[Resolvido] &nbspAnálise de Log - Remoção de Malware

diiork · Abril 2, 2013

Boa tarde! Gostaria que, por favor, analisassem o meu log na busca de qualquer indício malicioso, uma vez que suspeito de invasão. Segue abaixo:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:13:00, on 02/04/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16470)

Boot mode: Normal

Running processes:

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Users\Diio\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Diio\Downloads\HijackThis.exe

C:\Users\Diio\AppData\Local\Google\Chrome\Application\chrome.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files (x86)\Bywifi\bywifiie.dll

O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Diio\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Megacubo] "C:\Program Files (x86)\Megacubo\megacubo.exe" -load:update -type:startup

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: Megacubo.lnk = C:\Program Files (x86)\Megacubo\megacubo.exe

O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)

O9 - Extra 'Tools' menuitem: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NTI, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15369 bytes

wings · Abril 2, 2013

Olá diiork

:seta: Baixe o OTL (...de OldTimer) e salve-o no Desktop (Área de Trabalho)

*Execute-o e selecione:

Verificar All Users
Ignorar Arquivos Microsoft
Verificar Lop
Verificar Purity

*Clique [Verificar]

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

:seta: Acesse este link

*Clique [selecionar arquivo...]

*Localize o relatório OTL.txt, no Desktop, e clique [Abrir]

*Selecione 4 jours

*Clique [Créer le lien Cjoint]

*Cole o link criado ao lado de Le lien a été créé:

*Repita o procedimento para o relatório Extras.txt e cole o link

diiork · Abril 3, 2013

OTL.txt

http://cjoint.com/?3DddZhrrtc5

- -

Extras.txt

http://cjoint.com/?3Ddd0VKc083

wings · Abril 3, 2013

:seta: Baixe o http://download.bleepingcomputer.com/Xplode/AdwCleaner.exe'>AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Feche o seu navegador

*Execute o AdwCleaner e clique [Remover]

http://imgbox.com/adp5cC2y'>

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar

*Cole o relatório apresentado

:seta: Instale o http://www.malwarebytes.org/mbam-download-exe.php'>MalwareBytes (...de RubbeR DuckY)

*Antes de concluir a instalação, desmarque a opção Ativar trial gratuito do Malwarebytes Anti-Malware PRO

http://imgbox.com/acyiQYaG'>

*Aguarde a atualização e o programa será aberto automaticamente

*Selecione [Verificação Rápida]

http://imgbox.com/advi78kZ'>

*Clique[Verificar]

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

diiork · Abril 3, 2013

AdwCleaner

# AdwCleaner v2.200 - Relatório criado em 02/04/2013 às 23:23:15

# Atualizado em 02/04/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate (64 bits)

# Usuário : Diio - DIIO-PC

# Modo de Boot : Normal

# Executado de : C:\Users\Diio\Desktop\AdwCleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\7y5vt285.default\searchplugins\Messenger Plus Smartbar Search.xml

Pasta Removido : C:\Program Files (x86)\Common Files\Speedbit

Pasta Removido : C:\Program Files (x86)\Conduit

Pasta Removido : C:\ProgramData\Ask

Pasta Removido : C:\ProgramData\boost_interprocess

Pasta Removido : C:\ProgramData\Speedbit

Pasta Removido : C:\Users\Administrador\AppData\LocalLow\Conduit

Pasta Removido : C:\Users\Administrador\AppData\LocalLow\Speedbit

Pasta Removido : C:\Users\Diio\AppData\Local\APN

Pasta Removido : C:\Users\Diio\AppData\Local\Conduit

Pasta Removido : C:\Users\Diio\AppData\Local\Smartbar

Pasta Removido : C:\Users\Diio\AppData\LocalLow\Conduit

Pasta Removido : C:\Users\Diio\AppData\LocalLow\Smartbar

Pasta Removido : C:\Users\Diio\AppData\LocalLow\Speedbit

Pasta Removido : C:\Users\Diio\AppData\Roaming\cacaoweb

Pasta Removido : C:\Users\Diio\AppData\Roaming\Mozilla\Firefox\Profiles\2oonjmmh.default\CT2851643

Pasta Removido : C:\Users\Diio\AppData\Roaming\Mozilla\Firefox\Profiles\2oonjmmh.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}

Pasta Removido : C:\Users\Diio\AppData\Roaming\Mozilla\Firefox\Profiles\2oonjmmh.default\extensions\cacaoweb@cacaoweb.org

Pasta Removido : C:\Users\Diio\AppData\Roaming\Mozilla\Firefox\Profiles\2oonjmmh.default\extensions\staged

Pasta Removido : C:\Users\Diio\AppData\Roaming\Mozilla\Firefox\Profiles\2oonjmmh.default\Smartbar

***** [Registro] *****

Chave Removida : HKCU\Software\AppDataLow\Software\Conduit

Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar

Chave Removida : HKCU\Software\cacaoweb

Chave Removida : HKCU\Software\Conduit

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09E90109-A9AA-4980-BCEF-76F8D924E902}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}

Chave Removida : HKCU\Software\SpeedBit

Chave Removida : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel

Chave Removida : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm

Chave Removida : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar

Chave Removida : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Chave Removida : HKLM\Software\Conduit

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09E90109-A9AA-4980-BCEF-76F8D924E902}

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Chave Removida : HKLM\Software\SpeedBit

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16470

Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid=ad718efa-dcd6-498b-9b7c-64c7f7f5cf06&sp=addr&q={searchTerms}&t=a1211 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (pt-BR)

Arquivo : C:\Users\Diio\AppData\Roaming\Mozilla\Firefox\Profiles\2oonjmmh.default\prefs.js

Removida : user_pref("CT2851643.1000234.TWC_TMP_city", "SAO PAULO");

Removida : user_pref("CT2851643.1000234.TWC_TMP_country", "BR");

Removida : user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Removida : user_pref("CT2851643.FirstTime", "true");

Removida : user_pref("CT2851643.FirstTimeFF3", "true");

Removida : user_pref("CT2851643.LoginRevertSettingsEnabled", true);

Removida : user_pref("CT2851643.RevertSettingsEnabled", true);

Removida : user_pref("CT2851643.UserID", "UN54662675669730836");

Removida : user_pref("CT2851643.addressBarTakeOverEnabledInHidden", "true");

Removida : user_pref("CT2851643.autoDisableScopes", -1);

Removida : user_pref("CT2851643.cbfirsttime.enc", "RnJpIEphbiAxMSAyMDEzIDE4OjQxOjAyIEdNVC0wMzAwIChIb3JhIG9maWNp[...]

Removida : user_pref("CT2851643.defaultSearch", "false");

Removida : user_pref("CT2851643.enableAlerts", "always");

Removida : user_pref("CT2851643.enableFix404ByUser", "FALSE");

Removida : user_pref("CT2851643.enableSearchFromAddressBar", "false");

Removida : user_pref("CT2851643.firstTimeDialogOpened", "true");

Removida : user_pref("CT2851643.fixPageNotFoundError", "true");

Removida : user_pref("CT2851643.fixPageNotFoundErrorByUser", "true");

Removida : user_pref("CT2851643.fixPageNotFoundErrorInHidden", "true");

Removida : user_pref("CT2851643.fixUrls", true);

Removida : user_pref("CT2851643.installType", "xpe");

Removida : user_pref("CT2851643.isCheckedStartAsHidden", true);

Removida : user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.isFirstTimeToolbarLoading", "false");

Removida : user_pref("CT2851643.isNewTabEnabled", false);

Removida : user_pref("CT2851643.isPerformedSmartBarTransition", "true");

Removida : user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Removida : user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.lastVersion", "10.14.42.7");

Removida : user_pref("CT2851643.migrateAppsAndComponents", true);

Removida : user_pref("CT2851643.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fapkbr.com%2Fapli[...]

Removida : user_pref("CT2851643.openThankYouPage", "true");

Removida : user_pref("CT2851643.openUninstallPage", "false");

Removida : user_pref("CT2851643.revertSettingsEnabled", "false");

Removida : user_pref("CT2851643.search.searchAppId", "129351530870900444");

Removida : user_pref("CT2851643.search.searchCount", "0");

Removida : user_pref("CT2851643.searchInNewTabEnabled", "false");

Removida : user_pref("CT2851643.searchInNewTabEnabledByUser", "false");

Removida : user_pref("CT2851643.searchInNewTabEnabledInHidden", "true");

Removida : user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Removida : user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Removida : user_pref("CT2851643.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357940458669");

Removida : user_pref("CT2851643.serviceLayer_services_appsMetadata_lastUpdate", "1357940458526");

Removida : user_pref("CT2851643.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357940459640");

Removida : user_pref("CT2851643.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358736066551");

Removida : user_pref("CT2851643.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359690632888");

Removida : user_pref("CT2851643.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361721439538");

Removida : user_pref("CT2851643.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357940459808");

Removida : user_pref("CT2851643.serviceLayer_services_searchAPI_lastUpdate", "1357940454896");

Removida : user_pref("CT2851643.serviceLayer_services_serviceMap_lastUpdate", "1361721438264");

Removida : user_pref("CT2851643.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357940459733");

Removida : user_pref("CT2851643.serviceLayer_services_toolbarSettings_lastUpdate", "1361721438777");

Removida : user_pref("CT2851643.serviceLayer_services_translation_lastUpdate", "1361721438745");

Removida : user_pref("CT2851643.settingsINI", true);

Removida : user_pref("CT2851643.shouldFirstTimeDialog", "false");

Removida : user_pref("CT2851643.smartbar.CTID", "CT2851643");

Removida : user_pref("CT2851643.smartbar.Uninstall", "0");

Removida : user_pref("CT2851643.smartbar.isHidden", true);

Removida : user_pref("CT2851643.smartbar.toolbarName", "uTorrentBar_PT ");

Removida : user_pref("CT2851643.startPage", "false");

Removida : user_pref("CT2851643.toolbarBornServerTime", "12-1-2013");

Removida : user_pref("CT2851643.toolbarCurrentServerTime", "24-2-2013");

Removida : user_pref("CT2851643_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Removida : user_pref("extensions.enabledAddons", "%7BF17C1572-C9EC-4e5c-A542-D05CBB5C5A08%7D:10.0.2.6,daplinkch[...]

Removida : user_pref("smartbar.machineId", "POQJXXPQT31T+COAIO+X9IFSYBIJA/PFWWDTSPQWY/6PLLSRPG4RZ/ASFVWEFXC74JH[...]

Arquivo : C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\7y5vt285.default\prefs.js

Removida : user_pref("browser.search.selectedEngine", "Messenger Plus Smartbar Search");

Removida : user_pref("browser.startup.homepage", "hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=Mes[...]

Removida : user_pref("extensions.helperbar.SmartbarDisabled", false);

Removida : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Removida : user_pref("keyword.URL", "hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co[...]

-\\ Google Chrome v26.0.1410.43

Arquivo : C:\Users\Diio\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

Arquivo : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.1985] : homepage = "hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=BR&userid[...]

Removida [l.2345] : urls_to_restore_on_startup = [ "hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=Mes[...]

*************************

AdwCleaner[s1].txt - [12520 octets] - [02/04/2013 23:23:15]

########## EOF - C:\AdwCleaner[s1].txt - [12581 octets] ##########

- - -

MalwareBytes

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados: v2013.04.03.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Diio :: DIIO-PC [administrador]

02/04/2013 23:34:04

mbam-log-2013-04-02 (23-34-04).txt

Tipo de Verificação: Verificação Rápida

Opções de verificação desativadas: P2P

Objetos escaneados: 256131

Tempo decorrido: 4 minuto(s), 44 segundo(s)

Processos de Memória Detectados: 0