[Resolvido] &nbspSite abre sozinho quando ligo computador, denovo

[Cain Bauer 0]

bem, eu não sei bem como isso aconteceu, eu fiquei fora o final de semana e quando voltei eu resolvi ligar o PC e abriu uma pagina do internet explorer, a URL tava com um endereço de IP eu acho, mas o site não conectou porque minha internet não conecta automaticamente, sorte :)

 

eu olhei outros tópicos mas pelo que parece esse tipo de problema parece mudar de usuário pra usuário (corrija-me se estiver errado) e... bem eu realizei um scan com o hijackthis e estou com o log aqui(não mexi em nada além disso)

 

aqui está:

 

<spoiler>Logfile of HijackThis v1.99.1

Scan saved at 16:41:22, on 26/03/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16800)

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\DAEMON Tools Pro\DTAgent.exe

D:\Arquivos de Programas\Steam\steam.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\notepad.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\notepad.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\WerFault.exe

C:\Windows\explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=pcmega&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll

R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: uTorrentBar_PT - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll

O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKCU\..\Run: [steam] "D:\Arquivos de Programas\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

O4 - Startup: arg13833.exe.lnk = C:\Windows\System32\rundll32.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{660EBA62-5E09-44E6-BD6B-B55B0890570E}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

 

</spoiler>

 

agradeço a ajuda desde já

[wings 22]

Olá Cain Bauer

 

 

1.

*Baixe o AdwCleaner de Xplode e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique [Delete]

*Cole o relatório apresentado

 

Olá Cain Bauer

 

 

1.

*Baixe o AdwCleaner de Xplode e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique [Delete]

*Cole o relatório apresentado

[Cain Bauer 0]

eu fiz o que você falou e pediu pra reiniciar, beleza eu reiniciei...

 

...a página tentou abrir denovo e, aconteceu uma coisa estranha, o log estava constando como aberto no gerenciador de tarefas, mas não da pra ver ele na barra de tarefas nem na desktop :huh: e agora? fiquei confuso

 

EDITADO: espera eu achei, estava salvo em C: :clap: :blush:

 

aqui está o log:

 

# AdwCleaner v1.503 - Logfile created 03/27/2012 at 16:15:12

# Updated 24/03/2012 by Xplode

# Operating system : Windows 7 Professional (32 bits)

# User : Alan - ALAN-PC

# Running from : C:\Users\Alan\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Alan\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Alan\AppData\Roaming\GetRightToGo

Folder Deleted : C:\Users\Alan\AppData\Local\Babylon

Folder Deleted : C:\Users\Alan\AppData\Local\Conduit

Folder Deleted : C:\Users\Alan\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Alan\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\ConduitEngine

Folder Deleted : C:\Users\Alan\AppData\Roaming\Mozilla\FireFox\Profiles\0u7md35k.default\ConduitCommon

File Deleted : C:\Windows\system32\conduitEngine.tmp

 

***** [H. Navipromo] *****

 

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Key Deleted : HKCU\Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\conduitEngine

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=pcmega&s={searchTerms}&f=4 --> hxxp://www.google.fr

 

-\\ Mozilla Firefox v10.0.2 (pt-BR)

 

Profile name : default

File : C:\Users\Alan\AppData\Roaming\Mozilla\FireFox\Profiles\0u7md35k.default\prefs.js

 

Deleted : user_pref("CT2737658..clientLogIsEnabled", true);

Deleted : user_pref("CT2737658..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2737658..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2737658.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2737658.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2737658.BrowserCompStateIsOpen_129674830183032820", true);

Deleted : user_pref("CT2737658.CTID", "CT2737658");

Deleted : user_pref("CT2737658.CurrentServerDate", "26-1-2012");

Deleted : user_pref("CT2737658.DSInstall", false);

Deleted : user_pref("CT2737658.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2737658.DialogsGetterLastCheckTime", "Thu Jan 26 2012 17:10:38 GMT-0200");

Deleted : user_pref("CT2737658.DownloadReferralCookieData", "");

Deleted : user_pref("CT2737658.FeedLastCount129531111962231774", 400);

Deleted : user_pref("CT2737658.FeedPollDate128932492092456574", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedPollDate129066712740779554", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedPollDate129182867803381395", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedPollDate129531111962241536", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedPollDate129531111962251297", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedPollDate129531111962251298", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedPollDate129531111962251299", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedPollDate129531111962251300", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.FeedTTL128932492092456574", 40);

Deleted : user_pref("CT2737658.FeedTTL129066712740779554", 40);

Deleted : user_pref("CT2737658.FeedTTL129182867803381395", 40);

Deleted : user_pref("CT2737658.FeedTTL129531111962241536", 40);

Deleted : user_pref("CT2737658.FeedTTL129531111962251297", 40);

Deleted : user_pref("CT2737658.FeedTTL129531111962251298", 40);

Deleted : user_pref("CT2737658.FeedTTL129531111962251299", 40);

Deleted : user_pref("CT2737658.FeedTTL129531111962251300", 40);

Deleted : user_pref("CT2737658.FirstServerDate", "8-1-2012");

Deleted : user_pref("CT2737658.FirstTime", true);

Deleted : user_pref("CT2737658.FirstTimeFF3", true);

Deleted : user_pref("CT2737658.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2737658.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2737658.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2737658.HPInstall", false);

Deleted : user_pref("CT2737658.HasUserGlobalKeys", true);

Deleted : user_pref("CT2737658.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2737658.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CT2737658.Initialize", true);

Deleted : user_pref("CT2737658.InitializeCommonPrefs", true);

Deleted : user_pref("CT2737658.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2737658.InstallationId", "ConduitNSISIntegration");

Deleted : user_pref("CT2737658.InstallationType", "ConduitXPEIntegration");

Deleted : user_pref("CT2737658.InstalledDate", "Sun Jan 08 2012 17:35:23 GMT-0200");

Deleted : user_pref("CT2737658.InvalidateCache", false);

Deleted : user_pref("CT2737658.IsAlertDBUpdated", true);

Deleted : user_pref("CT2737658.IsGrouping", false);

Deleted : user_pref("CT2737658.IsInitSetupIni", true);

Deleted : user_pref("CT2737658.IsMulticommunity", false);

Deleted : user_pref("CT2737658.IsOpenThankYouPage", false);

Deleted : user_pref("CT2737658.IsOpenUninstallPage", true);

Deleted : user_pref("CT2737658.LanguagePackLastCheckTime", "Thu Jan 26 2012 17:10:38 GMT-0200");

Deleted : user_pref("CT2737658.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2737658.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2737658.LastLogin_3.8.1.0", "Sun Jan 08 2012 17:35:24 GMT-0200");

Deleted : user_pref("CT2737658.LastLogin_3.9.0.3", "Thu Jan 26 2012 17:10:38 GMT-0200");

Deleted : user_pref("CT2737658.LatestVersion", "3.9.0.3");

Deleted : user_pref("CT2737658.Locale", "en");

Deleted : user_pref("CT2737658.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2737658.MCDetectTooltipShow", false);

Deleted : user_pref("CT2737658.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2737658.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2737658.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2737658.OriginalFirstVersion", "3.8.1.0");

Deleted : user_pref("CT2737658.RadioIsPodcast", false);

Deleted : user_pref("CT2737658.RadioLastCheckTime", "Thu Jan 26 2012 17:10:39 GMT-0200");

Deleted : user_pref("CT2737658.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2737658.RadioLastUpdateServer", "129259829623770000");

Deleted : user_pref("CT2737658.RadioMediaID", "21145355");

Deleted : user_pref("CT2737658.RadioMediaType", "Media Player");

Deleted : user_pref("CT2737658.RadioMenuSelectedID", "EBRadioMenu_CT273765821145355");

Deleted : user_pref("CT2737658.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT2737658.RadioStationName", "Classic%20Rock");

Deleted : user_pref("CT2737658.RadioStationURL", "hxxp://www.gotradio.com/player/launch.asp?id=22&cr=lb");

Deleted : user_pref("CT2737658.SearchCaption", "FreeOnlineRadioPlayerRecorder Customized Web Search");

Deleted : user_pref("CT2737658.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Deleted : user_pref("CT2737658.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2737658.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]

Deleted : user_pref("CT2737658.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2737658.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2737658.SearchInNewTabLastCheckTime", "Thu Jan 26 2012 17:10:35 GMT-0200");

Deleted : user_pref("CT2737658.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2737658.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT2737658.SearchProtectorEnabled", false);

Deleted : user_pref("CT2737658.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2737658.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2737658.ServiceMapLastCheckTime", "Thu Jan 26 2012 17:10:38 GMT-0200");

Deleted : user_pref("CT2737658.SettingsLastCheckTime", "Thu Jan 26 2012 19:48:33 GMT-0200");

Deleted : user_pref("CT2737658.SettingsLastUpdate", "1326723880");

Deleted : user_pref("CT2737658.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2737658&SearchSource=13");

Deleted : user_pref("CT2737658.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2737658.ThirdPartyComponentsLastCheck", "Sun Jan 08 2012 17:35:22 GMT-0200");

Deleted : user_pref("CT2737658.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT2737658.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2737658.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2737658");

Deleted : user_pref("CT2737658.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2737658.UserID", "UN22293349376578786");

Deleted : user_pref("CT2737658.ValidationData_Toolbar", 1);

Deleted : user_pref("CT2737658.alertChannelId", "1129903");

Deleted : user_pref("CT2737658.approveUntrustedApps", false);

Deleted : user_pref("CT2737658.autoDisableScopes", -1);

Deleted : user_pref("CT2737658.backendstorage.2737658a129531115111807042000000paramsgk0", "7B22757064617465526[...]

Deleted : user_pref("CT2737658.backendstorage.autocompletepro_enable", "31");

Deleted : user_pref("CT2737658.backendstorage.autocompletepro_enable_auto", "31");

Deleted : user_pref("CT2737658.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A226874[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat0", "253542253742253232[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat1", "253542253742253232[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat2", "253542253742253232[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000cat3", "253542253742253232[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000embeddedversion", "322E352[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000feedsobj", "25374225323263[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000lastreporttime", "31333237[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000newfeeds", "6E657746656564[...]

Deleted : user_pref("CT2737658.backendstorage.rssapp2737658a129531115111807042000000readitemsarr", "2537422532[...]

Deleted : user_pref("CT2737658.components.129259757953821942", false);

Deleted : user_pref("CT2737658.components.129259760344446300", false);

Deleted : user_pref("CT2737658.components.129277241445125446", false);

Deleted : user_pref("CT2737658.components.129277327239188331", false);

Deleted : user_pref("CT2737658.components.129470085023044272", false);

Deleted : user_pref("CT2737658.components.129470085023513023", false);

Deleted : user_pref("CT2737658.components.129484502394931893", false);

Deleted : user_pref("CT2737658.components.129484520900913322", false);

Deleted : user_pref("CT2737658.components.129531105821547783", false);

Deleted : user_pref("CT2737658.components.129531111962231774", false);

Deleted : user_pref("CT2737658.components.129531115111807042", false);

Deleted : user_pref("CT2737658.components.129531115225849625", false);

Deleted : user_pref("CT2737658.components.129531118085217279", false);

Deleted : user_pref("CT2737658.components.129674830183032820", false);

Deleted : user_pref("CT2737658.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2737658.globalFirstTimeInfoLastCheckTime", "Mon Jan 23 2012 10:40:49 GMT-0200");

Deleted : user_pref("CT2737658.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2737658.initDone", true);

Deleted : user_pref("CT2737658.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2737658.isFirstRadioInstallation", false);

Deleted : user_pref("CT2737658.myStuffEnabled", true);

Deleted : user_pref("CT2737658.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2737658.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2737658.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2737658.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2737658.oldAppsList", "129258407936791974,129258407936791975,111,1000082,12953110582154[...]

Deleted : user_pref("CT2737658.revertSettingsEnabled", true);

Deleted : user_pref("CT2737658.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2737658.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2737658.testingCtid", "");

Deleted : user_pref("CT2737658.toolbarAppMetaDataLastCheckTime", "Thu Jan 26 2012 17:10:38 GMT-0200");

Deleted : user_pref("CT2737658.toolbarContextMenuLastCheckTime", "Mon Jan 23 2012 10:40:49 GMT-0200");

Deleted : user_pref("CT2737658.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2737658/CT2737658[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1129903/1125592/BR", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2737658", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2737658",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"ad274588f3bd26522a4f[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"4dbb594104eb9e53bbe[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"0b92c2bb47276071312[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"9610d5dc060292b5520[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"dc1a7db2503adfcf402[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"a1fd8ac80f922382354[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"36696abc35702b8e4512a[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"abd820e70c1d253849d1a[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alan\\AppData\\Roaming\\Mozilla\\Fi[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2737658");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2737658");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2737658");

Deleted : user_pref("CommunityToolbar.globalUserId", "389495c9-fd25-42fb-a4cb-bdd0e1f8b071");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2737658");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 23 2012 10:40:5[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Jan 26 2012 17:10:44 GMT-020[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jan 26 2012 17:10:38 GMT-0200");

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "db855d0e-6fd2-493d-afa6-7e0b9d63dc2a");

Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200"[...]

Deleted : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200[...]

Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200[...]

Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200[...]

Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200[...]

Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200[...]

Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200")[...]

Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Thu Jan 26 2012 17:10:40 GMT-0200")[...]

 

-\\ Google Chrome v [unable to get version]

 

File : C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT273765[...]

Deleted : "homepage": "hxxp://search.babylon.com/?babsrc=HP_ss&affID=18401&mntrId=74c540a400000000000000000[...]

 

*************************

 

AdwCleaner[s1].txt - [21605 octets] - [27/03/2012 16:15:12]

 

########## EOF - C:\AdwCleaner[s1].txt - [21734 octets] ##########

[wings 22]

1.

*Execute o AdwCleaner e clique [uninstall]

 

2.

*Baixe o SecurityCheck de screen317 e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Tecle [Enter] e cole o relatório apresentado

 

3.

*Baixe o OTL de Old_Timer e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

 

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop

 

*Caso os relatórios sejam grandes, acesse este link

 

*Cole o relatório OTL.txt no espaço abaixo de New Paste

*Em Paste Expiration selecione: 1 Day

 

*Clique [submit]

*Digite as letras e/ou números que aparecerão e clique [submit]

*Cole o link

*Repita o procedimento para o relatório Extras.txt

 

4.

*Baixe o GMER de Przemyslaw Gmerek e salve-o no desktop

 

Passo importante:

*Desative temporariamente o antivírus e feche todos os programas ativos

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Se receber um aviso sobre atividade de rootkit e se deseja fazer um scan clique [NO]

 

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop com o nome de gmer

*Cole o relatório

 

*Caso o relatório seja grande, acesse este link

 

*Cole o relatório no espaço abaixo de New Paste

*Em Paste Expiration selecione: 1 Day

 

*Clique [submit]

*Digite as letras e/ou números que aparecerão e clique [submit]

*Cole o link

[Cain Bauer 0]

Results of screen317's Security Check version 0.99.24

Windows 7 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

AVG 2012

Norton Internet Security

McAfee Security Scan Plus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Auslogics Registry Cleaner

Java 6 Update 29

Adobe Flash Player 11.1.102.55

````````````````````````````````

Process Check:

objlist.exe by Laurent

IObit IObit Malware Fighter IMFsrv.exe

IObit IObit Malware Fighter IMF.exe

``````````End of Log````````````

 

 

LOG DO OTL:

http://pastebin.com/Etp0UCFa

 

EXTRAS:

http://pastebin.com/Tmcf3aKv

 

GMER:

http://pastebin.com/qDZfDCig

[wings 22]

1.

*Delete o SecurityCheck

 

2.

*Delete o GMER e seu relatório

 

3.

*Instale o MalwareBytes

 

*Aguarde a atualização e o programa será aberto automaticamente

 

*Selecione [Verificação completa]

 

 

*Clique [Verificar] e selecione a partição onde o Windows está instalado ( geralmente C:\ )

 

*Clique [Verificar]

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

[Cain Bauer 0]

aqui está:

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.03.27.08

 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Alan :: ALAN-PC [administrador]

 

27/03/2012 22:31:34

mbam-log-2012-03-27 (22-31-34).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 334282

Tempo decorrido: 47 minuto(s), 59 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 9

C:\Users\Alan\AppData\Local\Temp\arg13833.exe (Trojan.Zbot.Gen) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Alan\Desktop\cru-angbi.spce\cxa3238a\crd.exe (TheftMarker.Crude) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Alan\Desktop\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Alan\Desktop\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Alan\Desktop\Phx_data\Res\RICO.exe (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Alan\Desktop\Phx_data\Res\ss.exe (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files\DAEMON Tools Pro\ind.dll (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files\DAEMON Tools Pro\Lang\ind.dll (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

[wings 22]

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix de sUBs e salve-o no desktop

 

*Execute-o e aceite o contrato

 

*Aguarde a conclusão das etapas

 

 

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

 

*Cole o relatório apresentado

[Cain Bauer 0]

ComboFix 12-03-29.02 - Alan 29/03/2012 14:14:48.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.2047.1386 [GMT -3:00]

Executando de: c:\users\Alan\Desktop\ComboFix.exe

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

/wow section - STAGE 4

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

O arquivo já está sendo usado por outro processo.

Acesso negado.

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Alan\AppData\Local\assembly\tmp

c:\users\Alan\AppData\Roaming\Local

c:\users\Alan\AppData\Roaming\Local\FalloutNV\Fallout.ini

c:\users\Alan\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini

c:\users\Alan\AppData\Roaming\Local\FalloutNV\NVDLCList.txt

c:\users\Alan\AppData\Roaming\Local\FalloutNV\plugins.txt

c:\users\Alan\AppData\Roaming\Local\FalloutNV\RendererInfo.txt

c:\windows\apppatch\AppLoc.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-02-28 to 2012-03-29 ))))))))))))))))))))))))))))

.

.

2012-03-29 17:30 . 2012-03-29 17:31 -------- d-----w- c:\users\Alan\AppData\Local\temp

2012-03-29 17:30 . 2012-03-29 17:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-29 17:30 . 2012-03-29 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-29 16:44 . 2012-03-29 16:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C4D153A-7A8D-4E2B-A013-1C4F3FA51DE5}\offreg.dll

2012-03-28 01:27 . 2012-03-28 01:27 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes

2012-03-28 01:27 . 2012-03-28 01:27 -------- d-----w- c:\programdata\Malwarebytes

2012-03-28 01:27 . 2012-03-28 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-28 01:27 . 2011-12-10 18:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 02:10 . 2012-03-27 02:10 -------- d-----w- c:\users\Alan\AppData\Roaming\Rovio

2012-03-27 02:05 . 2012-03-27 02:05 -------- d-----w- c:\program files\Rovio

2012-03-27 01:20 . 2008-03-18 21:55 233888 ----a-w- c:\windows\system32\DreamScene.dll

2012-03-27 01:13 . 2012-03-27 01:13 -------- d-----w- c:\users\Alan\AppData\Local\ElevatedDiagnostics

2012-03-26 19:38 . 2012-03-26 19:41 -------- d-----w- C:\HijackThis

2012-03-25 18:07 . 2012-03-25 18:07 -------- d-----w- C:\!KillBox

2012-03-25 17:49 . 2012-03-25 17:49 -------- d-----w- c:\programdata\Kaspersky Lab

2012-03-25 16:47 . 2011-06-21 14:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2012-03-25 06:31 . 2012-03-25 06:31 -------- d-----w- c:\users\Alan\AppData\Roaming\InstallShield

2012-03-25 06:20 . 2012-03-25 06:22 -------- d-----w- c:\programdata\AVG Secure Search

2012-03-25 06:20 . 2012-03-25 15:27 -------- d-----w- c:\program files\AVG Secure Search

2012-03-25 06:20 . 2012-03-25 15:27 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-03-25 06:19 . 2012-03-25 15:27 -------- d-----w- c:\programdata\AVG2012

2012-03-25 06:18 . 2012-03-25 15:25 -------- d-----w- c:\program files\AVG

2012-03-22 15:55 . 2012-03-22 15:55 -------- d-----w- c:\users\Alan\AppData\Local\Ares

2012-03-22 15:55 . 2012-03-22 17:38 -------- d-----w- c:\program files\Ares

2012-03-15 18:27 . 2012-03-15 18:27 -------- d-----w- c:\program files\Common Files\Wrye Bash

2012-03-13 01:50 . 2012-03-25 15:25 -------- d-----w- c:\program files\iPod

2012-03-13 01:50 . 2012-03-25 15:27 -------- d-----w- c:\program files\iTunes

2012-03-09 23:31 . 2012-03-09 23:31 -------- d-----w- c:\programdata\Origin

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-15 14:01 . 2012-02-15 14:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 14:01 . 2012-02-15 14:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-02-12 19:51 . 2011-07-31 03:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-05 01:17 . 2011-09-29 19:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]

2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar_PT\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E0301295-AB3E-4AF3-979F-3D453C5F9F48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-01 3077528]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]

"Steam"="d:\arquivos de programas\Steam\steam.exe" [2011-10-17 1242448]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-03 740216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-09-21 273528]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 136176]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 136176]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 267568]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-19 4122968]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-30 1343400]

R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-27 233024]

S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-10-08 18768]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-09-20 19792]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 03:10]

.

2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 03:10]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://google.com/

mStart Page = hxxp://www.poony.info/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{660EBA62-5E09-44E6-BD6B-B55B0890570E}: NameServer = 200.204.0.10 200.204.0.138

FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\0u7md35k.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-03-29 14:37:43

ComboFix-quarantined-files.txt 2012-03-29 17:37

.

Pré-execução: 36.959.907.840 bytes disponíveis

Pós execução: 37.338.091.520 bytes disponíveis

.

- - End Of File - - 3C08AA6DD5E1E4E635554E60BBD6EF77

 

 

O site não abriu até agora, já é a segunda vez que eu ligo :grin: :grin:

[wings 22]

OK...log limpo...:)

 

*Renomei o Combofix para Uninstall

*Execute-o e aguarde a mensagem "ComboFix está desinstalado"

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.