Ir para conteúdo
Entre para seguir isso  
wesley_1

meu PC está estranho

Mensagem Recomendada

wesley_1   

meu computador está super lento. navegador, pastas, tudo! e volta e meia aparece uma mensagem de que o programa parou de funcionar e as opções: reiniciar programa , reiniciar e procurar solução online. não acontece nada se eu fechar , apenas trava rapidamente e volta do jeito que estava.

estou suspeitando que são aquelas barras de navegação (tolbar). exclui todas e continuou parando de funcionar e ainda por cima continua super lento. não sei mais oque fazer.

solicito a analise do log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:00:48, on 14/09/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ClickMeIn\RemoteEngineHelper.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

C:\Windows\RTHDCPL.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\PSafe\Protege\psprotege.exe

C:\Program Files\PSafe\PSafeWDS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\WESLEY\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Media Sharing Plugin - {796A68BB-861C-4888-A229-88DF3274EB9B} - C:\ProgramData\Windows\ntfs64.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [AnySend Updater] C:\Program Files\AnySend\AnySendUpdater.exe

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [8upjmDe] C:\ProgramData\MbtmA4mrKB5f5ca6\LFZ5P0nPbfC9M\AzgN6vsCCiOh\e0MHfMyKiIgFR\7qsQpjrq.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: ClickMeIn Connectivity (ClickMeInConnectivity) - ClickMeIn Limited - C:\Program Files\ClickMeIn\Connectivity.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe

O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe

O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe

O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: ClickMeIn RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files\ClickMeIn\remoteengine.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 10282 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

O PC está infectado..

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
wesley_1   

acabei de ver sua resposta e vou seguir as instruções. obrigado!

esqueci de dizer quando estou navegando na internet aperece do nada mais duas paginas: http://ec2-50-17-117-113.compute-1.amazonaws.com/ e

http://www.clickmein.com/expirednotice/index.html

e que segui todos os procedimento do " leia antes de postar".

LOG DO MALWAREBYTES

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Versão da Base de Dados: v2012.09.15.04

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

WESLEY :: PETROLEIRO [administrador]

Proteção: Permitir

15/09/2012 11:53:27

mbam-log-2012-09-15 (11-53-27).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 230783

Tempo decorrido: 9 minuto(s), 28 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 1

C:\ProgramData\Windows\ntfs64.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

Chaves de Registro Detectadas: 6

HKCR\CLSID\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\WmpShrPl.IEAddon (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Será deletado na próxima inicialização.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 3

C:\ProgramData\Windows\ntfs64.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\Win\names.txt (Worm.AutoIT) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\WLSetup\XSHwogTmyADUZzhq.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

LOG DO HIJACK

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:26:21, on 15/09/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ClickMeIn\RemoteEngineHelper.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

C:\Windows\RTHDCPL.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\PSafe\Protege\psprotege.exe

C:\Program Files\PSafe\PSafeWDS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\WESLEY\Desktop\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [AnySend Updater] C:\Program Files\AnySend\AnySendUpdater.exe

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [8upjmDe] C:\ProgramData\MbtmA4mrKB5f5ca6\LFZ5P0nPbfC9M\AzgN6vsCCiOh\e0MHfMyKiIgFR\7qsQpjrq.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: ClickMeIn Connectivity (ClickMeInConnectivity) - ClickMeIn Limited - C:\Program Files\ClickMeIn\Connectivity.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe

O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe

O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe

O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: ClickMeIn RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files\ClickMeIn\remoteengine.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 10224 bytes

EXCLUIU 10 VÍRUS, VLW! MAS E SE APARECER DO NADA AS PÁGINAS:

http://ec2-50-17-117-113.compute-1.amazonaws.com/

http://www.clickmein.com/expirednotice/index.html

SABE OQUE EU POSSO FAZER?

melhorou muito a máquina, vou testar esses dias pra ver se ficou 100%.

pesso que me indique um bom antivírus mesmo que seja pago. de preferecia aqueles que tenham um tempo de uso gratis para testar. brigadão kra!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Veja neste meu Tópico em Destaque as indicações:Kits de Segurança Free para sua maior Proteção (Y)

Continuando..

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
wesley_1   

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:07:53, on 15/09/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

C:\Windows\RTHDCPL.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\ClickMeIn\RemoteEngineHelper.exe

C:\Program Files\PSafe\Protege\psprotege.exe

C:\Program Files\PSafe\PSafeWDS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\WESLEY\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browsemngr.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: ClickMeIn Connectivity (ClickMeInConnectivity) - ClickMeIn Limited - C:\Program Files\ClickMeIn\Connectivity.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe

O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe

O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe

O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: ClickMeIn RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files\ClickMeIn\remoteengine.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 8878 bytes

log combofix

ComboFix 12-09-15.02 - WESLEY 15/09/2012 21:46:22.1.2 - x86 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2046.1344 [GMT -3:00]

Executando de: c:\users\WESLEY\Downloads\ComboFix.exe

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

ADS - Windows: deleted 192 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\DealPly

c:\program files\DealPly\DealPly.crx

c:\program files\DealPly\DealPlyIE.dll

c:\program files\DealPly\DealPlyTune.dll

c:\program files\DealPly\DealPlyUpdate.exe

c:\program files\DealPly\DealPlyUpdateRun.exe

c:\program files\DealPly\icon.ico

c:\program files\DealPly\uninst.exe

c:\programdata\cbbd037675445900701458b55605317558a9d25d

c:\programdata\Windows

c:\programdata\windows\locale.dat

c:\programdata\WLSetup

c:\users\WESLEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Explorer.lnk

C:\Win

c:\windows\7Loader.TAG

c:\windows\IsUn0416.exe

c:\windows\system32\wpcap.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))

.

.

2012-09-16 00:53 . 2012-09-16 00:53 -------- d-----w- c:\users\Duaite\AppData\Local\temp

2012-09-16 00:53 . 2012-09-16 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-16 00:53 . 2012-09-16 00:53 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2012-09-16 00:53 . 2012-09-16 00:54 -------- d-----w- c:\users\WESLEY\AppData\Local\temp

2012-09-15 15:39 . 2012-09-15 15:40 -------- d-----w- c:\users\WESLEY\AppData\Local\Deployment

2012-09-15 15:39 . 2012-09-15 15:39 -------- d-----w- c:\users\WESLEY\AppData\Local\Apps

2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\users\WESLEY\AppData\Roaming\Malwarebytes

2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\programdata\Malwarebytes

2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-15 14:50 . 2012-09-07 20:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-15 14:25 . 2012-09-15 14:25 -------- d-----w- c:\windows\system32\Lang

2012-09-14 14:13 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC362958-91D7-43CB-87CB-0356DACA58CB}\mpengine.dll

2012-09-13 23:03 . 2012-09-14 22:45 -------- d-----w- c:\users\Convidado\PSafe

2012-09-13 17:18 . 2012-09-13 17:18 -------- d-----w- c:\users\WESLEY\AppData\Local\ElevatedDiagnostics

2012-09-13 15:15 . 2012-09-16 00:25 -------- d-----w- c:\users\WESLEY\PSafe

2012-09-13 07:50 . 2012-09-13 08:03 -------- d-----w- c:\users\Duaite\AppData\Roaming\Positivo

2012-09-13 07:49 . 2012-09-13 17:46 -------- d-----w- C:\Positivo

2012-09-13 07:48 . 2012-09-03 22:34 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys

2012-09-13 07:43 . 2012-09-15 21:38 -------- d-----w- c:\users\Duaite\PSafe

2012-09-13 07:43 . 2012-06-01 00:21 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2012-09-13 07:43 . 2012-06-01 00:21 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2012-09-13 07:42 . 2012-09-16 00:26 -------- d-----w- c:\programdata\PSafe

2012-09-13 07:42 . 2012-06-01 00:21 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2012-09-13 07:42 . 2012-09-13 17:46 -------- d-----w- c:\users\Duaite\AppData\Roaming\AnySend

2012-09-13 07:42 . 2012-09-13 08:01 -------- d-----w- c:\programdata\AnySend

2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\Extensions

2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\searchplugins

2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\programdata\Browser Manager

2012-09-13 07:41 . 2012-09-13 17:46 -------- d-----w- c:\program files\BabylonToolbar

2012-09-13 07:40 . 2012-09-15 15:06 -------- d-----w- c:\program files\ClickMeIn

2012-09-13 07:40 . 2012-09-13 17:46 -------- d-----w- c:\program files\PSafe

2012-09-11 22:18 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-10 01:51 . 2012-09-10 01:51 -------- d-----w- c:\windows\Sun

2012-09-08 05:48 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-09-08 05:48 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-09-08 05:48 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-08 05:48 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-09-08 05:48 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-09-08 05:48 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-09-08 05:47 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr

2012-09-08 05:47 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\programdata\AVAST Software

2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\program files\AVAST Software

2012-09-08 04:27 . 2012-09-09 15:04 -------- d-----w- c:\users\Duaite\AppData\Local\Deployment

2012-09-08 04:27 . 2012-09-08 04:27 -------- d-----w- c:\users\Duaite\AppData\Local\Apps

2012-09-08 04:18 . 2012-09-08 04:18 -------- d-----w- c:\users\Duaite\AppData\Local\ElevatedDiagnostics

2012-09-08 03:57 . 2012-09-08 03:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 03:41 . 2012-09-13 17:46 -------- d-----w- c:\windows\system32\BestPractices

2012-09-08 03:40 . 2012-09-08 03:41 -------- d-----w- C:\inetpub

2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll

2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\program files\Internet Explorer\libgcc_s_dw2-1.dll

2012-09-07 21:58 . 2012-09-07 21:58 -------- d-----w- c:\programdata\Codecentrix

2012-09-07 21:26 . 2012-09-07 21:26 -------- d-sh--w- c:\programdata\MbtmA4mrKB5f5ca6

2012-09-07 19:25 . 2012-09-07 19:25 -------- d-----w- c:\program files\Common Files\Java

2012-09-07 19:25 . 2012-09-07 19:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-22 02:52 . 2012-08-22 02:52 -------- d-----w- c:\program files\PicoZipRT

2012-08-22 02:25 . 2012-08-22 02:25 -------- d-----w- c:\program files\ARAR

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 03:57 . 2011-05-19 21:30 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 19:25 . 2012-05-28 03:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-07 19:25 . 2011-09-22 14:08 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-30 18:56 . 2011-04-25 12:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-08-19 18:43 . 2011-04-28 21:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-08-19 18:43 . 2011-04-25 12:44 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-08-15 02:27 . 2011-05-27 17:17 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-07-18 17:10 . 2012-08-16 13:25 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 21:23 . 2012-08-16 13:25 41472 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 21:23 . 2012-08-16 13:25 102912 ----a-w- c:\windows\system32\browser.dll

2012-06-29 00:16 . 2012-08-16 18:18 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09 . 2012-08-16 18:18 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08 . 2012-08-16 18:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04 . 2012-08-16 18:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00 . 2012-08-16 18:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-23 19:49 . 2012-06-23 19:49 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2007-11-07 03:19 . 2011-12-17 05:08 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll

2007-11-07 03:19 . 2011-12-17 05:08 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]

@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]

2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]

@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]

2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]

@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]

2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Octoshape Streaming Services"="c:\users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]

"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"PSafeSysTray"="c:\program files\PSafe\PSafeSysTray.exe" [2012-09-03 4901128]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOEM.sys [x]

R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [x]

R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [x]

R1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [x]

R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [x]

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]

R2 ClickMeInConnectivity;ClickMeIn Connectivity;c:\program files\ClickMeIn\Connectivity.exe [x]

R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [x]

R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [x]

R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [x]

R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [x]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [x]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

R2 PSafeLockBoxSvc;PSafeLockBoxSvc;c:\program files\PSafe\PSafeCategoryFinder.exe [x]

R2 PSafeSVC;PSafeSVC;c:\program files\PSafe\PSafesvc.exe [x]

R2 PSafeWD;PSafeWD;c:\program files\PSafe\PSafeWD.exe [x]

R2 RemoteEngineService;ClickMeIn RemoteEngine Service;c:\program files\ClickMeIn\remoteengine.exe [x]

R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]

R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Baixar Link Utiizando Gerenciador Mega... - c:\program files\Megaupload\Mega Manager\mm_file.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\DealPly\DealPlyIE.dll

WebBrowser-{E0301295-AB3E-4AF3-979F-3D453C5F9F48} - (no file)

HKCU-Run-Mega Manager - c:\program files\Megaupload\Mega Manager\MegaManager.exe

HKCU-Run-LG LinkAir - (no file)

HKCU-Run-8upjmDe - c:\programdata\MbtmA4mrKB5f5ca6\LFZ5P0nPbfC9M\AzgN6vsCCiOh\e0MHfMyKiIgFR\7qsQpjrq.exe

HKLM-Run-AnySend Updater - c:\program files\AnySend\AnySendUpdater.exe

MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\Update\realsched.exe

AddRemove-DealPly - c:\program files\DealPly\uninst.exe

AddRemove-Free PS Convert driver_is1 - c:\program files\psconvert\unins000.exe

AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\21.0.1180.89\Installer\setup.exe

AddRemove-Picasa 3 - c:\program files\Google\Picasa3\Uninstall.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

AddRemove-Mozilla Firefox 15.0.1 (x86 pt-BR) - c:\program files\Mozilla Firefox\uninstall\helper.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-09-15 21:56:15

ComboFix-quarantined-files.txt 2012-09-16 00:56

.

Pré-execução: 81.535.967.232 bytes disponíveis

Pós execução: 82.714.845.184 bytes disponíveis

.

- - End Of File - - 5AC6BAACD1F7BF14A24D1E3386D8D5D5

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa branca) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::

c:\progra~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll

c:\windows\system32\drivers\360HookOEM.sys

c:\windows\system32\drivers\360FileOem.sys

c:\windows\system32\drivers\360RegOem.sys

c:\windows\system32\drivers\360SpOEM.sys

c:\program files\ClickMeIn\Connectivity.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=-

Driver::

360HookOem

360FileOem

360RegOem

360SpOEM

Browser Manager

ClickMeIn Connectivity

Folder::

c:\programdata\Browser Manager

c:\program files\ClickMeIn

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
wesley_1   

A máquina quase parou! Todos os arquivos estavam constando como não existentes ou não podiam abrir por um erro no win32 ou qualquer outra coisa.

Tentei, então, restaurar o sistema e também aconteceu um erro. Desesperado, reiniciei em modo de segurança e consegui restaurar o sistema. uffa!

o log de depois de ter feito o procedimento indicado não sumiu com a restauração e ficou pra contar história:

ComboFix 12-09-15.02 - WESLEY 16/09/2012 20:47:01.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2046.1170 [GMT -3:00]

Executando de: c:\users\WESLEY\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\WESLEY\Desktop\CFScript.txt

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

FILE ::

"c:\progra~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll"

"c:\program files\ClickMeIn\Connectivity.exe"

"c:\windows\system32\drivers\360FileOem.sys"

"c:\windows\system32\drivers\360HookOEM.sys"

"c:\windows\system32\drivers\360RegOem.sys"

"c:\windows\system32\drivers\360SpOEM.sys"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Browser Manager

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\crashReports\50521a2a0_2028329.dmp

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\crashReports\50521a2a0_2028329.gz

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\chrome.manifest

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-10.0.2.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-11.0.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-12.0.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-13.0.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-15.0.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-3.6.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-3.6.xpt

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-5.0.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-6.0.2.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-7.0.1.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-8.0.1.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-9.0.1.dll

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\BrowserManager.js

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\overlay.xul

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\install.rdf

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21

c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_360FILEOEM

-------\Legacy_360HOOKOEM

-------\Legacy_360REGOEM

-------\Legacy_360SPOEM

-------\Service_360FileOem

-------\Service_360HookOem

-------\Service_360RegOem

-------\Service_360SpOEM

-------\Service_Browser Manager

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-08-17 to 2012-09-17 ))))))))))))))))))))))))))))

.

.

2012-09-16 23:59 . 2012-09-17 00:10 -------- d-----w- c:\users\WESLEY\AppData\Local\temp

2012-09-16 23:59 . 2012-09-16 23:59 -------- d-----w- c:\users\Duaite\AppData\Local\temp

2012-09-16 23:59 . 2012-09-16 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-16 23:59 . 2012-09-16 23:59 -------- d-----w- c:\users\Convidado\AppData\Local\temp

2012-09-16 16:35 . 2012-09-16 16:35 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-09-15 15:39 . 2012-09-15 15:40 -------- d-----w- c:\users\WESLEY\AppData\Local\Deployment

2012-09-15 15:39 . 2012-09-15 15:39 -------- d-----w- c:\users\WESLEY\AppData\Local\Apps

2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\users\WESLEY\AppData\Roaming\Malwarebytes

2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\programdata\Malwarebytes

2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-15 14:50 . 2012-09-07 20:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-15 14:25 . 2012-09-15 14:25 -------- d-----w- c:\windows\system32\Lang

2012-09-14 14:13 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC362958-91D7-43CB-87CB-0356DACA58CB}\mpengine.dll

2012-09-13 23:03 . 2012-09-16 13:38 -------- d-----w- c:\users\Convidado\PSafe

2012-09-13 17:18 . 2012-09-13 17:18 -------- d-----w- c:\users\WESLEY\AppData\Local\ElevatedDiagnostics

2012-09-13 15:15 . 2012-09-17 00:09 -------- d-----w- c:\users\WESLEY\PSafe

2012-09-13 07:50 . 2012-09-13 08:03 -------- d-----w- c:\users\Duaite\AppData\Roaming\Positivo

2012-09-13 07:49 . 2012-09-13 17:46 -------- d-----w- C:\Positivo

2012-09-13 07:48 . 2012-09-03 22:34 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys

2012-09-13 07:43 . 2012-09-16 16:33 -------- d-----w- c:\users\Duaite\PSafe

2012-09-13 07:43 . 2012-06-01 00:21 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2012-09-13 07:43 . 2012-06-01 00:21 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2012-09-13 07:42 . 2012-09-16 22:56 -------- d-----w- c:\programdata\PSafe

2012-09-13 07:42 . 2012-06-01 00:21 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2012-09-13 07:42 . 2012-09-13 17:46 -------- d-----w- c:\users\Duaite\AppData\Roaming\AnySend

2012-09-13 07:42 . 2012-09-13 08:01 -------- d-----w- c:\programdata\AnySend

2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\Extensions

2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\searchplugins

2012-09-13 07:40 . 2012-09-13 17:46 -------- d-----w- c:\program files\PSafe

2012-09-11 22:18 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-10 01:51 . 2012-09-10 01:51 -------- d-----w- c:\windows\Sun

2012-09-08 05:48 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-09-08 05:48 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-09-08 05:48 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-08 05:48 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-09-08 05:48 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-09-08 05:48 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-09-08 05:47 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr

2012-09-08 05:47 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\programdata\AVAST Software

2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\program files\AVAST Software

2012-09-08 04:27 . 2012-09-09 15:04 -------- d-----w- c:\users\Duaite\AppData\Local\Deployment

2012-09-08 04:27 . 2012-09-08 04:27 -------- d-----w- c:\users\Duaite\AppData\Local\Apps

2012-09-08 04:18 . 2012-09-08 04:18 -------- d-----w- c:\users\Duaite\AppData\Local\ElevatedDiagnostics

2012-09-08 03:57 . 2012-09-08 03:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-08 03:41 . 2012-09-13 17:46 -------- d-----w- c:\windows\system32\BestPractices

2012-09-08 03:40 . 2012-09-08 03:41 -------- d-----w- C:\inetpub

2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll

2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\program files\Internet Explorer\libgcc_s_dw2-1.dll

2012-09-07 21:58 . 2012-09-07 21:58 -------- d-----w- c:\programdata\Codecentrix

2012-09-07 21:26 . 2012-09-07 21:26 -------- d-sh--w- c:\programdata\MbtmA4mrKB5f5ca6

2012-09-07 19:25 . 2012-09-07 19:25 -------- d-----w- c:\program files\Common Files\Java

2012-09-07 19:25 . 2012-09-07 19:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-22 02:52 . 2012-08-22 02:52 -------- d-----w- c:\program files\PicoZipRT

2012-08-22 02:25 . 2012-08-22 02:25 -------- d-----w- c:\program files\ARAR

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 03:57 . 2011-05-19 21:30 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 19:25 . 2012-05-28 03:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-07 19:25 . 2011-09-22 14:08 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-30 18:56 . 2011-04-25 12:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-08-19 18:43 . 2011-04-28 21:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-08-19 18:43 . 2011-04-25 12:44 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-08-15 02:27 . 2011-05-27 17:17 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-07-18 17:10 . 2012-08-16 13:25 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 21:23 . 2012-08-16 13:25 41472 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 21:23 . 2012-08-16 13:25 102912 ----a-w- c:\windows\system32\browser.dll

2012-06-29 00:16 . 2012-08-16 18:18 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09 . 2012-08-16 18:18 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08 . 2012-08-16 18:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04 . 2012-08-16 18:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00 . 2012-08-16 18:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-23 19:49 . 2012-06-23 19:49 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2007-11-07 03:19 . 2011-12-17 05:08 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll

2007-11-07 03:19 . 2011-12-17 05:08 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll

2012-09-06 01:27 . 2012-09-16 16:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]

@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]

2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]

@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]

2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]

@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]

2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Octoshape Streaming Services"="c:\users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]

"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"PSafeSysTray"="c:\program files\PSafe\PSafeSysTray.exe" [2012-09-03 4901128]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [x]

R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]

R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [x]

S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [x]

S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [x]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 PSafeLockBoxSvc;PSafeLockBoxSvc;c:\program files\PSafe\PSafeCategoryFinder.exe [x]

S2 PSafeSVC;PSafeSVC;c:\program files\PSafe\PSafesvc.exe [x]

S2 PSafeWD;PSafeWD;c:\program files\PSafe\PSafeWD.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - 360FILEOEM

*NewlyCreated* - 360HOOKOEM

*NewlyCreated* - 360REGOEM

*NewlyCreated* - 360SPOEM

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Baixar Link Utiizando Gerenciador Mega... - c:\program files\Megaupload\Mega Manager\mm_file.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx

FF - ProfilePath - c:\users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=

.

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108380

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - c60097a6000000000000001d7df5ece4

FF - user.js: extensions.BabylonToolbar_i.hardId - c60097a6000000000000001d7df5ece4

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15325

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:22

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\UI0Detect.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\conhost.exe

c:\windows\RTHDCPL.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-09-16 21:16:01 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-09-17 00:15

.

Pré-execução: 83.529.076.736 bytes disponíveis

Pós execução: 85.451.534.336 bytes disponíveis

.

- - End Of File - - FC6C0798884500284F319C8F21836E2E

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download AdwCleaner . Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom.jpg

Clique [Delete]

Poste o Log criado + um novo Log do HijackThis..


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
wesley_1   

foram criados 2 logs:

# AdwCleaner v1.801 - Logfile created 09/17/2012 at 01:03:58

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : WESLEY - PETROLEIRO

# Boot Mode : Normal

# Running from : C:\Users\WESLEY\Desktop\104139_adwcleaner_1_801.exe

# Option [search]

***** [services] *****

Found : Browser Manager

***** [Files / Folders] *****

Folder Found : C:\Users\Duaite\AppData\Local\APN

Folder Found : C:\Users\WESLEY\AppData\Local\Babylon

Folder Found : C:\Users\WESLEY\AppData\Local\Conduit

Folder Found : C:\Users\Duaite\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\Duaite\AppData\LocalLow\facemoods.com

Folder Found : C:\Users\WESLEY\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\WESLEY\AppData\LocalLow\Conduit

Folder Found : C:\Users\WESLEY\AppData\LocalLow\facemoods.com

Folder Found : C:\Users\Convidado\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\Convidado\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\Convidado\AppData\LocalLow\facemoods.com

Folder Found : C:\Users\Duaite\AppData\Roaming\Babylon

Folder Found : C:\Users\WESLEY\AppData\Roaming\Babylon

Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\ConduitCommon

Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\CT2851643

Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}

Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Found : C:\Program Files\Conduit

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

File Found : C:\user.js

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DealPly

Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\DealPly

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=108293&tt=120912_cpc_3712_6&babsrc=NT_ss&mntrId=c60097a6000000000000001d7df5ece4

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\Duaite\AppData\Roaming\Mozilla\Firefox\Profiles\nuysoin6.default\prefs.js

[OK] File is clean.

Profile name : default

File : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\prefs.js

Found : user_pref("CT2851643..clientLogIsEnabled", false);

Found : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2851643.AppTrackingLastCheckTime", "Thu Jun 07 2012 10:08:03 GMT-0300 (Hora oficial do [...]

Found : user_pref("CT2851643.CTID", "CT2851643");

Found : user_pref("CT2851643.CurrentServerDate", "7-9-2012");

Found : user_pref("CT2851643.DSInstall", false);

Found : user_pref("CT2851643.DialogsAlignMode", "LTR");

Found : user_pref("CT2851643.DialogsGetterLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial d[...]

Found : user_pref("CT2851643.DownloadReferralCookieData", "");

Found : user_pref("CT2851643.EMailNotifierPollDate", "Fri Jun 08 2012 13:09:37 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("CT2851643.FeedLastCount1733423638652034402", 496);

Found : user_pref("CT2851643.FeedPollDate2429156812186649977", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156813040823546", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156813130095866", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156813224203613", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156813230837251", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156813454291735", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156813729834876", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156813860870021", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156814264681793", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156814863075366", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedPollDate2429156815257761081", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.FeedTTL2429156813040823546", 15);

Found : user_pref("CT2851643.FeedTTL2429156813130095866", 10);

Found : user_pref("CT2851643.FeedTTL2429156813454291735", 5);

Found : user_pref("CT2851643.FeedTTL2429156814264681793", 5);

Found : user_pref("CT2851643.FirstServerDate", "25-5-2012");

Found : user_pref("CT2851643.FirstTime", true);

Found : user_pref("CT2851643.FirstTimeFF3", true);

Found : user_pref("CT2851643.FixPageNotFoundErrors", true);

Found : user_pref("CT2851643.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2851643.HPInstall", false);

Found : user_pref("CT2851643.HasUserGlobalKeys", true);

Found : user_pref("CT2851643.HomePageProtectorEnabled", false);

Found : user_pref("CT2851643.HomepageBeforeUnload", "hxxp://www.google.com.br/");

Found : user_pref("CT2851643.Initialize", true);

Found : user_pref("CT2851643.InitializeCommonPrefs", true);

Found : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2851643.InstallationId", "fftA392.tmp.exe");

Found : user_pref("CT2851643.InstallationType", "XPE");

Found : user_pref("CT2851643.InstalledDate", "Fri May 25 2012 13:34:59 GMT-0300 (Hora oficial do Brasil)");

Found : user_pref("CT2851643.IsAlertDBUpdated", true);

Found : user_pref("CT2851643.IsGrouping", false);

Found : user_pref("CT2851643.IsInitSetupIni", true);

Found : user_pref("CT2851643.IsMulticommunity", false);

Found : user_pref("CT2851643.IsOpenThankYouPage", true);

Found : user_pref("CT2851643.IsOpenUninstallPage", false);

Found : user_pref("CT2851643.LanguagePackLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial do[...]

Found : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2851643.LastLogin_3.12.0.8", "Fri May 25 2012 13:35:02 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2851643.LastLogin_3.12.2.3", "Sun Jun 03 2012 15:56:16 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2851643.LastLogin_3.13.0.6", "Tue Jul 17 2012 14:19:11 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2851643.LastLogin_3.14.1.0", "Wed Aug 29 2012 19:01:30 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2851643.LastLogin_3.15.1.0", "Fri Sep 07 2012 16:25:03 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2851643.LatestVersion", "3.14.1.0");

Found : user_pref("CT2851643.Locale", "pt");

Found : user_pref("CT2851643.MCDetectTooltipHeight", "83");

Found : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2851643.MCDetectTooltipWidth", "295");

Found : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT2851643.OriginalFirstVersion", "3.12.0.8");

Found : user_pref("CT2851643.SearchCaption", "uTorrentBar_PT Customized Web Search");

Found : user_pref("CT2851643.SearchEngineBeforeUnload", "Google");

Found : user_pref("CT2851643.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]

Found : user_pref("CT2851643.SearchInNewTabEnabled", true);

Found : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Fri Sep 07 2012 11:36:15 GMT-0300 (Hora oficial [...]

Found : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2851643.SearchProtectorEnabled", false);

Found : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT2851643.SendProtectorDataViaLogin", true);

Found : user_pref("CT2851643.ServiceMapLastCheckTime", "Fri Sep 07 2012 11:36:16 GMT-0300 (Hora oficial do B[...]

Found : user_pref("CT2851643.SettingsLastCheckTime", "Fri Sep 07 2012 16:25:02 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("CT2851643.SettingsLastUpdate", "1346938891");

Found : user_pref("CT2851643.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");

Found : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Fri May 25 2012 13:34:50 GMT-0300 (Hora oficia[...]

Found : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1331806008");

Found : user_pref("CT2851643.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");

Found : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT2851643.UserID", "UN96122472512042012");

Found : user_pref("CT2851643.ValidationData_Toolbar", 0);

Found : user_pref("CT2851643.WeatherNetwork", "");

Found : user_pref("CT2851643.WeatherPollDate", "Thu Jun 07 2012 10:37:55 GMT-0300 (Hora oficial do Brasil)")[...]

Found : user_pref("CT2851643.WeatherUnit", "C");

Found : user_pref("CT2851643.alertChannelId", "1243677");

Found : user_pref("CT2851643.autoDisableScopes", -1);

Found : user_pref("CT2851643.backendstorage.cbcountry_000", "4252");

Found : user_pref("CT2851643.backendstorage.cbfirsttime", "467269204D617920323520323031322031333A33353A30382[...]

Found : user_pref("CT2851643.backendstorage.pairingkey", "39414636364643463337433534323441393935373243333834[...]

Found : user_pref("CT2851643.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Found : user_pref("CT2851643.backendstorage.url_history0001", "6A6176617363726970743A3B3A3A3A636C69636B68616[...]

Found : user_pref("CT2851643.backendstorage.uttorrents", "7B226275696C64223A32373232302C226C6162656C223A5B5D[...]

Found : user_pref("CT2851643.components.1000234", false);

Found : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Tue Jun 05 2012 07:12:00 GMT-0300 (Hora ofi[...]

Found : user_pref("CT2851643.homepageProtectorEnableByLogin", true);

Found : user_pref("CT2851643.initDone", true);

Found : user_pref("CT2851643.isAppTrackingManagerOn", true);

Found : user_pref("CT2851643.myStuffEnabled", true);

Found : user_pref("CT2851643.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2851643.navigateToUrlOnSearch", false);

Found : user_pref("CT2851643.oldAppsList", "129351530870587943,129351530870900444,1000234,129791406994403775[...]

Found : user_pref("CT2851643.revertSettingsEnabled", true);

Found : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT2851643.searchProtectorEnableByLogin", true);

Found : user_pref("CT2851643.testingCtid", "");

Found : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Fri Sep 07 2012 11:36:20 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Fri May 25 2012 13:35:03 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2851643.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851643/CT2851643[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"5e9[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\WESLEY\\AppData\\Roaming\\Mozilla\\[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");

Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851643");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851643");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2851643");

Found : user_pref("CommunityToolbar.globalUserId", "d3076451-20dc-4783-8b1e-6a074f4d0c9f");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851643");

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jun 03 2012 15:56:1[...]

Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 08 2012 11:24:15 GMT-0300 (H[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "105f488d-ac4e-437a-9017-e97329675e57");

Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.br/");

Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=108380");

Found : user_pref("extensions.BabylonToolbar.bbDpng", 12);

Found : user_pref("extensions.BabylonToolbar.cntry", "BR");

Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Found : user_pref("extensions.BabylonToolbar.excTlbr", false);

Found : user_pref("extensions.BabylonToolbar.firstRun", false);

Found : user_pref("extensions.BabylonToolbar.hdrMd5", "EF5B3401F11F5A8BAD0EDDF167BA6BC4");

Found : user_pref("extensions.BabylonToolbar.hmpg", false);

Found : user_pref("extensions.BabylonToolbar.id", "c60097a6000000000000001d7df5ece4");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15325");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.lastActv", "31");

Found : user_pref("extensions.BabylonToolbar.lastDP", 12);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.171:22:01");

Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");

Found : user_pref("extensions.BabylonToolbar.newTab", true);

Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.propectorlck", 67645032);

Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.171:22:01");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108380");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "c60097a6000000000000001d7df5ece4");

Found : user_pref("extensions.BabylonToolbar_i.id", "c60097a6000000000000001d7df5ece4");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15325");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:22:01");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Found : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);

Found : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

Profile name : default

File : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\r2lji0kw.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.defaultenginename", "Ask.com");

Found : user_pref("browser.search.order.1", "Ask.com");

Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=[...]

-\\ Opera v11.52.1100.0

File : C:\Users\Duaite\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\WESLEY\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Convidado\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [25648 octets] - [17/09/2012 01:03:58]

########## EOF - C:\AdwCleaner[R1].txt - [25777 octets] ##########

# AdwCleaner v1.801 - Logfile created 09/17/2012 at 01:04:44

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Ultimate (32 bits)

# User : WESLEY - PETROLEIRO

# Boot Mode : Normal

# Running from : C:\Users\WESLEY\Desktop\104139_adwcleaner_1_801.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Folder Deleted : C:\Users\Duaite\AppData\Local\APN

Folder Deleted : C:\Users\WESLEY\AppData\Local\Babylon

Folder Deleted : C:\Users\WESLEY\AppData\Local\Conduit

Folder Deleted : C:\Users\Duaite\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Duaite\AppData\LocalLow\facemoods.com

Folder Deleted : C:\Users\WESLEY\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\WESLEY\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\WESLEY\AppData\LocalLow\facemoods.com

Folder Deleted : C:\Users\Convidado\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Convidado\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Convidado\AppData\LocalLow\facemoods.com

Folder Deleted : C:\Users\Duaite\AppData\Roaming\Babylon

Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Babylon

Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\ConduitCommon

Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\CT2851643

Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}

Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Deleted on reboot : C:\ProgramData\Browser Manager

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Deleted : C:\Program Files\Conduit

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

File Deleted : C:\user.js

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=108293&tt=120912_cpc_3712_6&babsrc=NT_ss&mntrId=c60097a6000000000000001d7df5ece4 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Users\Duaite\AppData\Roaming\Mozilla\Firefox\Profiles\nuysoin6.default\prefs.js

[OK] File is clean.

Profile name : default

File : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\prefs.js

C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\user.js ... Deleted !

Deleted : user_pref("CT2851643..clientLogIsEnabled", false);

Deleted : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2851643.AppTrackingLastCheckTime", "Thu Jun 07 2012 10:08:03 GMT-0300 (Hora oficial do [...]

Deleted : user_pref("CT2851643.CTID", "CT2851643");

Deleted : user_pref("CT2851643.CurrentServerDate", "7-9-2012");

Deleted : user_pref("CT2851643.DSInstall", false);

Deleted : user_pref("CT2851643.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2851643.DialogsGetterLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial d[...]

Deleted : user_pref("CT2851643.DownloadReferralCookieData", "");

Deleted : user_pref("CT2851643.EMailNotifierPollDate", "Fri Jun 08 2012 13:09:37 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT2851643.FeedLastCount1733423638652034402", 496);

Deleted : user_pref("CT2851643.FeedPollDate2429156812186649977", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813040823546", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813130095866", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813224203613", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813230837251", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813454291735", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813729834876", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156813860870021", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156814264681793", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156814863075366", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedPollDate2429156815257761081", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.FeedTTL2429156813040823546", 15);

Deleted : user_pref("CT2851643.FeedTTL2429156813130095866", 10);

Deleted : user_pref("CT2851643.FeedTTL2429156813454291735", 5);

Deleted : user_pref("CT2851643.FeedTTL2429156814264681793", 5);

Deleted : user_pref("CT2851643.FirstServerDate", "25-5-2012");

Deleted : user_pref("CT2851643.FirstTime", true);

Deleted : user_pref("CT2851643.FirstTimeFF3", true);

Deleted : user_pref("CT2851643.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2851643.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2851643.HPInstall", false);

Deleted : user_pref("CT2851643.HasUserGlobalKeys", true);

Deleted : user_pref("CT2851643.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2851643.HomepageBeforeUnload", "hxxp://www.google.com.br/");

Deleted : user_pref("CT2851643.Initialize", true);

Deleted : user_pref("CT2851643.InitializeCommonPrefs", true);

Deleted : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2851643.InstallationId", "fftA392.tmp.exe");

Deleted : user_pref("CT2851643.InstallationType", "XPE");

Deleted : user_pref("CT2851643.InstalledDate", "Fri May 25 2012 13:34:59 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT2851643.IsAlertDBUpdated", true);

Deleted : user_pref("CT2851643.IsGrouping", false);

Deleted : user_pref("CT2851643.IsInitSetupIni", true);

Deleted : user_pref("CT2851643.IsMulticommunity", false);

Deleted : user_pref("CT2851643.IsOpenThankYouPage", true);

Deleted : user_pref("CT2851643.IsOpenUninstallPage", false);

Deleted : user_pref("CT2851643.LanguagePackLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2851643.LastLogin_3.12.0.8", "Fri May 25 2012 13:35:02 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LastLogin_3.12.2.3", "Sun Jun 03 2012 15:56:16 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LastLogin_3.13.0.6", "Tue Jul 17 2012 14:19:11 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LastLogin_3.14.1.0", "Wed Aug 29 2012 19:01:30 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LastLogin_3.15.1.0", "Fri Sep 07 2012 16:25:03 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2851643.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT2851643.Locale", "pt");

Deleted : user_pref("CT2851643.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2851643.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2851643.OriginalFirstVersion", "3.12.0.8");

Deleted : user_pref("CT2851643.SearchCaption", "uTorrentBar_PT Customized Web Search");

Deleted : user_pref("CT2851643.SearchEngineBeforeUnload", "Google");

Deleted : user_pref("CT2851643.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]

Deleted : user_pref("CT2851643.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Fri Sep 07 2012 11:36:15 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2851643.SearchProtectorEnabled", false);

Deleted : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2851643.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2851643.ServiceMapLastCheckTime", "Fri Sep 07 2012 11:36:16 GMT-0300 (Hora oficial do B[...]

Deleted : user_pref("CT2851643.SettingsLastCheckTime", "Fri Sep 07 2012 16:25:02 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT2851643.SettingsLastUpdate", "1346938891");

Deleted : user_pref("CT2851643.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");

Deleted : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Fri May 25 2012 13:34:50 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1331806008");

Deleted : user_pref("CT2851643.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");

Deleted : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2851643.UserID", "UN96122472512042012");

Deleted : user_pref("CT2851643.ValidationData_Toolbar", 0);

Deleted : user_pref("CT2851643.WeatherNetwork", "");

Deleted : user_pref("CT2851643.WeatherPollDate", "Thu Jun 07 2012 10:37:55 GMT-0300 (Hora oficial do Brasil)")[...]

Deleted : user_pref("CT2851643.WeatherUnit", "C");

Deleted : user_pref("CT2851643.alertChannelId", "1243677");

Deleted : user_pref("CT2851643.autoDisableScopes", -1);

Deleted : user_pref("CT2851643.backendstorage.cbcountry_000", "4252");

Deleted : user_pref("CT2851643.backendstorage.cbfirsttime", "467269204D617920323520323031322031333A33353A30382[...]

Deleted : user_pref("CT2851643.backendstorage.pairingkey", "39414636364643463337433534323441393935373243333834[...]

Deleted : user_pref("CT2851643.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref("CT2851643.backendstorage.url_history0001", "6A6176617363726970743A3B3A3A3A636C69636B68616[...]

Deleted : user_pref("CT2851643.backendstorage.uttorrents", "7B226275696C64223A32373232302C226C6162656C223A5B5D[...]

Deleted : user_pref("CT2851643.components.1000234", false);

Deleted : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Tue Jun 05 2012 07:12:00 GMT-0300 (Hora ofi[...]

Deleted : user_pref("CT2851643.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2851643.initDone", true);

Deleted : user_pref("CT2851643.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2851643.myStuffEnabled", true);

Deleted : user_pref("CT2851643.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2851643.navigateToUrlOnSearch", false);

Deleted : user_pref("CT2851643.oldAppsList", "129351530870587943,129351530870900444,1000234,129791406994403775[...]

Deleted : user_pref("CT2851643.revertSettingsEnabled", true);

Deleted : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2851643.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2851643.testingCtid", "");

Deleted : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Fri Sep 07 2012 11:36:20 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Fri May 25 2012 13:35:03 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2851643.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851643/CT2851643[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"5e9[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\WESLEY\\AppData\\Roaming\\Mozilla\\[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851643");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851643");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851643");

Deleted : user_pref("CommunityToolbar.globalUserId", "d3076451-20dc-4783-8b1e-6a074f4d0c9f");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851643");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jun 03 2012 15:56:1[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 08 2012 11:24:15 GMT-0300 (H[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "105f488d-ac4e-437a-9017-e97329675e57");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.br/");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=108380");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 12);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "EF5B3401F11F5A8BAD0EDDF167BA6BC4");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "c60097a6000000000000001d7df5ece4");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15325");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.lastActv", "31");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 12);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.171:22:01");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");

Deleted : user_pref("extensions.BabylonToolbar.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 67645032);

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.171:22:01");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108380");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c60097a6000000000000001d7df5ece4");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "c60097a6000000000000001d7df5ece4");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15325");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:22:01");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);

Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

Profile name : default

File : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\r2lji0kw.default\prefs.js

C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\r2lji0kw.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=[...]

-\\ Opera v11.52.1100.0

File : C:\Users\Duaite\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\WESLEY\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Convidado\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [25779 octets] - [17/09/2012 01:03:58]

AdwCleaner[s1].txt - [26576 octets] - [17/09/2012 01:04:44]

########## EOF - C:\AdwCleaner[s1].txt - [26705 octets] ##########

+ o log do hijack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:35:24, on 17/09/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

C:\Windows\RTHDCPL.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\PSafe\Protege\psprotege.exe

C:\Program Files\PSafe\PSafeWDS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\WESLEY\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe

O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe

O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe

O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe

O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 8222 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Entre para seguir isso  

×