERVICE domain: AUTORIDADE NT

PID: 2660 name: C:\WINDOWS\system32\wbem\wmiapsrv.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 2840 name: C:\WINDOWS\system32\wscntfy.exe owner: wrongdoer domain: RAFAEL

PID: 2884 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: AUTORIDADE NT

PID: 2952 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>

PID: 3140 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: AUTORIDADE NT

PID: 3696 name: C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe owner: wrongdoer domain: RAFAEL

PID: 2608 name: C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe owner: <UNKNOWN> domain: <UNKNOWN>

PID: 3968 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 1556 name: C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-Aware.exe owner: wrongdoer domain: RAFAEL

PID: 3376 name: C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 2288 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 3368 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: AUTORIDADE NT

PID: 1700 name: C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe owner: wrongdoer domain: RAFAEL

 

Startup items:

Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}

imagepath: Pré-carregador Browseui

Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

imagepath: Daemon de cache de categorias de componente

Name: CTFMON.EXE

imagepath: C:\WINDOWS\system32\CTFMON.EXE

Name: PostBootReminder

imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}

Name: CDBurn

imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name: SysTray

imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}

Name: HotKeysCmds

imagepath: C:\WINDOWS\system32\hkcmd.exe

Name: SoundMan

imagepath: SOUNDMAN.EXE

Name: SM56ACL

imagepath: sm56hlpr.exe

Name: HPDJ Taskbar Utility

imagepath: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

Name: avast5

imagepath: "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

Name:

Name: ZoneAlarm Client

imagepath: "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

Name: ISW

imagepath: "C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

Name: RemoteControl

imagepath: "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

Name: NeroFilterCheck

imagepath: C:\WINDOWS\system32\NeroCheck.exe

Name: IgfxTray

imagepath: C:\WINDOWS\system32\igfxtray.exe

Name: GrooveMonitor

imagepath: "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

Name: AdobeCS4ServiceManager

imagepath: "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

Name: Adobe Reader Speed Launcher

imagepath: "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Name:

imagepath: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini

Name:

imagepath: C:\Documents and Settings\Default User\Menu Iniciar\Programas\Inicializar\desktop.ini

 

Bootexecute items:

Name:

imagepath: autocheck autochk *

 

Running services:

Name: AdvancedSystemCareService

displayname: Advanced SystemCare Service

Name: ALG

displayname: Serviço 'Gateway de camada de aplicativo'

Name: AudioSrv

displayname: Áudio do Windows

Name: avast! Antivirus

displayname: avast! Antivirus

Name: BITS

displayname: Serviço de transferência inteligente de plano de fundo

Name: Browser

displayname: Localizador de computadores

Name: CryptSvc

displayname: Serviços de criptografia

Name: DcomLaunch

displayname: Inicializador de Processo de Servidor DCOM

Name: Dhcp

displayname: Cliente DHCP

Name: Dnscache

displayname: Cliente DNS

Name: Eventlog

displayname: Log de eventos

Name: EventSystem

displayname: Sistema de eventos COM+

Name: FastUserSwitchingCompatibility

displayname: Compatibilidade com 'Troca rápida de usuário'

Name: HTTPFilter

displayname: HTTP SSL

Name: IswSvc

displayname: ZoneAlarm Toolbar IswSvc

Name: JavaQuickStarterService

displayname: Java Quick Starter

Name: lanmanserver

displayname: Servidor

Name: lanmanworkstation

displayname: Estação de trabalho

Name: Netman

displayname: Conexões de rede

Name: Nla

displayname: Reconhecimento de local da rede (NLA)

Name: PlugPlay

displayname: Plug and Play

Name: PolicyAgent

displayname: Serviços IPSEC

Name: ProtectedStorage

displayname: Armazenamento protegido

Name: PSI_SVC_2

displayname: Protexis Licensing V2

Name: RasMan

displayname: Gerenciador de conexão de acesso remoto

Name: RpcSs

displayname: Chamada de procedimento remoto (RPC)

Name: SamSs

displayname: Gerenciador de contas de segurança

Name: Schedule

displayname: Agendador de tarefas

Name: seclogon

displayname: Logon secundário

Name: SENS

displayname: Notificação de eventos de sistema

Name: SharedAccess

displayname: Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS)

Name: ShellHWDetection

displayname: Detecção do hardware do shell

Name: Spooler

displayname: Spooler de impressão

Name: srservice

displayname: Serviço de restauração do sistema

Name: SSDPSRV

displayname: Serviço de descoberta SSDP

Name: TapiSrv

displayname: Telefonia

Name: TermService

displayname: Serviços de terminal

Name: Themes

displayname: Temas

Name: UMWdf

displayname: Windows User Mode Driver Framework

Name: vsmon

displayname: TrueVector Internet Monitor

Name: W32Time

displayname: Horário do Windows

Name: winmgmt

displayname: Testador de instrumentação de gerenciam. do Windows

Name: WmiApSrv

displayname: Adaptador de desempenho WMI

Name: wscsvc

displayname: Central de Segurança

Name: wuauserv

displayname: Atualizações Automáticas

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

[Power Max 54]

:seta: Faça uma nova limpeza com o Ad-Remover

______________________

 

:seta: Na sua próxima resposta poste o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[2].log juntamente com novo log do Hijackthis e nos diga como está seu PC depois disto.

[wrongdoer 0]

Log Hijack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:35:51, on 29/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\Alwil Software\Avast5\setup\avast.setup

C:\Documents and Settings\wrongdoer\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Arquivos de programas\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sM56ACL] sm56hlpr.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Arquivos de programas\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Speedy.lnk = ?

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1229926012593

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228830943531

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7949F209-ABF5-4046-9D63-ABA1F07D9A16}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Arquivos de programas\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Arquivos de programas\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 10075 bytes

 

___________________________________________________________________________________

 

Log Ad

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 01:25:34 on 29/09/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

wrongdoer@RAFAEL ( )

 

============== ACTION(S) ==============

 

 

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

File deleted: C:\Documents and Settings\wrongdoer\Dados de aplicativos\Mozilla\FireFox\Profiles\dum0u5gf.default\searchplugins\conduit.xml

Folder deleted: C:\Documents and Settings\wrongdoer\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Documents and Settings\wrongdoer\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\wrongdoer\Dados de aplicativos\Mozilla\FireFox\Profiles\dum0u5gf.default\Prefs.js --

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2645238&octid=...

Line deleted: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\wrongdoer\\Dados d...

Line deleted: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");

Line deleted: user_pref("CommunityToolbar.globalUserId", "0f3de2fe-0791-4629-a2fd-69bafd406527");

Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line deleted: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.notifications.locale", "en");

Line deleted: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Sep 05 2011 18:50:18 GMT-0300 (H...

Line deleted: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Line deleted: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.notifications.userId", "49c1914c-83d5-496c-881f-11d12558c5bb");

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{70B07F69-5796-4F8D-BF4C-9B3151012CB1}

Key deleted: HKLM\Software\Classes\CLSID\{AC6240AE-33B6-40D3-8683-31BBE86049A0}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6240AE-33B6-40D3-8683-31BBE86049A0}

Key deleted: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT2645238

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F19E20D4-4E9C-497F-B333-1F13B87C7D39}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

 

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [7.0 (pt-BR)] ****

 

HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)

HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

 

-- C:\Documents and Settings\wrongdoer\Dados de aplicativos\Mozilla\FireFox\Profiles\dum0u5gf.default --

Extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} (ZoneAlarm Security Community Toolbar)

Prefs.js - browser.startup.homepage, www.uol.com.br

Prefs.js - browser.startup.homepage_override.buildID, 20110922153450

Prefs.js - browser.startup.homepage_override.mstone, rv:7.0

 

========================================

 

**** Google Chrome Version [14.0.835.186] ****

 

Extension\icmlaeflemplmjndnaapfdbbnpncnbda (C:\Arquivos de programas\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx) (?)

 

-- C:\Documents and Settings\wrongdoer\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Preferences - homepage: hxxp://www.google.com/

Preferences - homepage_is_newtabpage: true

Plugin - Chrome NaCl (Enabled: false) (C:\Documents and Settings\wrongdoer\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll) (x)

Plugin - RealJukebox NS Plugin (Enabled: true) (C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll)

Plugin - Unity Player (Enabled: true) (C:\Documents and Settings\wrongdoer\Configura\u00E7\u00F5es locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll) (x)

Plugin - "Java" (Enabled: true)

Plugin - "Chrome NaCl" (Enabled: false)

Plugin - "npFFApi" (Enabled: true)

Plugin - "RealJukebox NS Plugin" (Enabled: true)

Plugin - "Unity Player" (Enabled: true)

 

========================================

 

**** Internet Explorer Version [6.0.2900.5512] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{91da5e8a-3318-4f8c-b67e-5964de3ab546} - "ZoneAlarm Security Toolbar" (C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll)

HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)

HKCU_Toolbar\WebBrowser|{4064EA35-578D-4073-A834-C96D82CBCF40} (C:\Arquivos de programas\Save Flash\SaveFlash.dll)

HKCU_Toolbar\WebBrowser|{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} (C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll)

HKLM_Toolbar|{4064EA35-578D-4073-A834-C96D82CBCF40} (C:\Arquivos de programas\Save Flash\SaveFlash.dll)

HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

HKLM_Toolbar|{91da5e8a-3318-4f8c-b67e-5964de3ab546} (C:\Arquivos de programas\ZoneAlarm_Security\prxtbZone.dll)

HKLM_ElevationPolicy\{6AACA230-3C43-434D-8788-08DB36FCA026} - C:\Arquivos de programas\ZoneAlarm_Security\ZoneAlarm_SecurityToolbarHelper.exe (?)

HKLM_ElevationPolicy\{C29DE143-AED0-4C24-9200-71D94A4A1C56} - C:\Documents and Settings\wrongdoer\Configurações locais\Dados de aplicativos\Conduit\CT2645238\ZoneAlarm_SecurityAutoUpdateHelper.exe (x)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 271 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 27 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 05/09/2011 18:00:23 (6158 Byte(s))

C:\Ad-Report-CLEAN[2].txt - 29/09/2011 01:25:41 (8316 Byte(s))

 

End at: 01:27:02, 29/09/2011

 

============== E.O.F ==============

[Power Max 54]

:) Outros problemas foram removidos pelo Ad-Remover.

_____________________

 

:seta: Como está o PC atualmente?

[wrongdoer 0]

O pc agora está bom, a lentidão agora acho que é por causa da configuração.

[Power Max 54]

O pc agora está bom, a lentidão agora acho que é por causa da configuração.

:) Ficamos felizes que o problema foi resolvido. Quanto à configuração, para que o PC fique realmente rápido é muito importante que você tenha uma memória Ram potente (atualmente é recomendado pelo menos 4 Gb de memória Ram), também é muito importante que você tenha um bom processador. Também é muito importante que você tenha uma boa placa de vídeo para rodar bem os jogos, caso você goste de jogar no PC.

___________________

 

:seta: Abra o Ad-remover > clique no botão Uninstall > aí é só ir seguindo os passos que ele te mostra para desinstalá-lo.

 

Pode desinstalar o Ad-aware e o Norman Malware Cleaner também.

____________________

 

:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

 

Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

_____________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

Ccleaner

 

Auslogics Disk Defrag

 

SpywareBlaster

 

Siga também as dicas deste tutorial:

 

Dicas para deixar seu computador mais rápido e eficiente

________________________

 

:thumbsup: Foi um prazer ajudar, conte sempre conosco!