Javascript Disabled Detected

Você está atualmente com o javascript desabilitado. Diversas funções não funcionarão. Habilite o javascript para ter acesso à todas as funcionalidades.

meu PC está estranho

Criado por wesley_1, Sep 14 2012 12:12 AM

socorro!!

Faça login para responder

12 respostas neste tópico

#1 wesley_1

Participante
7 mensagens

Publicado 14 September 2012 - 12:12 AM

meu computador está super lento. navegador, pastas, tudo! e volta e meia aparece uma mensagem de que o programa parou de funcionar e as opções: reiniciar programa , reiniciar e procurar solução online. não acontece nada se eu fechar , apenas trava rapidamente e volta do jeito que estava.
estou suspeitando que são aquelas barras de navegação (tolbar). exclui todas e continuou parando de funcionar e ainda por cima continua super lento. não sei mais oque fazer.
solicito a analise do log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:00:48, on 14/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ClickMeIn\RemoteEngineHelper.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PSafe\PSafeSysTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\PSafe\Protege\psprotege.exe
C:\Program Files\PSafe\PSafeWDS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\WESLEY\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Media Sharing Plugin - {796A68BB-861C-4888-A229-88DF3274EB9B} - C:\ProgramData\Windows\ntfs64.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AnySend Updater] C:\Program Files\AnySend\AnySendUpdater.exe
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [8upjmDe] C:\ProgramData\MbtmA4mrKB5f5ca6\LFZ5P0nPbfC9M\AzgN6vsCCiOh\e0MHfMyKiIgFR\7qsQpjrq.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ClickMeIn Connectivity (ClickMeInConnectivity) - ClickMeIn Limited - C:\Program Files\ClickMeIn\Connectivity.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe
O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe
O23 - Service: ClickMeIn RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files\ClickMeIn\remoteengine.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 10282 bytes

Ir para o topo

#2 Mr.Million

Consumer Security MVP

Especialista
59558 mensagens

Publicado 14 September 2012 - 12:31 AM

O PC está infectado..

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

Ir para o topo

#3 Mr.Million

Consumer Security MVP

Especialista
59558 mensagens

Publicado 14 September 2012 - 01:06 PM

Aguardando..

Ir para o topo

#4 wesley_1

Participante
7 mensagens

Publicado 15 September 2012 - 01:02 PM

acabei de ver sua resposta e vou seguir as instruções. obrigado!
esqueci de dizer quando estou navegando na internet aperece do nada mais duas paginas: http://ec2-50-17-117-113.compute-1.amazonaws.com/ e

http://www.clickmein.com/expirednotice/index.html

e que segui todos os procedimento do " leia antes de postar".

LOG DO MALWAREBYTES

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Versão da Base de Dados: v2012.09.15.04
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
WESLEY :: PETROLEIRO [administrador]
Proteção: Permitir
15/09/2012 11:53:27
mbam-log-2012-09-15 (11-53-27).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 230783
Tempo decorrido: 9 minuto(s), 28 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 1
C:\ProgramData\Windows\ntfs64.dll (Trojan.Banker) -> Será deletado na próxima inicialização.
Chaves de Registro Detectadas: 6
HKCR\CLSID\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\WmpShrPl.IEAddon (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Será deletado na próxima inicialização.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{796A68BB-861C-4888-A229-88DF3274EB9B} (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 3
C:\ProgramData\Windows\ntfs64.dll (Trojan.Banker) -> Será deletado na próxima inicialização.
C:\Win\names.txt (Worm.AutoIT) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\WLSetup\XSHwogTmyADUZzhq.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
(fim)

LOG DO HIJACK

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:21, on 15/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ClickMeIn\RemoteEngineHelper.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PSafe\PSafeSysTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\PSafe\Protege\psprotege.exe
C:\Program Files\PSafe\PSafeWDS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WESLEY\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AnySend Updater] C:\Program Files\AnySend\AnySendUpdater.exe
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [8upjmDe] C:\ProgramData\MbtmA4mrKB5f5ca6\LFZ5P0nPbfC9M\AzgN6vsCCiOh\e0MHfMyKiIgFR\7qsQpjrq.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ClickMeIn Connectivity (ClickMeInConnectivity) - ClickMeIn Limited - C:\Program Files\ClickMeIn\Connectivity.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe
O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe
O23 - Service: ClickMeIn RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files\ClickMeIn\remoteengine.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 10224 bytes

EXCLUIU 10 VÍRUS, VLW! MAS E SE APARECER DO NADA AS PÁGINAS:

http://ec2-50-17-117-113.compute-1.amazonaws.com/

http://www.clickmein.com/expirednotice/index.html

SABE OQUE EU POSSO FAZER?

melhorou muito a máquina, vou testar esses dias pra ver se ficou 100%.
pesso que me indique um bom antivírus mesmo que seja pago. de preferecia aqueles que tenham um tempo de uso gratis para testar. brigadão kra!

Ir para o topo

#5 Mr.Million

Consumer Security MVP

Especialista
59558 mensagens

Publicado 15 September 2012 - 01:38 PM

Veja neste meu Tópico em Destaque as indicações:Kits de Segurança Free para sua maior Proteção (Y)

Continuando..

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

Ir para o topo

#6 wesley_1

Participante
7 mensagens

Publicado 15 September 2012 - 10:24 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:07:53, on 15/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PSafe\PSafeSysTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\ClickMeIn\RemoteEngineHelper.exe
C:\Program Files\PSafe\Protege\psprotege.exe
C:\Program Files\PSafe\PSafeWDS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\WESLEY\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browsemngr.dll
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ClickMeIn Connectivity (ClickMeInConnectivity) - ClickMeIn Limited - C:\Program Files\ClickMeIn\Connectivity.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe
O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe
O23 - Service: ClickMeIn RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files\ClickMeIn\remoteengine.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 8878 bytes

log combofix

ComboFix 12-09-15.02 - WESLEY 15/09/2012 21:46:22.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2046.1344 [GMT -3:00]
Executando de: c:\users\WESLEY\Downloads\ComboFix.exe
AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyTune.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\programdata\cbbd037675445900701458b55605317558a9d25d
c:\programdata\Windows
c:\programdata\windows\locale.dat
c:\programdata\WLSetup
c:\users\WESLEY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Explorer.lnk
C:\Win
c:\windows\7Loader.TAG
c:\windows\IsUn0416.exe
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))
.
.
2012-09-16 00:53 . 2012-09-16 00:53 -------- d-----w- c:\users\Duaite\AppData\Local\temp
2012-09-16 00:53 . 2012-09-16 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 00:53 . 2012-09-16 00:53 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2012-09-16 00:53 . 2012-09-16 00:54 -------- d-----w- c:\users\WESLEY\AppData\Local\temp
2012-09-15 15:39 . 2012-09-15 15:40 -------- d-----w- c:\users\WESLEY\AppData\Local\Deployment
2012-09-15 15:39 . 2012-09-15 15:39 -------- d-----w- c:\users\WESLEY\AppData\Local\Apps
2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\users\WESLEY\AppData\Roaming\Malwarebytes
2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\programdata\Malwarebytes
2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-15 14:50 . 2012-09-07 20:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-15 14:25 . 2012-09-15 14:25 -------- d-----w- c:\windows\system32\Lang
2012-09-14 14:13 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC362958-91D7-43CB-87CB-0356DACA58CB}\mpengine.dll
2012-09-13 23:03 . 2012-09-14 22:45 -------- d-----w- c:\users\Convidado\PSafe
2012-09-13 17:18 . 2012-09-13 17:18 -------- d-----w- c:\users\WESLEY\AppData\Local\ElevatedDiagnostics
2012-09-13 15:15 . 2012-09-16 00:25 -------- d-----w- c:\users\WESLEY\PSafe
2012-09-13 07:50 . 2012-09-13 08:03 -------- d-----w- c:\users\Duaite\AppData\Roaming\Positivo
2012-09-13 07:49 . 2012-09-13 17:46 -------- d-----w- C:\Positivo
2012-09-13 07:48 . 2012-09-03 22:34 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys
2012-09-13 07:43 . 2012-09-15 21:38 -------- d-----w- c:\users\Duaite\PSafe
2012-09-13 07:43 . 2012-06-01 00:21 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys
2012-09-13 07:43 . 2012-06-01 00:21 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys
2012-09-13 07:42 . 2012-09-16 00:26 -------- d-----w- c:\programdata\PSafe
2012-09-13 07:42 . 2012-06-01 00:21 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys
2012-09-13 07:42 . 2012-09-13 17:46 -------- d-----w- c:\users\Duaite\AppData\Roaming\AnySend
2012-09-13 07:42 . 2012-09-13 08:01 -------- d-----w- c:\programdata\AnySend
2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\Extensions
2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\searchplugins
2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\programdata\Browser Manager
2012-09-13 07:41 . 2012-09-13 17:46 -------- d-----w- c:\program files\BabylonToolbar
2012-09-13 07:40 . 2012-09-15 15:06 -------- d-----w- c:\program files\ClickMeIn
2012-09-13 07:40 . 2012-09-13 17:46 -------- d-----w- c:\program files\PSafe
2012-09-11 22:18 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-10 01:51 . 2012-09-10 01:51 -------- d-----w- c:\windows\Sun
2012-09-08 05:48 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-08 05:48 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-08 05:48 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-08 05:48 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-08 05:48 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-08 05:48 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-08 05:47 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-08 05:47 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\programdata\AVAST Software
2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\program files\AVAST Software
2012-09-08 04:27 . 2012-09-09 15:04 -------- d-----w- c:\users\Duaite\AppData\Local\Deployment
2012-09-08 04:27 . 2012-09-08 04:27 -------- d-----w- c:\users\Duaite\AppData\Local\Apps
2012-09-08 04:18 . 2012-09-08 04:18 -------- d-----w- c:\users\Duaite\AppData\Local\ElevatedDiagnostics
2012-09-08 03:57 . 2012-09-08 03:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 03:41 . 2012-09-13 17:46 -------- d-----w- c:\windows\system32\BestPractices
2012-09-08 03:40 . 2012-09-08 03:41 -------- d-----w- C:\inetpub
2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll
2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\program files\Internet Explorer\libgcc_s_dw2-1.dll
2012-09-07 21:58 . 2012-09-07 21:58 -------- d-----w- c:\programdata\Codecentrix
2012-09-07 21:26 . 2012-09-07 21:26 -------- d-sh--w- c:\programdata\MbtmA4mrKB5f5ca6
2012-09-07 19:25 . 2012-09-07 19:25 -------- d-----w- c:\program files\Common Files\Java
2012-09-07 19:25 . 2012-09-07 19:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-22 02:52 . 2012-08-22 02:52 -------- d-----w- c:\program files\PicoZipRT
2012-08-22 02:25 . 2012-08-22 02:25 -------- d-----w- c:\program files\ARAR
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 03:57 . 2011-05-19 21:30 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 19:25 . 2012-05-28 03:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 19:25 . 2011-09-22 14:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 18:56 . 2011-04-25 12:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-08-19 18:43 . 2011-04-28 21:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-08-19 18:43 . 2011-04-25 12:44 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-15 02:27 . 2011-05-27 17:17 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-18 17:10 . 2012-08-16 13:25 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:23 . 2012-08-16 13:25 41472 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:23 . 2012-08-16 13:25 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-16 18:18 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 18:18 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 18:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 18:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 18:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-23 19:49 . 2012-06-23 19:49 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2007-11-07 03:19 . 2011-12-17 05:08 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 03:19 . 2011-12-17 05:08 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]
@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]
2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]
@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]
2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]
@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]
2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Octoshape Streaming Services"="c:\users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]
"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PSafeSysTray"="c:\program files\PSafe\PSafeSysTray.exe" [2012-09-03 4901128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOEM.sys [x]
R1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [x]
R1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [x]
R1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [x]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R2 ClickMeInConnectivity;ClickMeIn Connectivity;c:\program files\ClickMeIn\Connectivity.exe [x]
R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [x]
R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [x]
R2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [x]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [x]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R2 PSafeLockBoxSvc;PSafeLockBoxSvc;c:\program files\PSafe\PSafeCategoryFinder.exe [x]
R2 PSafeSVC;PSafeSVC;c:\program files\PSafe\PSafesvc.exe [x]
R2 PSafeWD;PSafeWD;c:\program files\PSafe\PSafeWD.exe [x]
R2 RemoteEngineService;ClickMeIn RemoteEngine Service;c:\program files\ClickMeIn\remoteengine.exe [x]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Baixar Link Utiizando Gerenciador Mega... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx
.
- - - - ORFÃOS REMOVIDOS - - - -
.
URLSearchHooks-{e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\DealPly\DealPlyIE.dll
WebBrowser-{E0301295-AB3E-4AF3-979F-3D453C5F9F48} - (no file)
HKCU-Run-Mega Manager - c:\program files\Megaupload\Mega Manager\MegaManager.exe
HKCU-Run-LG LinkAir - (no file)
HKCU-Run-8upjmDe - c:\programdata\MbtmA4mrKB5f5ca6\LFZ5P0nPbfC9M\AzgN6vsCCiOh\e0MHfMyKiIgFR\7qsQpjrq.exe
HKLM-Run-AnySend Updater - c:\program files\AnySend\AnySendUpdater.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\Update\realsched.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-Free PS Convert driver_is1 - c:\program files\psconvert\unins000.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\21.0.1180.89\Installer\setup.exe
AddRemove-Picasa 3 - c:\program files\Google\Picasa3\Uninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-Mozilla Firefox 15.0.1 (x86 pt-BR) - c:\program files\Mozilla Firefox\uninstall\helper.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-09-15 21:56:15
ComboFix-quarantined-files.txt 2012-09-16 00:56
.
Pré-execução: 81.535.967.232 bytes disponíveis
Pós execução: 82.714.845.184 bytes disponíveis
.
- - End Of File - - 5AC6BAACD1F7BF14A24D1E3386D8D5D5

Ir para o topo

#7 Mr.Million

Consumer Security MVP

Especialista
59558 mensagens

Publicado 15 September 2012 - 10:52 PM

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa branca) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::
c:\progra~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll
c:\windows\system32\drivers\360HookOEM.sys
c:\windows\system32\drivers\360FileOem.sys
c:\windows\system32\drivers\360RegOem.sys
c:\windows\system32\drivers\360SpOEM.sys
c:\program files\ClickMeIn\Connectivity.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Driver::
360HookOem
360FileOem
360RegOem
360SpOEM
Browser Manager
ClickMeIn Connectivity
Folder::
c:\programdata\Browser Manager
c:\program files\ClickMeIn

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

Posted Image

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.
Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.

Ir para o topo

#8 wesley_1

Participante
7 mensagens

Publicado 16 September 2012 - 10:20 PM

A máquina quase parou! Todos os arquivos estavam constando como não existentes ou não podiam abrir por um erro no win32 ou qualquer outra coisa.
Tentei, então, restaurar o sistema e também aconteceu um erro. Desesperado, reiniciei em modo de segurança e consegui restaurar o sistema. uffa!
o log de depois de ter feito o procedimento indicado não sumiu com a restauração e ficou pra contar história:

ComboFix 12-09-15.02 - WESLEY 16/09/2012 20:47:01.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2046.1170 [GMT -3:00]
Executando de: c:\users\WESLEY\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\WESLEY\Desktop\CFScript.txt
AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
FILE ::
"c:\progra~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll"
"c:\program files\ClickMeIn\Connectivity.exe"
"c:\windows\system32\drivers\360FileOem.sys"
"c:\windows\system32\drivers\360HookOEM.sys"
"c:\windows\system32\drivers\360RegOem.sys"
"c:\windows\system32\drivers\360SpOEM.sys"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Browser Manager
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\crashReports\50521a2a0_2028329.dmp
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\crashReports\50521a2a0_2028329.gz
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\chrome.manifest
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-10.0.2.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-11.0.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-12.0.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-13.0.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-15.0.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-3.6.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-3.6.xpt
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-5.0.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-6.0.2.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-7.0.1.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-8.0.1.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-9.0.1.dll
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\BrowserManager.js
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\overlay.xul
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\install.rdf
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21
c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_360FILEOEM
-------\Legacy_360HOOKOEM
-------\Legacy_360REGOEM
-------\Legacy_360SPOEM
-------\Service_360FileOem
-------\Service_360HookOem
-------\Service_360RegOem
-------\Service_360SpOEM
-------\Service_Browser Manager
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-08-17 to 2012-09-17 ))))))))))))))))))))))))))))
.
.
2012-09-16 23:59 . 2012-09-17 00:10 -------- d-----w- c:\users\WESLEY\AppData\Local\temp
2012-09-16 23:59 . 2012-09-16 23:59 -------- d-----w- c:\users\Duaite\AppData\Local\temp
2012-09-16 23:59 . 2012-09-16 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 23:59 . 2012-09-16 23:59 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2012-09-16 16:35 . 2012-09-16 16:35 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-15 15:39 . 2012-09-15 15:40 -------- d-----w- c:\users\WESLEY\AppData\Local\Deployment
2012-09-15 15:39 . 2012-09-15 15:39 -------- d-----w- c:\users\WESLEY\AppData\Local\Apps
2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\users\WESLEY\AppData\Roaming\Malwarebytes
2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\programdata\Malwarebytes
2012-09-15 14:50 . 2012-09-15 14:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-15 14:50 . 2012-09-07 20:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-15 14:25 . 2012-09-15 14:25 -------- d-----w- c:\windows\system32\Lang
2012-09-14 14:13 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC362958-91D7-43CB-87CB-0356DACA58CB}\mpengine.dll
2012-09-13 23:03 . 2012-09-16 13:38 -------- d-----w- c:\users\Convidado\PSafe
2012-09-13 17:18 . 2012-09-13 17:18 -------- d-----w- c:\users\WESLEY\AppData\Local\ElevatedDiagnostics
2012-09-13 15:15 . 2012-09-17 00:09 -------- d-----w- c:\users\WESLEY\PSafe
2012-09-13 07:50 . 2012-09-13 08:03 -------- d-----w- c:\users\Duaite\AppData\Roaming\Positivo
2012-09-13 07:49 . 2012-09-13 17:46 -------- d-----w- C:\Positivo
2012-09-13 07:48 . 2012-09-03 22:34 64048 ----a-r- c:\windows\system32\drivers\360SpOEM.sys
2012-09-13 07:43 . 2012-09-16 16:33 -------- d-----w- c:\users\Duaite\PSafe
2012-09-13 07:43 . 2012-06-01 00:21 23168 ----a-r- c:\windows\system32\drivers\360RegOem.sys
2012-09-13 07:43 . 2012-06-01 00:21 146304 ----a-r- c:\windows\system32\drivers\360FileOem.sys
2012-09-13 07:42 . 2012-09-16 22:56 -------- d-----w- c:\programdata\PSafe
2012-09-13 07:42 . 2012-06-01 00:21 54912 ----a-r- c:\windows\system32\drivers\360HookOem.sys
2012-09-13 07:42 . 2012-09-13 17:46 -------- d-----w- c:\users\Duaite\AppData\Roaming\AnySend
2012-09-13 07:42 . 2012-09-13 08:01 -------- d-----w- c:\programdata\AnySend
2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\Extensions
2012-09-13 07:41 . 2012-09-13 07:41 -------- d-----w- c:\windows\system32\searchplugins
2012-09-13 07:40 . 2012-09-13 17:46 -------- d-----w- c:\program files\PSafe
2012-09-11 22:18 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-10 01:51 . 2012-09-10 01:51 -------- d-----w- c:\windows\Sun
2012-09-08 05:48 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-08 05:48 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-08 05:48 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-08 05:48 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-08 05:48 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-08 05:48 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-08 05:47 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-08 05:47 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\programdata\AVAST Software
2012-09-08 05:47 . 2012-09-08 05:47 -------- d-----w- c:\program files\AVAST Software
2012-09-08 04:27 . 2012-09-09 15:04 -------- d-----w- c:\users\Duaite\AppData\Local\Deployment
2012-09-08 04:27 . 2012-09-08 04:27 -------- d-----w- c:\users\Duaite\AppData\Local\Apps
2012-09-08 04:18 . 2012-09-08 04:18 -------- d-----w- c:\users\Duaite\AppData\Local\ElevatedDiagnostics
2012-09-08 03:57 . 2012-09-08 03:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 03:41 . 2012-09-13 17:46 -------- d-----w- c:\windows\system32\BestPractices
2012-09-08 03:40 . 2012-09-08 03:41 -------- d-----w- C:\inetpub
2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\windows\system32\libgcc_s_dw2-1.dll
2012-09-07 21:59 . 2012-03-31 17:24 117248 ----a-w- c:\program files\Internet Explorer\libgcc_s_dw2-1.dll
2012-09-07 21:58 . 2012-09-07 21:58 -------- d-----w- c:\programdata\Codecentrix
2012-09-07 21:26 . 2012-09-07 21:26 -------- d-sh--w- c:\programdata\MbtmA4mrKB5f5ca6
2012-09-07 19:25 . 2012-09-07 19:25 -------- d-----w- c:\program files\Common Files\Java
2012-09-07 19:25 . 2012-09-07 19:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-22 02:52 . 2012-08-22 02:52 -------- d-----w- c:\program files\PicoZipRT
2012-08-22 02:25 . 2012-08-22 02:25 -------- d-----w- c:\program files\ARAR
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 03:57 . 2011-05-19 21:30 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 19:25 . 2012-05-28 03:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 19:25 . 2011-09-22 14:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 18:56 . 2011-04-25 12:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-08-19 18:43 . 2011-04-28 21:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-08-19 18:43 . 2011-04-25 12:44 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-15 02:27 . 2011-05-27 17:17 578896 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-18 17:10 . 2012-08-16 13:25 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:23 . 2012-08-16 13:25 41472 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:23 . 2012-08-16 13:25 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16 . 2012-08-16 18:18 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-16 18:18 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-16 18:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 18:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 18:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-23 19:49 . 2012-06-23 19:49 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2007-11-07 03:19 . 2011-12-17 05:08 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 03:19 . 2011-12-17 05:08 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
2012-09-06 01:27 . 2012-09-16 16:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]
@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]
2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]
@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]
2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]
@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"
[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]
2012-09-03 23:01 1856264 ----a-w- c:\program files\PSafe\shell\v3.1.1209.3401\PSafeShellExtensionx86.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Octoshape Streaming Services"="c:\users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-125"="c:\program files\D-Link\DWA-125 revA\AirGCFG.exe" [2009-10-19 995328]
"WZCSLDR2"="c:\program files\D-Link\DWA-125 revA\WZCSLDR2.exe" [2009-10-19 122880]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PSafeSysTray"="c:\program files\PSafe\PSafeSysTray.exe" [2012-09-03 4901128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 D_Link_DWA-125;D_Link_DWA-125 Service;c:\program files\D-Link\DWA-125 revA\ANIWZCSdS.exe [x]
R2 gupdate;Serviço do Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [x]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files\D-Link\DWA-125 revA\ANIWConnService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PSafeLockBoxSvc;PSafeLockBoxSvc;c:\program files\PSafe\PSafeCategoryFinder.exe [x]
S2 PSafeSVC;PSafeSVC;c:\program files\PSafe\PSafesvc.exe [x]
S2 PSafeWD;PSafeWD;c:\program files\PSafe\PSafeWD.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - 360FILEOEM
*NewlyCreated* - 360HOOKOEM
*NewlyCreated* - 360REGOEM
*NewlyCreated* - 360SPOEM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Baixar Link Utiizando Gerenciador Mega... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx
FF - ProfilePath - c:\users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=
.
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108380
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c60097a6000000000000001d7df5ece4
FF - user.js: extensions.BabylonToolbar_i.hardId - c60097a6000000000000001d7df5ece4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15325
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\RTHDCPL.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-09-16 21:16:01 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-09-17 00:15
.
Pré-execução: 83.529.076.736 bytes disponíveis
Pós execução: 85.451.534.336 bytes disponíveis
.
- - End Of File - - FC6C0798884500284F319C8F21836E2E

Ir para o topo

#9 Mr.Million

Consumer Security MVP

Especialista
59558 mensagens

Publicado 16 September 2012 - 10:34 PM

Download AdwCleaner . Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

Posted Image

Clique [Delete]

Poste o Log criado + um novo Log do HijackThis..

Ir para o topo

#10 wesley_1

Participante
7 mensagens

Publicado 17 September 2012 - 01:37 AM

foram criados 2 logs:
1°

# AdwCleaner v1.801 - Logfile created 09/17/2012 at 01:03:58
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : WESLEY - PETROLEIRO
# Boot Mode : Normal
# Running from : C:\Users\WESLEY\Desktop\104139_adwcleaner_1_801.exe
# Option [Search]

***** [Services] *****
Found : Browser Manager
***** [Files / Folders] *****
Folder Found : C:\Users\Duaite\AppData\Local\APN
Folder Found : C:\Users\WESLEY\AppData\Local\Babylon
Folder Found : C:\Users\WESLEY\AppData\Local\Conduit
Folder Found : C:\Users\Duaite\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Duaite\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\WESLEY\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\WESLEY\AppData\LocalLow\Conduit
Folder Found : C:\Users\WESLEY\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Convidado\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Convidado\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Convidado\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Duaite\AppData\Roaming\Babylon
Folder Found : C:\Users\WESLEY\AppData\Roaming\Babylon
Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\ConduitCommon
Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\CT2851643
Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
Folder Found : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\Program Files\Conduit
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\user.js
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DealPly
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=108293&tt=120912_cpc_3712_6&babsrc=NT_ss&mntrId=c60097a6000000000000001d7df5ece4
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\Duaite\AppData\Roaming\Mozilla\Firefox\Profiles\nuysoin6.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\prefs.js
Found : user_pref("CT2851643..clientLogIsEnabled", false);
Found : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2851643.AppTrackingLastCheckTime", "Thu Jun 07 2012 10:08:03 GMT-0300 (Hora oficial do [...]
Found : user_pref("CT2851643.CTID", "CT2851643");
Found : user_pref("CT2851643.CurrentServerDate", "7-9-2012");
Found : user_pref("CT2851643.DSInstall", false);
Found : user_pref("CT2851643.DialogsAlignMode", "LTR");
Found : user_pref("CT2851643.DialogsGetterLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial d[...]
Found : user_pref("CT2851643.DownloadReferralCookieData", "");
Found : user_pref("CT2851643.EMailNotifierPollDate", "Fri Jun 08 2012 13:09:37 GMT-0300 (Hora oficial do Bra[...]
Found : user_pref("CT2851643.FeedLastCount1733423638652034402", 496);
Found : user_pref("CT2851643.FeedPollDate2429156812186649977", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156813040823546", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156813130095866", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156813224203613", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156813230837251", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156813454291735", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156813729834876", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156813860870021", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156814264681793", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156814863075366", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedPollDate2429156815257761081", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2851643.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2851643.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2851643.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2851643.FirstServerDate", "25-5-2012");
Found : user_pref("CT2851643.FirstTime", true);
Found : user_pref("CT2851643.FirstTimeFF3", true);
Found : user_pref("CT2851643.FixPageNotFoundErrors", true);
Found : user_pref("CT2851643.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2851643.HPInstall", false);
Found : user_pref("CT2851643.HasUserGlobalKeys", true);
Found : user_pref("CT2851643.HomePageProtectorEnabled", false);
Found : user_pref("CT2851643.HomepageBeforeUnload", "hxxp://www.google.com.br/");
Found : user_pref("CT2851643.Initialize", true);
Found : user_pref("CT2851643.InitializeCommonPrefs", true);
Found : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2851643.InstallationId", "fftA392.tmp.exe");
Found : user_pref("CT2851643.InstallationType", "XPE");
Found : user_pref("CT2851643.InstalledDate", "Fri May 25 2012 13:34:59 GMT-0300 (Hora oficial do Brasil)");
Found : user_pref("CT2851643.IsAlertDBUpdated", true);
Found : user_pref("CT2851643.IsGrouping", false);
Found : user_pref("CT2851643.IsInitSetupIni", true);
Found : user_pref("CT2851643.IsMulticommunity", false);
Found : user_pref("CT2851643.IsOpenThankYouPage", true);
Found : user_pref("CT2851643.IsOpenUninstallPage", false);
Found : user_pref("CT2851643.LanguagePackLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial do[...]
Found : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2851643.LastLogin_3.12.0.8", "Fri May 25 2012 13:35:02 GMT-0300 (Hora oficial do Brasil[...]
Found : user_pref("CT2851643.LastLogin_3.12.2.3", "Sun Jun 03 2012 15:56:16 GMT-0300 (Hora oficial do Brasil[...]
Found : user_pref("CT2851643.LastLogin_3.13.0.6", "Tue Jul 17 2012 14:19:11 GMT-0300 (Hora oficial do Brasil[...]
Found : user_pref("CT2851643.LastLogin_3.14.1.0", "Wed Aug 29 2012 19:01:30 GMT-0300 (Hora oficial do Brasil[...]
Found : user_pref("CT2851643.LastLogin_3.15.1.0", "Fri Sep 07 2012 16:25:03 GMT-0300 (Hora oficial do Brasil[...]
Found : user_pref("CT2851643.LatestVersion", "3.14.1.0");
Found : user_pref("CT2851643.Locale", "pt");
Found : user_pref("CT2851643.MCDetectTooltipHeight", "83");
Found : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2851643.MCDetectTooltipWidth", "295");
Found : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2851643.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT2851643.SearchCaption", "uTorrentBar_PT Customized Web Search");
Found : user_pref("CT2851643.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT2851643.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2851643.SearchInNewTabEnabled", true);
Found : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Fri Sep 07 2012 11:36:15 GMT-0300 (Hora oficial [...]
Found : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2851643.SearchProtectorEnabled", false);
Found : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2851643.SendProtectorDataViaLogin", true);
Found : user_pref("CT2851643.ServiceMapLastCheckTime", "Fri Sep 07 2012 11:36:16 GMT-0300 (Hora oficial do B[...]
Found : user_pref("CT2851643.SettingsLastCheckTime", "Fri Sep 07 2012 16:25:02 GMT-0300 (Hora oficial do Bra[...]
Found : user_pref("CT2851643.SettingsLastUpdate", "1346938891");
Found : user_pref("CT2851643.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");
Found : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Fri May 25 2012 13:34:50 GMT-0300 (Hora oficia[...]
Found : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1331806008");
Found : user_pref("CT2851643.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");
Found : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2851643.UserID", "UN96122472512042012");
Found : user_pref("CT2851643.ValidationData_Toolbar", 0);
Found : user_pref("CT2851643.WeatherNetwork", "");
Found : user_pref("CT2851643.WeatherPollDate", "Thu Jun 07 2012 10:37:55 GMT-0300 (Hora oficial do Brasil)")[...]
Found : user_pref("CT2851643.WeatherUnit", "C");
Found : user_pref("CT2851643.alertChannelId", "1243677");
Found : user_pref("CT2851643.autoDisableScopes", -1);
Found : user_pref("CT2851643.backendstorage.cbcountry_000", "4252");
Found : user_pref("CT2851643.backendstorage.cbfirsttime", "467269204D617920323520323031322031333A33353A30382[...]
Found : user_pref("CT2851643.backendstorage.pairingkey", "39414636364643463337433534323441393935373243333834[...]
Found : user_pref("CT2851643.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2851643.backendstorage.url_history0001", "6A6176617363726970743A3B3A3A3A636C69636B68616[...]
Found : user_pref("CT2851643.backendstorage.uttorrents", "7B226275696C64223A32373232302C226C6162656C223A5B5D[...]
Found : user_pref("CT2851643.components.1000234", false);
Found : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Tue Jun 05 2012 07:12:00 GMT-0300 (Hora ofi[...]
Found : user_pref("CT2851643.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2851643.initDone", true);
Found : user_pref("CT2851643.isAppTrackingManagerOn", true);
Found : user_pref("CT2851643.myStuffEnabled", true);
Found : user_pref("CT2851643.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2851643.navigateToUrlOnSearch", false);
Found : user_pref("CT2851643.oldAppsList", "129351530870587943,129351530870900444,1000234,129791406994403775[...]
Found : user_pref("CT2851643.revertSettingsEnabled", true);
Found : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2851643.searchProtectorEnableByLogin", true);
Found : user_pref("CT2851643.testingCtid", "");
Found : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Fri Sep 07 2012 11:36:20 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Fri May 25 2012 13:35:03 GMT-0300 (Hora ofic[...]
Found : user_pref("CT2851643.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851643/CT2851643[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"5e9[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\WESLEY\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851643");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851643");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2851643");
Found : user_pref("CommunityToolbar.globalUserId", "d3076451-20dc-4783-8b1e-6a074f4d0c9f");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851643");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jun 03 2012 15:56:1[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 08 2012 11:24:15 GMT-0300 (H[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "105f488d-ac4e-437a-9017-e97329675e57");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.br/");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=108380");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 12);
Found : user_pref("extensions.BabylonToolbar.cntry", "BR");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "EF5B3401F11F5A8BAD0EDDF167BA6BC4");
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "c60097a6000000000000001d7df5ece4");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15325");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastActv", "31");
Found : user_pref("extensions.BabylonToolbar.lastDP", 12);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.171:22:01");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 67645032);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.171:22:01");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108380");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c60097a6000000000000001d7df5ece4");
Found : user_pref("extensions.BabylonToolbar_i.id", "c60097a6000000000000001d7df5ece4");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15325");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:22:01");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Found : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
Profile name : default
File : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\r2lji0kw.default\prefs.js
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=[...]
-\\ Opera v11.52.1100.0
File : C:\Users\Duaite\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\WESLEY\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\Convidado\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [25648 octets] - [17/09/2012 01:03:58]
########## EOF - C:\AdwCleaner[R1].txt - [25777 octets] ##########

2°

# AdwCleaner v1.801 - Logfile created 09/17/2012 at 01:04:44
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : WESLEY - PETROLEIRO
# Boot Mode : Normal
# Running from : C:\Users\WESLEY\Desktop\104139_adwcleaner_1_801.exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : Browser Manager
***** [Files / Folders] *****
Folder Deleted : C:\Users\Duaite\AppData\Local\APN
Folder Deleted : C:\Users\WESLEY\AppData\Local\Babylon
Folder Deleted : C:\Users\WESLEY\AppData\Local\Conduit
Folder Deleted : C:\Users\Duaite\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Duaite\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\WESLEY\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\WESLEY\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\WESLEY\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Convidado\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Convidado\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Convidado\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Duaite\AppData\Roaming\Babylon
Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Babylon
Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\ConduitCommon
Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\CT2851643
Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
Folder Deleted : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Program Files\Conduit
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=108293&tt=120912_cpc_3712_6&babsrc=NT_ss&mntrId=c60097a6000000000000001d7df5ece4 --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\Duaite\AppData\Roaming\Mozilla\Firefox\Profiles\nuysoin6.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\prefs.js
C:\Users\WESLEY\AppData\Roaming\Mozilla\Firefox\Profiles\72hdgek9.default\user.js ... Deleted !
Deleted : user_pref("CT2851643..clientLogIsEnabled", false);
Deleted : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851643.AppTrackingLastCheckTime", "Thu Jun 07 2012 10:08:03 GMT-0300 (Hora oficial do [...]
Deleted : user_pref("CT2851643.CTID", "CT2851643");
Deleted : user_pref("CT2851643.CurrentServerDate", "7-9-2012");
Deleted : user_pref("CT2851643.DSInstall", false);
Deleted : user_pref("CT2851643.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851643.DialogsGetterLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial d[...]
Deleted : user_pref("CT2851643.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851643.EMailNotifierPollDate", "Fri Jun 08 2012 13:09:37 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2851643.FeedLastCount1733423638652034402", 496);
Deleted : user_pref("CT2851643.FeedPollDate2429156812186649977", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813040823546", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813130095866", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813224203613", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813230837251", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813454291735", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813729834876", "Fri Jun 08 2012 12:24:13 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813860870021", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156814264681793", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156814863075366", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156815257761081", "Fri Jun 08 2012 12:24:14 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2851643.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851643.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2851643.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2851643.FirstServerDate", "25-5-2012");
Deleted : user_pref("CT2851643.FirstTime", true);
Deleted : user_pref("CT2851643.FirstTimeFF3", true);
Deleted : user_pref("CT2851643.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2851643.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851643.HPInstall", false);
Deleted : user_pref("CT2851643.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851643.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2851643.HomepageBeforeUnload", "hxxp://www.google.com.br/");
Deleted : user_pref("CT2851643.Initialize", true);
Deleted : user_pref("CT2851643.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2851643.InstallationId", "fftA392.tmp.exe");
Deleted : user_pref("CT2851643.InstallationType", "XPE");
Deleted : user_pref("CT2851643.InstalledDate", "Fri May 25 2012 13:34:59 GMT-0300 (Hora oficial do Brasil)");
Deleted : user_pref("CT2851643.IsAlertDBUpdated", true);
Deleted : user_pref("CT2851643.IsGrouping", false);
Deleted : user_pref("CT2851643.IsInitSetupIni", true);
Deleted : user_pref("CT2851643.IsMulticommunity", false);
Deleted : user_pref("CT2851643.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851643.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851643.LanguagePackLastCheckTime", "Fri Sep 07 2012 11:36:18 GMT-0300 (Hora oficial do[...]
Deleted : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851643.LastLogin_3.12.0.8", "Fri May 25 2012 13:35:02 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.12.2.3", "Sun Jun 03 2012 15:56:16 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.13.0.6", "Tue Jul 17 2012 14:19:11 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.14.1.0", "Wed Aug 29 2012 19:01:30 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.15.1.0", "Fri Sep 07 2012 16:25:03 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2851643.Locale", "pt");
Deleted : user_pref("CT2851643.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851643.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851643.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT2851643.SearchCaption", "uTorrentBar_PT Customized Web Search");
Deleted : user_pref("CT2851643.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2851643.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851643.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Fri Sep 07 2012 11:36:15 GMT-0300 (Hora oficial [...]
Deleted : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851643.SearchProtectorEnabled", false);
Deleted : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2851643.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2851643.ServiceMapLastCheckTime", "Fri Sep 07 2012 11:36:16 GMT-0300 (Hora oficial do B[...]
Deleted : user_pref("CT2851643.SettingsLastCheckTime", "Fri Sep 07 2012 16:25:02 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2851643.SettingsLastUpdate", "1346938891");
Deleted : user_pref("CT2851643.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");
Deleted : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Fri May 25 2012 13:34:50 GMT-0300 (Hora oficia[...]
Deleted : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1331806008");
Deleted : user_pref("CT2851643.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");
Deleted : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851643.UserID", "UN96122472512042012");
Deleted : user_pref("CT2851643.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2851643.WeatherNetwork", "");
Deleted : user_pref("CT2851643.WeatherPollDate", "Thu Jun 07 2012 10:37:55 GMT-0300 (Hora oficial do Brasil)")[...]
Deleted : user_pref("CT2851643.WeatherUnit", "C");
Deleted : user_pref("CT2851643.alertChannelId", "1243677");
Deleted : user_pref("CT2851643.autoDisableScopes", -1);
Deleted : user_pref("CT2851643.backendstorage.cbcountry_000", "4252");
Deleted : user_pref("CT2851643.backendstorage.cbfirsttime", "467269204D617920323520323031322031333A33353A30382[...]
Deleted : user_pref("CT2851643.backendstorage.pairingkey", "39414636364643463337433534323441393935373243333834[...]
Deleted : user_pref("CT2851643.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2851643.backendstorage.url_history0001", "6A6176617363726970743A3B3A3A3A636C69636B68616[...]
Deleted : user_pref("CT2851643.backendstorage.uttorrents", "7B226275696C64223A32373232302C226C6162656C223A5B5D[...]
Deleted : user_pref("CT2851643.components.1000234", false);
Deleted : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Tue Jun 05 2012 07:12:00 GMT-0300 (Hora ofi[...]
Deleted : user_pref("CT2851643.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851643.initDone", true);
Deleted : user_pref("CT2851643.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851643.myStuffEnabled", true);
Deleted : user_pref("CT2851643.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851643.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2851643.oldAppsList", "129351530870587943,129351530870900444,1000234,129791406994403775[...]
Deleted : user_pref("CT2851643.revertSettingsEnabled", true);
Deleted : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851643.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851643.testingCtid", "");
Deleted : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Fri Sep 07 2012 11:36:20 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Fri May 25 2012 13:35:03 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851643/CT2851643[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"5e9[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\WESLEY\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851643");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851643");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851643");
Deleted : user_pref("CommunityToolbar.globalUserId", "d3076451-20dc-4783-8b1e-6a074f4d0c9f");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851643");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jun 03 2012 15:56:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 08 2012 11:24:15 GMT-0300 (H[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "105f488d-ac4e-437a-9017-e97329675e57");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.br/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=108380");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 12);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "EF5B3401F11F5A8BAD0EDDF167BA6BC4");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "c60097a6000000000000001d7df5ece4");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15325");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "31");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 12);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.171:22:01");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 67645032);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.171:22:01");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108380");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c60097a6000000000000001d7df5ece4");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "c60097a6000000000000001d7df5ece4");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15325");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:22:01");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
Profile name : default
File : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\r2lji0kw.default\prefs.js
C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\r2lji0kw.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=[...]
-\\ Opera v11.52.1100.0
File : C:\Users\Duaite\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\WESLEY\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\Convidado\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [25779 octets] - [17/09/2012 01:03:58]
AdwCleaner[S1].txt - [26576 octets] - [17/09/2012 01:04:44]
########## EOF - C:\AdwCleaner[S1].txt - [26705 octets] ##########

+ o log do hijack

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:35:24, on 17/09/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PSafe\PSafeSysTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\PSafe\Protege\psprotege.exe
C:\Program Files\PSafe\PSafeWDS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\WESLEY\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\WESLEY\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44EFE656-BA6F-401B-8474-1473CF3883E5} (Active_Clock Control) - file:///C:/Users/Duaite/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/activexclock.gadget/Clock.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\PROGRA~2\BROWSE~1\22643~1.41\{16CDF~1\browsemngr.dll
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe
O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PSafeLockBoxSvc - PSafe - C:\Program Files\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe - C:\Program Files\PSafe\PSafeWD.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 8222 bytes

Ir para o topo

Voltar para Malwares

Tópicos Relacionados

Tópico	Fórum	Criado por	Estatísticas	Última atualização
Pinado Novos vídeos de Windows Server 2012 videos windows server 2012	Windows Server 2012	strippoli	3 respostas 1846 visualizações	há 3 min. strippoli
Meu GTA San Andreas n abre o Menu	Jogos em geral	gutometaleiro	1 reply 1127 visualizações	há 3 min. JMRXXX
Windows Server 2012 - Configurar GPO para impedir que usuários desinstalem aplicativos do Windows 8 windows server 2012, windows 2012 e 2 mais	Windows Server 2012	strippoli	0 respostas 8 visualizações	há 7 min. strippoli
Celular Lg Optimus l7 com garantia Celular	Compra & Venda	Rodrigo Silva So	1 reply 187 visualizações	ontem, 11:41 PM edu8320
Log para análise Tela, azul	Malwares	Cao Vadio	7 respostas 50 visualizações	ontem, 11:14 PM Mr.Million

meu PC está estranho

Tópicos Relacionados

Pinado Novos vídeos de Windows Server 2012

Fazer login