[Arquivado] runtime error program c windows explorer.exe abnormal

[Codename Dakota 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:21:14, on 26/11/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG2013\avgrsx.exe

C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\AVG\AVG2013\avgui.exe

C:\Arquivos de programas\AVG Secure Search\vprot.exe

C:\Arquivos de programas\Spybot - Search & Destroy 2\SDTray.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe

C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe

C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Arquivos de programas\Spyware Terminator\st_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\TARCILO\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCyB0CyEtBtA0E0DzztByCtD0BtDtN0D0Tzu0StByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=367203477

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\ARQUIV~1\Funmoods\1.5.23.22\bh\escort.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\ARQUIV~1\Funmoods\1.5.23.22\escorTlbr.dll (file missing)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKLM\..\Run: [spywareTerminatorShield] C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

O4 - HKLM\..\Run: [spywareTerminatorUpdater] C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TARCILO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

O20 - AppInit_DLLs: c:\docume~1\alluse~1\dadosd~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\docume~1\alluse~1\dadosd~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Arquivos de programas\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\st_rsser.exe

O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

 

--

End of file - 14000 bytes

 

Sei que alguém vai ter que gastar o seu tempo resolvendo meu problema e por isso ficarei muito agradecido , pois tentei resolver sozinho e não consegui. Mais uma vez obrigado pela ajuda.

[wings 22]

Olá Codename Dakota

 

 

:seta: Desinstale o Spybot

 

 

:seta: Baixe o Junkware Removal Tool (...de Thisisu) e salve-o no Desktop (Área de Trabalho)

 

*Feche o seu navegador

 

*Execute o JRT.

 

*Tecle [ENTER]

 

 

*Será feito um backup do registro e, em seguida, o programa será executado automaticamente

 

 

*Aguarde...pode demorar.

 

*Cole o relatório apresentado

[Codename Dakota 0]

Aqui esta e mais uma vez obrigado

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.8.6 (12.05.2012:2)

OS: Microsoft Windows XP x86

Ran by TARCILO on qua 05/12/2012 at 18:52:26,23

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\BrowserMngr Start Page

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\BrowserMngrDefaultScope

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bProtectorDefaultScope

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1060284298-842925246-1417001333-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] "hkey_classes_root\escort.escortiepane"

Successfully deleted: [Registry Key] "hkey_classes_root\escort.escortiepane.1"

Successfully deleted: [Registry Key] "hkey_classes_root\f"

Successfully deleted: [Registry Key] "hkey_classes_root\funmoods.dskbnd"

Successfully deleted: [Registry Key] "hkey_classes_root\funmoods.dskbnd.1"

Successfully deleted: [Registry Key] "hkey_classes_root\funmoods.funmoodshlpr"

Successfully deleted: [Registry Key] "hkey_classes_root\funmoods.funmoodshlpr.1"

Successfully deleted: [Registry Key] "hkey_classes_root\funmoodsapp.appcore"

Successfully deleted: [Registry Key] "hkey_classes_root\funmoodsapp.appcore.1"

Successfully deleted: [Registry Key] "hkey_current_user\software\browsermngr"

Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"

Failed to delete: [Registry Key]"hkey_current_user\software\datamngr"

Failed to delete: [Registry Key]"hkey_current_user\software\datamngr_toolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings"

Successfully deleted: [Registry Key] "hkey_current_user\software\smartbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"

Successfully deleted: [Registry Key] "hkey_local_machine\software\browsermngr"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortapp.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escorteng.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortlbr.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\esrv.exe"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\b"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"

Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"

Failed to delete: [Registry Key]"hkey_local_machine\software\datamngr"

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{965b9dbe-b104-44ac-950a-8a5f97aff439}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a9db719c-7156-415e-b49d-bad039de4f13}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f03fd9d0-4f2b-497c-8a71-dd41d70b07d9}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Arquivos de programas\conduit"

Successfully deleted: [Folder] "C:\Documents and Settings\TARCILO\start menu\programs\browser manager"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] "C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\user.js

Successfully deleted: [File] C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\searchplugins\askcom.xml

Successfully deleted: [File] C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\searchplugins\babylonmngr.xml

Successfully deleted: [File] C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\searchplugins\browsemngr.xml

Successfully deleted: [File] C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\searchplugins\search.xml

Successfully deleted: [Folder] C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\smartbar

Successfully deleted: [Folder] C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\extensions\ffxtlbr@funmoods.com

Successfully deleted the following from C:\Documents and Settings\TARCILO\Dados de aplicativos\mozilla\firefox\profiles\uumqiuy0.default\prefs.js

 

user_pref("CT2851643.1000234.TWC_TMP_city", "SAO PAULO");

user_pref("CT2851643.1000234.TWC_TMP_country", "BR");

user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.FirstTime", "true");

user_pref("CT2851643.FirstTimeFF3", "true");

user_pref("CT2851643.UserID", "UN23646055319341749");

user_pref("CT2851643.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT2851643.autoDisableScopes", 0);

user_pref("CT2851643.cbfirsttime", "Tue Oct 09 2012 13:00:00 GMT-0300 (Hora oficial do Brasil)");

user_pref("CT2851643.defaultSearch", "FALSE");

user_pref("CT2851643.embeddedsData", "[{\"appId\":\"129351530870900444\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta

user_pref("CT2851643.enableAlerts", "always");

user_pref("CT2851643.enableSearchFromAddressBar", "FALSE");

user_pref("CT2851643.firstTimeDialogOpened", "true");

user_pref("CT2851643.fixPageNotFoundError", "true");

user_pref("CT2851643.fixPageNotFoundErrorInHidden", "true");

user_pref("CT2851643.fixUrls", true);

user_pref("CT2851643.installId", "fft205.tmp.exe");

user_pref("CT2851643.installType", "XPE");

user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.isNewTabEnabled", true);

user_pref("CT2851643.isPerformedSmartBarTransition", "true");

user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2851643.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"http://uTorrentBarPT.OurToolbar.

user_pref("CT2851643.openThankYouPage", "true");

user_pref("CT2851643.openUninstallPage", "FALSE");

user_pref("CT2851643.search.searchAppId", "129351530870900444");

user_pref("CT2851643.search.searchCount", "0");

user_pref("CT2851643.searchInNewTabEnabledInHidden", "true");

user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851643\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://uTorrentBarPT.OurToolbar.com//xpi\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_PT\"}");

user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2851643.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349798384235");

user_pref("CT2851643.serviceLayer_services_appsMetadata_lastUpdate", "1349798384070");

user_pref("CT2851643.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349798387234");

user_pref("CT2851643.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349798398496");

user_pref("CT2851643.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349798387402");

user_pref("CT2851643.serviceLayer_services_searchAPI_lastUpdate", "1349798381786");

user_pref("CT2851643.serviceLayer_services_serviceMap_lastUpdate", "1349798380374");

user_pref("CT2851643.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349798387335");

user_pref("CT2851643.serviceLayer_services_toolbarSettings_lastUpdate", "1349798381813");

user_pref("CT2851643.serviceLayer_services_translation_lastUpdate", "1349798384141");

user_pref("CT2851643.settingsINI", true);

user_pref("CT2851643.shouldFirstTimeDialog", "false");

user_pref("CT2851643.smartbar.CTID", "CT2851643");

user_pref("CT2851643.smartbar.Uninstall", "0");

user_pref("CT2851643.smartbar.toolbarName", "uTorrentBar_PT ");

user_pref("CT2851643.toolbarBornServerTime", "11-10-2012");

user_pref("CT2851643.toolbarCurrentServerTime", "11-10-2012");

user_pref("avg.install.userHPSettings", "http://search.babylon.com/?affID=110824&tt=091012_24_4112_2&babsrc=HP_ss&mntrId=6c9760b00000000000000017c423ed82");

user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)");

user_pref("backup.old.browser.startup.homepage", "http://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=6c9760b00000000000000017c423ed82");

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.babExt", "");

user_pref("extensions.BabylonToolbar.babTrack", "affID=110823&tt=120912_nocpc_3912_8");

user_pref("extensions.BabylonToolbar.bbDpng", "12");

user_pref("extensions.BabylonToolbar.cntry", "BR");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.dfltSrch", false);

user_pref("extensions.BabylonToolbar.envrmnt", "production");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.hdrMd5", "77C5B9FE31DCDABDA9B118180D22B9B1");

user_pref("extensions.BabylonToolbar.hmpg", false);

user_pref("extensions.BabylonToolbar.id", "6c9760b00000000000000017c423ed82");

user_pref("extensions.BabylonToolbar.instlDay", "15622");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.0.712:58:56");

user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

user_pref("extensions.BabylonToolbar.newTab", false);

user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"1\",\"lastVrsn\":\"1\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.sg", "azb");

user_pref("extensions.BabylonToolbar.smplGrp", "azb");

user_pref("extensions.BabylonToolbar.srcExt", "ss");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=6c9760b00000000000000017c423ed82&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");

user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.0.712:58:56");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=120912_nocpc_3912_8");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.712:58:56");

user_pref("extensions.enabledAddons", "{EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3,ffxtlbr@babylon.com:1.5.0,ffxtlbr@funmoods.com:1.5.1,{b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.765.24,{82AF8DCA-6DE9-

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,toolbar@ask.com:3.9.1.100006,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.

user_pref("extensions.funmoods.aflt", "ironpub");

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.cntry", "BR");

user_pref("extensions.funmoods.cv", "cv5");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.hdrMd5", "3BAD34BA940BB48B12EDF45B5E51D5E6");

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCyB0CyEtBtA0E0DzztByCtD0BtDtN0D0Tzu0StByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=3672034

user_pref("extensions.funmoods.id", "0017C423ED8260B0");

user_pref("extensions.funmoods.instlDay", "15604");

user_pref("extensions.funmoods.instlRef", "ironpub");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.224:5:25");

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

user_pref("extensions.funmoods.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCyB0CyEtBtA0E0DzztByCtD0BtDtN0D0Tzu0StByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=36720

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.sg", "none");

user_pref("extensions.funmoods.smplGrp", "none");

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCyB0CyEtBtA0E0DzztByCtD0BtDtN0D0Tzu0StByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=367

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsnTs", "1.5.23.224:5:25");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.224:5:25");

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on qua 05/12/2012 at 18:58:30,06

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[wings 22]

*Desative temporariamente seu antivírus

 

:seta: Baixe o ComboFix (...de sUBs) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Usuários do Windows XP: Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação. Após a instalação do Console, clique [sim].

 

*Aceite o contrato

 

 

*Aguarde a extração dos arquivos

 

 

*Aguarde a conclusão das etapas...pode demorar!

 

 

*Evite usar o mouse e o teclado. Não use nenhum outro programa até que o ComboFix termine![/b]

 

*Aguarde o término e cole o relatório apresentado

[wings 22]

Tópico Arquivado

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.