Ir para conteúdo

Foto

Vírus-mystart.incredibar.com


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
18 respostas neste tópico

#1
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
Olá!
Gostaria de informações sobre o arquivo abaixo:
A minhapágina da internet sempre abre em sites que desconheço e a página inicial sempre é direcionada para o site mystart.incredibar.com
Quando seleciono o arquivo no HijackThis após o scan, como faço para remove-lo do computador?Selecionei e cliquei em Fix Checked mas ele não foi removido..
Obrigada

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:26:56, on 13/5/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis(2).exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Arquivos de programas\Web Assistant\Extension32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {60270dc7-9ea0-472f-9b77-66652c06246e} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/FABIAN~1/CONFIG~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 7653 bytes

#2
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares

Poste um novo log do Hijackthis.

Por favor, observe o seguinte:

  • Não utilize softwares que não foram indicado.
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em
    Imagem Postada
    (se localiza no canto superior direito do post principal),e em
    Imagem Postada
    para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando esta opção, acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#3
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:35:01, on 15/5/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
C:\Arquivos de programas\AVG\AVG2012\avgemcx.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
C:\Arquivos de programas\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Complitly\Complitly.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll (file missing)
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--
End of file - 9576 bytes

#4
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em
Imagem Postada
.

Clique em Delete.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis.
NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#5
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
# AdwCleaner v1.606 - Logfile created 05/17/2012 at 22:10:37
# Updated 10/05/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Fabiana Melo - FABIANA
# Running from : C:\Documents and Settings\Fabiana Melo\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\OpenCandy
Folder Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\PriceGong
Folder Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\Conduit
Folder Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\staged
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Folder Deleted : C:\Arquivos de programas\Complitly
Folder Deleted : C:\Arquivos de programas\Conduit
File Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\searchplugins\MyStart Search.xml

***** [Registry] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Incredibar.com
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (pt-BR)

Profile name : default
File : C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\prefs.js

C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\user.js ... Deleted !

Deleted : user_pref("CT2552374..clientLogIsEnabled", false);
Deleted : user_pref("CT2552374..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2552374..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2552374.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2552374.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2552374.BrowserCompStateIsOpen_129490483648200560", true);
Deleted : user_pref("CT2552374.BrowserCompStateIsOpen_129690400597260483", true);
Deleted : user_pref("CT2552374.BrowserCompStateIsOpen_129780208837535783", true);
Deleted : user_pref("CT2552374.BrowserCompStateIsOpen_129784506394087940", true);
Deleted : user_pref("CT2552374.BrowserCompStateIsOpen_129790550498721258", true);
Deleted : user_pref("CT2552374.CTID", "CT2552374");
Deleted : user_pref("CT2552374.CurrentServerDate", "16-5-2012");
Deleted : user_pref("CT2552374.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2552374.DialogsGetterLastCheckTime", "Tue May 15 2012 19:50:33 GMT-0300 (Hora oficial d[...]
Deleted : user_pref("CT2552374.DownloadReferralCookieData", "");
Deleted : user_pref("CT2552374.EMailNotifierPollDate", "Thu Mar 10 2011 18:35:22 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2552374.EnableSearchHistory", false);
Deleted : user_pref("CT2552374.EnableSearchSuggest", false);
Deleted : user_pref("CT2552374.FirstServerDate", "10-3-2011");
Deleted : user_pref("CT2552374.FirstTime", true);
Deleted : user_pref("CT2552374.FirstTimeFF3", true);
Deleted : user_pref("CT2552374.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2552374.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2552374.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2552374.HasUserGlobalKeys", true);
Deleted : user_pref("CT2552374.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2552374.Initialize", true);
Deleted : user_pref("CT2552374.InitializeCommonPrefs", true);
Deleted : user_pref("CT2552374.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2552374.InstallationId", "Unknown");
Deleted : user_pref("CT2552374.InstallationType", "ExternalIntegration");
Deleted : user_pref("CT2552374.InstalledDate", "Thu Mar 10 2011 12:09:26 GMT-0300 (Hora oficial do Brasil)");
Deleted : user_pref("CT2552374.InvalidateCache", false);
Deleted : user_pref("CT2552374.IsAlertDBUpdated", true);
Deleted : user_pref("CT2552374.IsGrouping", false);
Deleted : user_pref("CT2552374.IsMulticommunity", false);
Deleted : user_pref("CT2552374.IsOpenThankYouPage", false);
Deleted : user_pref("CT2552374.IsOpenUninstallPage", true);
Deleted : user_pref("CT2552374.LanguagePackLastCheckTime", "Thu May 17 2012 01:46:34 GMT-0300 (Hora oficial do[...]
Deleted : user_pref("CT2552374.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2552374.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2552374.LastLogin_3.12.0.7", "Tue Apr 24 2012 18:16:45 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2552374.LastLogin_3.12.2.3", "Thu May 17 2012 01:46:40 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2552374.LastLogin_3.2.5.2", "Fri Mar 11 2011 19:50:51 GMT-0300 (Hora oficial do Brasil)[...]
Deleted : user_pref("CT2552374.LastLogin_3.6.0.10", "Tue Aug 23 2011 00:02:05 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2552374.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2552374.Locale", "pt-br");
Deleted : user_pref("CT2552374.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2552374.MCDetectTooltipShow", false);
Deleted : user_pref("CT2552374.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2552374.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2552374.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2552374.RadioIsPodcast", false);
Deleted : user_pref("CT2552374.RadioLastCheckTime", "Thu Mar 10 2011 12:09:27 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2552374.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2552374.RadioLastUpdateServer", "129167760619330000");
Deleted : user_pref("CT2552374.RadioMediaID", "20503635");
Deleted : user_pref("CT2552374.RadioMediaType", "Media Player");
Deleted : user_pref("CT2552374.RadioMenuSelectedID", "EBRadioMenu_CT255237420503635");
Deleted : user_pref("CT2552374.RadioStationName", "BestRadio%20Brasil");
Deleted : user_pref("CT2552374.RadioStationURL", "hxxp://live.bestradiobrasil.com/wmp_hi.asx");
Deleted : user_pref("CT2552374.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2552374.SearchBoxWidth", 100);
Deleted : user_pref("CT2552374.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2552374.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2552374.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2552374.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2552374.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2552374.SearchInNewTabLastCheckTime", "Thu May 17 2012 01:46:19 GMT-0300 (Hora oficial [...]
Deleted : user_pref("CT2552374.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2552374.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2552374.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2552374.SearchProtectorEnabled", false);
Deleted : user_pref("CT2552374.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2552374.ServiceMapLastCheckTime", "Thu May 17 2012 01:46:32 GMT-0300 (Hora oficial do B[...]
Deleted : user_pref("CT2552374.SettingsLastCheckTime", "Thu May 17 2012 01:46:17 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2552374.SettingsLastUpdate", "1337009413");
Deleted : user_pref("CT2552374.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2552374.ThirdPartyComponentsLastCheck", "Tue Aug 23 2011 00:02:01 GMT-0300 (Hora oficia[...]
Deleted : user_pref("CT2552374.ThirdPartyComponentsLastUpdate", "1256047550");
Deleted : user_pref("CT2552374.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2552374");
Deleted : user_pref("CT2552374.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2552374.UserID", "UN80979098531350830");
Deleted : user_pref("CT2552374.ValidationData_Search", 0);
Deleted : user_pref("CT2552374.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2552374.WeatherNetwork", "");
Deleted : user_pref("CT2552374.WeatherPollDate", "Thu Mar 10 2011 18:29:49 GMT-0300 (Hora oficial do Brasil)")[...]
Deleted : user_pref("CT2552374.WeatherUnit", "C");
Deleted : user_pref("CT2552374.alertChannelId", "945276");
Deleted : user_pref("CT2552374.backendstorage._fb_dailyactivity", "31323939373639373639373239");
Deleted : user_pref("CT2552374.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2552374.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT2552374.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT2552374.backendstorage.ytapp_dailyactivity", "31323939373639373639383138");
Deleted : user_pref("CT2552374.backendstorage.ytapp_lifetimesent", "54525545");
Deleted : user_pref("CT2552374.components.1000034", false);
Deleted : user_pref("CT2552374.components.1000082", false);
Deleted : user_pref("CT2552374.components.1000234", false);
Deleted : user_pref("CT2552374.components.129375119490182219", false);
Deleted : user_pref("CT2552374.components.1414644605548080055", false);
Deleted : user_pref("CT2552374.components.1556243035664539683", false);
Deleted : user_pref("CT2552374.components.1741694322881238328", false);
Deleted : user_pref("CT2552374.components.2769648631074965185", false);
Deleted : user_pref("CT2552374.components.4046690726474639537", false);
Deleted : user_pref("CT2552374.components.4609911553645463352", false);
Deleted : user_pref("CT2552374.components.4853458026774934845", false);
Deleted : user_pref("CT2552374.components.600828359144359426", false);
Deleted : user_pref("CT2552374.components.8104453980635985153", false);
Deleted : user_pref("CT2552374.components.9030947681384610783", false);
Deleted : user_pref("CT2552374.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2552374.globalFirstTimeInfoLastCheckTime", "Tue Aug 23 2011 00:02:06 GMT-0300 (Hora ofi[...]
Deleted : user_pref("CT2552374.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2552374.initDone", true);
Deleted : user_pref("CT2552374.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2552374.myStuffEnabled", true);
Deleted : user_pref("CT2552374.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2552374.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2552374.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2552374.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2552374.oldAppsList", "129120793572181778,129120793573119289,111,129460316404819496,129[...]
Deleted : user_pref("CT2552374.revertSettingsEnabled", true);
Deleted : user_pref("CT2552374.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2552374.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2552374.testingCtid", "");
Deleted : user_pref("CT2552374.toolbarAppMetaDataLastCheckTime", "Thu May 17 2012 01:46:34 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2552374.toolbarContextMenuLastCheckTime", "Tue Aug 23 2011 00:02:06 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2552374.usageEnabled", false);
Deleted : user_pref("CT2552374.usagesFlag", 2);
Deleted : user_pref("CT2801948..clientLogIsEnabled", false);
Deleted : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2801948.AppTrackingLastCheckTime", "Tue Aug 23 2011 00:02:05 GMT-0300 (Hora oficial do [...]
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129797777221477754", true);
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129797786124759251", true);
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
Deleted : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
Deleted : user_pref("CT2801948.CTID", "CT2801948");
Deleted : user_pref("CT2801948.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2801948.CurrentServerDate", "16-5-2012");
Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2801948.DialogsGetterLastCheckTime", "Tue May 15 2012 19:50:39 GMT-0300 (Hora oficial d[...]
Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
Deleted : user_pref("CT2801948.EMailNotifierPollDate", "Wed Jun 15 2011 22:07:41 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2801948.EnableClickToSearchBox", false);
Deleted : user_pref("CT2801948.EnableSearchHistory", false);
Deleted : user_pref("CT2801948.EnableSearchSuggest", false);
Deleted : user_pref("CT2801948.FirstServerDate", "16-6-2011");
Deleted : user_pref("CT2801948.FirstTime", true);
Deleted : user_pref("CT2801948.FirstTimeFF3", true);
Deleted : user_pref("CT2801948.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2801948.GroupingInvalidateCache", false);
Deleted : user_pref("CT2801948.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2801948.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Deleted : user_pref("CT2801948.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2801948.Initialize", true);
Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2801948.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2801948.InstalledDate", "Wed Jun 15 2011 22:02:04 GMT-0300 (Hora oficial do Brasil)");
Deleted : user_pref("CT2801948.InvalidateCache", false);
Deleted : user_pref("CT2801948.IsAlertDBUpdated", true);
Deleted : user_pref("CT2801948.IsGrouping", false);
Deleted : user_pref("CT2801948.IsMulticommunity", false);
Deleted : user_pref("CT2801948.IsOpenThankYouPage", true);
Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Thu May 17 2012 01:46:34 GMT-0300 (Hora oficial do[...]
Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2801948.LastLogin_3.12.0.7", "Tue Apr 24 2012 18:16:54 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2801948.LastLogin_3.12.2.3", "Thu May 17 2012 01:46:40 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2801948.LastLogin_3.3.5.1", "Sat Jul 09 2011 20:09:58 GMT-0300 (Hora oficial do Brasil)[...]
Deleted : user_pref("CT2801948.LastLogin_3.5.0.12", "Mon Jul 11 2011 16:58:13 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2801948.LastLogin_3.6.0.10", "Tue Aug 23 2011 00:01:55 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2801948.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2801948.Locale", "en-us");
Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2801948.MCDetectTooltipShow", false);
Deleted : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2801948.RadioIsPodcast", false);
Deleted : user_pref("CT2801948.RadioLastCheckTime", "Wed Jun 15 2011 22:13:01 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2801948.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2801948.RadioMediaID", "21435220");
Deleted : user_pref("CT2801948.RadioMediaType", "Media Player");
Deleted : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Deleted : user_pref("CT2801948.RadioShrinked", "shrinked");
Deleted : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2801948.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2801948.SavedHomepage", "www.yahoo.com.br/mail");
Deleted : user_pref("CT2801948.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2801948.SearchBoxWidth", 100);
Deleted : user_pref("CT2801948.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Thu May 17 2012 01:46:31 GMT-0300 (Hora oficial [...]
Deleted : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2801948.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2801948.SearchProtectorEnabled", false);
Deleted : user_pref("CT2801948.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Thu May 17 2012 01:46:32 GMT-0300 (Hora oficial do B[...]
Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Thu May 17 2012 01:46:24 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2801948.SettingsLastUpdate", "1337104392");
Deleted : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Tue Aug 23 2011 00:01:52 GMT-0300 (Hora oficia[...]
Deleted : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
Deleted : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2801948.UserID", "UN61676615467249751");
Deleted : user_pref("CT2801948.ValidationData_Search", 0);
Deleted : user_pref("CT2801948.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2801948.alertChannelId", "1194029");
Deleted : user_pref("CT2801948.approveUntrustedApps", false);
Deleted : user_pref("CT2801948.componentAlertEnabled", false);
Deleted : user_pref("CT2801948.components.1000034", false);
Deleted : user_pref("CT2801948.components.1000080", false);
Deleted : user_pref("CT2801948.components.1000082", false);
Deleted : user_pref("CT2801948.components.129306881624250628", false);
Deleted : user_pref("CT2801948.components.129306881624563129", false);
Deleted : user_pref("CT2801948.components.129306881632844577", false);
Deleted : user_pref("CT2801948.components.129311958650656383", false);
Deleted : user_pref("CT2801948.components.129311959839444431", false);
Deleted : user_pref("CT2801948.components.129343840936544328", false);
Deleted : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Tue Aug 23 2011 00:01:55 GMT-0300 (Hora ofi[...]
Deleted : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.initDone", true);
Deleted : user_pref("CT2801948.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2801948.myStuffEnabled", true);
Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129[...]
Deleted : user_pref("CT2801948.revertSettingsEnabled", true);
Deleted : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2801948.testingCtid", "");
Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Thu May 17 2012 01:46:34 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Tue Aug 23 2011 00:01:54 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2801948.usageEnabled", false);
Deleted : user_pref("CT2801948.usagesFlag", 2);
Deleted : user_pref("CT2851643..clientLogIsEnabled", false);
Deleted : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851643.AppTrackingLastCheckTime", "Mon Apr 16 2012 22:21:01 GMT-0300 (Hora oficial do [...]
Deleted : user_pref("CT2851643.CTID", "CT2851643");
Deleted : user_pref("CT2851643.CurrentServerDate", "16-5-2012");
Deleted : user_pref("CT2851643.DSInstall", false);
Deleted : user_pref("CT2851643.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851643.DialogsGetterLastCheckTime", "Tue May 15 2012 19:50:41 GMT-0300 (Hora oficial d[...]
Deleted : user_pref("CT2851643.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851643.EMailNotifierPollDate", "Mon May 14 2012 20:56:37 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2851643.FeedLastCount1733423638652034402", 501);
Deleted : user_pref("CT2851643.FeedPollDate2429156812186649977", "Fri May 11 2012 15:55:20 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813040823546", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813130095866", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813224203613", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813230837251", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813454291735", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813729834876", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156813860870021", "Fri May 11 2012 15:55:20 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156814264681793", "Fri May 11 2012 15:55:20 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156814863075366", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedPollDate2429156815257761081", "Fri May 11 2012 15:55:19 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2851643.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851643.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2851643.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2851643.FirstServerDate", "26-12-2011");
Deleted : user_pref("CT2851643.FirstTime", true);
Deleted : user_pref("CT2851643.FirstTimeFF3", true);
Deleted : user_pref("CT2851643.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2851643.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851643.HPInstall", false);
Deleted : user_pref("CT2851643.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851643.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2851643.HomepageBeforeUnload", "hxxp://www.yahoo.com.br/mail");
Deleted : user_pref("CT2851643.Initialize", true);
Deleted : user_pref("CT2851643.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2851643.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT2851643.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2851643.InstalledDate", "Mon Dec 26 2011 13:15:24 GMT-0200");
Deleted : user_pref("CT2851643.IsAlertDBUpdated", true);
Deleted : user_pref("CT2851643.IsGrouping", false);
Deleted : user_pref("CT2851643.IsInitSetupIni", true);
Deleted : user_pref("CT2851643.IsMulticommunity", false);
Deleted : user_pref("CT2851643.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851643.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851643.LanguagePackLastCheckTime", "Thu May 17 2012 01:46:34 GMT-0300 (Hora oficial do[...]
Deleted : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851643.LastLogin_3.10.0.1", "Tue Apr 17 2012 22:05:47 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.12.0.7", "Tue Apr 24 2012 18:16:55 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.12.2.3", "Thu May 17 2012 01:46:49 GMT-0300 (Hora oficial do Brasil[...]
Deleted : user_pref("CT2851643.LastLogin_3.8.1.0", "Sat Jan 14 2012 14:47:27 GMT-0200");
Deleted : user_pref("CT2851643.LastLogin_3.9.0.3", "Fri Mar 09 2012 00:39:46 GMT-0300 (Hora oficial do Brasil)[...]
Deleted : user_pref("CT2851643.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2851643.Locale", "pt");
Deleted : user_pref("CT2851643.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851643.MCDetectTooltipShow", false);
Deleted : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851643.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851643.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT2851643.RadioShrinked", "shrinked");
Deleted : user_pref("CT2851643.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT2851643.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2851643.SearchBoxWidth", 100);
Deleted : user_pref("CT2851643.SearchCaption", "uTorrentBar_PT Customized Web Search");
Deleted : user_pref("CT2851643.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2851643.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851643.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Thu May 17 2012 01:46:32 GMT-0300 (Hora oficial [...]
Deleted : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851643.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2851643.SearchProtectorEnabled", false);
Deleted : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2851643.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2851643.ServiceMapLastCheckTime", "Thu May 17 2012 01:46:33 GMT-0300 (Hora oficial do B[...]
Deleted : user_pref("CT2851643.SettingsLastCheckTime", "Thu May 17 2012 01:46:32 GMT-0300 (Hora oficial do Bra[...]
Deleted : user_pref("CT2851643.SettingsLastUpdate", "1334667189");
Deleted : user_pref("CT2851643.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");
Deleted : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Sat May 05 2012 00:13:54 GMT-0300 (Hora oficia[...]
Deleted : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1311768090");
Deleted : user_pref("CT2851643.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");
Deleted : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851643.UserID", "UN95566850940709552");
Deleted : user_pref("CT2851643.ValidationData_Search", 2);
Deleted : user_pref("CT2851643.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2851643.WeatherNetwork", "");
Deleted : user_pref("CT2851643.WeatherPollDate", "Mon Jan 23 2012 13:03:14 GMT-0200");
Deleted : user_pref("CT2851643.WeatherUnit", "C");
Deleted : user_pref("CT2851643.alertChannelId", "1243677");
Deleted : user_pref("CT2851643.approveUntrustedApps", false);
Deleted : user_pref("CT2851643.backendstorage.cbcountry_000", "4252");
Deleted : user_pref("CT2851643.backendstorage.cbfirsttime", "4D6F6E2044656320323620323031312031333A31353A33322[...]
Deleted : user_pref("CT2851643.backendstorage.pairingkey", "43374533303634423441373944383043303536413731323441[...]
Deleted : user_pref("CT2851643.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2851643.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2E6[...]
Deleted : user_pref("CT2851643.backendstorage.uttorrents", "7B226275696C64223A32363631362C226C6162656C223A5B5D[...]
Deleted : user_pref("CT2851643.components.1000034", false);
Deleted : user_pref("CT2851643.components.1000234", false);
Deleted : user_pref("CT2851643.components.129351530871056696", false);
Deleted : user_pref("CT2851643.components.129351530871369199", false);
Deleted : user_pref("CT2851643.components.129351530873244213", false);
Deleted : user_pref("CT2851643.components.129351530873244214", false);
Deleted : user_pref("CT2851643.components.129422837839831266", false);
Deleted : user_pref("CT2851643.components.129544680660102367", false);
Deleted : user_pref("CT2851643.components.129791406994403775", false);
Deleted : user_pref("CT2851643.components.1733423638652034402", false);
Deleted : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Tue May 15 2012 19:50:38 GMT-0300 (Hora ofi[...]
Deleted : user_pref("CT2851643.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851643.initDone", true);
Deleted : user_pref("CT2851643.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851643.isFirstRadioInstallation", false);
Deleted : user_pref("CT2851643.myStuffEnabled", true);
Deleted : user_pref("CT2851643.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851643.oldAppsList", "129351530870587943,129351530870900444,1000234,129791406994403775[...]
Deleted : user_pref("CT2851643.revertSettingsEnabled", true);
Deleted : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851643.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851643.testingCtid", "");
Deleted : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Thu May 17 2012 01:46:34 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Sun May 06 2012 02:03:00 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CT2851643.usageEnabled", false);
Deleted : user_pref("CT2851643.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2801948");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2552374/CT2552374[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851643/CT2851643[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/BR", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2552374",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2552374/CT2552374[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2801948/CT2801948[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/maxi.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play_mini.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"86a[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_brasil");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Fabiana Melo\\Dado[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2552374");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_brasil");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2552374,CT2801948,CT2851643");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2552374,CT2801948,CT2851643");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851643");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 15 2011 22:02:03 GMT-03[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 15 2011 22:12:47 GMT-0300 (Hora [...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jul 09 2011 19:44:27 GMT-0300 (Hora ofic[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "a285d71e-d927-4553-bf01-e76fea8267c8");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 23 2012 08:41:47 GMT-0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "2b056e6b-89ee-4395-903c-63c06a9d1247");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851643");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat May 12 2012 13:42:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 11 2011 16:58:23 GMT-030[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 17 2012 01:56:16 GMT-0300 (H[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ed5aa0fa-a6a1-47f7-a33b-ebf38e7718aa");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.com.br/mail");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&Sea[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 14);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "0c981059000000000000001b2495672b");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15465");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 14);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1723:36:38");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 75590892);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1723:36:38");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "0c981059000000000000001b2495672b");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "0c981059000000000000001b2495672b");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15465");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:36:38");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "netvideohunter@netvideohunter.com:1.9.1,{c50ca3c4-5656-43c2-a[...]
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&q=");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.babylon.c[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.babyl[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[S1].txt - [50814 octets] - [17/05/2012 22:10:37]

########## EOF - C:\AdwCleaner[S1].txt - [50943 octets] ##########




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versão da Base de Dados: v2012.05.17.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Fabiana Melo :: FABIANA [limitado]

17/5/2012 22:40:01
mbam-log-2012-05-17 (22-40-01).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken |

PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 228708
Tempo decorrido: 6 minuto(s), 49 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 2
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a

Quarentena e reparado com sucesso.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a

Quarentena e reparado com sucesso.

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:09:53, on 17/5/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
C:\Arquivos de programas\AVG\AVG2012\avgemcx.exe
C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
C:\Arquivos de programas\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\Syst

#6
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://download.blee...Bs/ComboFix.exe

Salve-o na sua área de trabalho.
  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.
Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.
Faça um novo log do HijackThis e cole na sua resposta.

Importante:
  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#7
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
ComboFix 12-05-20.04 - Fabiana Melo 20/05/2012 9:36:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2038.1464 [GMT -3:00]
Executando de: C:\Documents and Settings\Fabiana Melo\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Criado um novo ponto de restauração

ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 322 bytes in 2 streams.





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:15, on 20/5/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
C:\Arquivos de programas\AVG Secure Search\vprot.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--
End of file - 9285 bytes

#8
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
netsvcs
msconfig
safebootminimal
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
%userprofile%\configurações locais\dados de aplicativos\*.exe
%userprofile%\configurações locais\dados de aplicativos\*.txt
%userprofile%\configurações locais\dados de aplicativos\*.ini
%userprofile%\configurações locais\dados de aplicativos\*.dat /30
%userprofile%\configurações locais\dados de aplicativos\*.dll
%userprofile%\*.exe
%userprofile%\.txt
%userprofile%\.ini
%userprofile%\.dat /30
%userprofile%\.dll
%windir%\tasks\*.* /s
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão
Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#9
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
OTL logfile created on: 20/5/2012 22:02:10 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Fabiana Melo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1,99 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 74,00% Memory free
3,84 Gb Paging File | 3,40 Gb Available in Paging File | 88,44% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 39,06 Gb Total Space | 0,68 Gb Free Space | 1,74% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 38,01 Gb Free Space | 34,56% Space Free | Partition Type: NTFS

Computer Name: FABIANA | User Name: Fabiana Melo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 21:56:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fabiana Melo\Desktop\OTL.exe
PRC - [2012/05/14 20:41:56 | 000,932,736 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/14 20:41:52 | 001,116,544 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgemcx.exe
PRC - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2006/10/04 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2004/08/04 00:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 20:41:58 | 000,130,944 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/14 20:41:56 | 000,932,736 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/05/14 20:41:52 | 001,116,544 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe
MOD - [2009/02/27 18:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Arquivos de programas\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - File not found [Disabled | Stopped] -- C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe -- (matlabserver)
SRV - [2012/05/14 20:41:56 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/17 23:59:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/03/09 08:24:24 | 000,202,824 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/13 23:23:00 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/29 00:50:35 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/04 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2003/03/26 08:00:00 | 000,630,272 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Arquivos de programas\flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe -- (SolidWorks SolidNetWork License Manager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FABIAN~1\CONFIG~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\<NtDriverName>.sys -- (<NtDriverName>)
DRV - [2012/05/20 21:45:25 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2012/05/20 21:45:25 | 000,028,880 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2008/01/31 22:40:51 | 000,004,716 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/07/22 18:41:06 | 000,161,792 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/05/30 02:04:56 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/29 23:49:00 | 000,021,504 | R--- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winbondhidcir.sys -- (winbondhidcir)
DRV - [2007/05/29 23:49:00 | 000,005,632 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidshim.sys -- (hidshim)
DRV - [2007/04/26 10:01:34 | 002,203,520 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Driver do Adaptador Intel®
DRV - [2007/03/21 04:02:04 | 000,037,376 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/08 19:56:04 | 001,163,616 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/23 20:42:22 | 000,039,936 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/22 22:40:20 | 000,042,496 | R--- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/12 02:16:54 | 000,169,472 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2005/02/17 14:38:52 | 000,012,658 | ---- | M] (KINPOSH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPx9G2k.sys -- (HPx9G+)
DRV - [2004/08/03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001/10/28 09:07:14 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/10/28 09:07:14 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [1997/11/05 19:24:40 | 000,010,848 | ---- | M] (PROTEQ) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Proteq.sys -- (Proteq)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-14 20:42:00&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_PT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://Mystart.incre...ibar.com/mb124"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.7
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.7.6
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {12fc3d37-2a42-4fe3-8489-81296878cba5}:3.2.5.2
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.3.5.1
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Arquivos de programas\Real\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Arquivos de programas\VDownloader\Addons\npVDownloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Arquivos de programas\Real\browserrecord [2009/06/16 00:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Arquivos de programas\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/03/10 11:03:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Arquivos de programas\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Arquivos de programas\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Arquivos de programas\AVG\AVG2012\Firefox4\ [2012/05/16 19:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Arquivos de programas\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/14 20:39:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search\11.0.0.9\ [2012/05/14 20:42:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/05/11 15:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2012/04/13 22:46:34 | 000,000,000 | ---D | M]

[2010/08/23 19:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Extensions
[2010/08/23 19:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/03 18:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Extensions\songbird@songbirdnest.com
[2012/05/18 16:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions
[2012/04/24 18:34:27 | 000,000,000 | ---D | M] (Softonic_Brasil Community Toolbar) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}
[2012/04/24 18:34:31 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2011/11/01 09:51:55 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco do Brasil) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2010/08/05 22:02:43 | 000,000,000 | ---D | M] ("Adicional de Seguranca CAIXA") -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
[2012/05/18 16:51:55 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2012/04/24 18:34:34 | 000,000,000 | ---D | M] (uTorrentBar_PT Community Toolbar) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
[2012/05/05 00:03:07 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\ffxtlbr@incredibar.com
[2011/08/30 19:00:24 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\netvideohunter@netvideohunter.com
[2012/04/24 22:06:36 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\searchplugins\conduit.xml
[2012/05/11 15:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2012/05/14 20:39:27 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\ARQUIVOS DE PROGRAMAS\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/16 19:45:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\ARQUIVOS DE PROGRAMAS\AVG\AVG2012\FIREFOX4
[2011/03/10 11:03:10 | 000,000,000 | ---D | M] (FreemakeConverter) -- C:\ARQUIVOS DE PROGRAMAS\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012/04/08 13:00:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/14 20:42:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\AVG SECURE SEARCH\11.0.0.9
[2012/02/23 11:59:53 | 000,279,187 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FABIANA MELO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\M431FRK3.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2011/11/03 08:51:35 | 000,434,392 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FABIANA MELO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\M431FRK3.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/05/04 23:58:10 | 000,004,929 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FABIANA MELO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\M431FRK3.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.XPI
[2012/03/31 11:25:36 | 000,685,019 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\FABIANA MELO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\M431FRK3.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2012/04/20 22:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2012/04/08 13:00:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 20:41:49 | 000,003,677 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 23:26:25 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2012/04/20 23:26:25 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2012/04/20 23:26:24 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 23:26:25 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/04/20 23:26:24 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Arquivos de programas\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Fabiana Melo\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Fabiana Melo\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Arquivos de programas\Real\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/20 09:50:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Arquivos de programas\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [HijackThis startup scan] C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm File not found
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm File not found
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: com.br ([www.bancobrasil] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: com.br ([www.bb] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: com.br ([www14.bancobrasil] * in Sites confiáveis)
O15 - HKCU\..Trusted Domains: com.br ([www2.bancobrasil] * in Sites confiáveis)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.105 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85FFC632-EED3-4877-AF4C-F53F5B6FC1A2}: DhcpNameServer = 201.17.128.105 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\ARQUIV~1\GBPLUGIN\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehcef.dll) - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O24 - Desktop Components:0 (Minha página inicial atual) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/16 20:02:30 | 000,000,051 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "SolidWorks SolidNetWork License Manager"
MsConfig - Services: "matlabserver"
MsConfig - Services: "helpsvc"
MsConfig - Services: "gusvc"
MsConfig - Services: "gupdatem"
MsConfig - Services: "gupdate"
MsConfig - Services: "wuauserv"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WebClient"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "hpqddsvc"
MsConfig - Services: "Autodesk Licensing Service"
MsConfig - Services: "NWCWorkstation"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Acrobat Assistant.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe - (Autodesk, Inc)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Fabiana Melo^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Fabiana Melo^Menu Iniciar^Programas^Inicializar^VDownloader.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AppVodBurner - hkey= - key= - File not found
MsConfig - StartUpReg: AutoHelpDesk - hkey= - key= - File not found
MsConfig - StartUpReg: avast5 - hkey= - key= - File not found
MsConfig - StartUpReg: AVP - hkey= - key= - File not found
MsConfig - StartUpReg: AzMixerSel - hkey= - key= - C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: Logitech Utility - hkey= - key= - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Arquivos de programas\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 90 Days ==========

[2012/05/20 21:56:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fabiana Melo\Desktop\OTL.exe
[2012/05/20 09:34:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/20 09:31:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/20 09:31:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/20 09:31:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/20 09:31:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/20 09:31:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/20 09:31:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/20 09:31:30 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/20 09:31:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/20 09:27:21 | 004,499,383 | R--- | C] (Swearware) -- C:\Documents and Settings\Fabiana Melo\Desktop\ComboFix.exe
[2012/05/18 21:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Desktop\5.6.1. Tensão Desviadora for resistenciacisalhamento_files
[2012/05/17 22:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Malwarebytes
[2012/05/17 22:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2012/05/17 22:37:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/17 22:37:17 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2012/05/17 22:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2012/05/16 19:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG
[2012/05/15 20:06:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2012/05/14 20:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\AVG2012
[2012/05/14 20:42:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2012/05/14 20:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\AVG Secure Search
[2012/05/14 20:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\AVG Secure Search
[2012/05/14 20:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search
[2012/05/14 20:41:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search
[2012/05/14 20:41:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\AVG Secure Search
[2012/05/14 20:39:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/14 20:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG2012
[2012/05/14 20:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/05/14 20:37:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\AVG
[2012/05/14 20:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData
[2012/05/11 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Mozilla
[2012/05/11 03:21:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 6.0
[2012/05/11 03:13:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/05/07 23:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/05/04 23:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Babylon
[2012/05/04 23:33:52 | 000,887,624 | ---- | C] (Complitly ) -- C:\Arquivos de programas\Arquivos comuns\AutoCompleteInstaller-VD.exe
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2012/04/10 22:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\CDex
[2012/04/10 22:53:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CDex
[2012/04/08 21:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Desktop\Provas Petro
[2012/04/06 11:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Programas RFB
[2012/04/06 11:14:09 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Programas RFB
[2012/04/06 11:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Menu Iniciar\Programas\Programas RFB2012
[2012/04/01 20:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Meus documentos\aaaaa
[2012/03/22 00:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Menu Iniciar\Programas\Piping Systems FLUID FLOW
[2012/03/22 00:24:31 | 000,079,260 | ---- | C] (KRFTech) -- C:\WINDOWS\System32\drivers\windrvr.sys
[2012/03/22 00:24:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Fluid Flow
[2012/03/19 05:17:28 | 000,301,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/02/22 05:25:32 | 000,235,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2012/01/08 14:44:26 | 000,143,240 | ---- | C] (Ask.com) -- C:\Arquivos de programas\Arquivos comuns\ApnStub.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/05/20 21:56:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fabiana Melo\Desktop\OTL.exe
[2012/05/20 21:48:53 | 098,714,532 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/20 21:45:57 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/05/20 21:45:25 | 000,028,880 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\GbpNdisrd.sys
[2012/05/20 21:44:48 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 21:44:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 12:10:06 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/20 09:50:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/20 09:34:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/20 09:31:30 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/05/20 09:27:55 | 004,499,383 | R--- | M] (Swearware) -- C:\Documents and Settings\Fabiana Melo\Desktop\ComboFix.exe
[2012/05/19 16:55:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/18 22:25:55 | 002,645,981 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\ms2_unid05-P2.pdf
[2012/05/18 21:54:12 | 001,291,319 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\unidade_8.pdf
[2012/05/18 21:42:56 | 000,857,038 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\5.jpg
[2012/05/18 21:42:15 | 000,813,920 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\4.jpg
[2012/05/18 21:41:29 | 001,038,449 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\3.jpg
[2012/05/18 21:40:19 | 000,813,393 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\2.jpg
[2012/05/18 21:38:22 | 000,554,000 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\1.jpg
[2012/05/18 14:45:43 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/18 14:44:35 | 000,075,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/17 23:52:35 | 030,841,255 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\Davi e Golias - History Channel - (480 x 360).flv
[2012/05/17 22:37:19 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 22:02:12 | 000,581,983 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\adwcleaner.exe
[2012/05/17 08:14:39 | 000,625,471 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/05/17 01:12:44 | 000,067,616 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Meus documentos\TP Final Douglas Model .pdf
[2012/05/16 19:45:20 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/16 01:20:08 | 000,001,897 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\Google Chrome.lnk
[2012/05/15 20:04:30 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Desktop\Atalho para 1-2012.lnk
[2012/05/14 20:22:57 | 000,003,078 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2012/05/14 19:34:48 | 000,091,844 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\census.cache
[2012/05/14 19:34:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\ars.cache
[2012/05/14 14:19:43 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\housecall.guid.cache
[2012/05/11 15:53:33 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/05/11 13:46:10 | 000,511,490 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2012/05/11 13:46:10 | 000,475,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/11 13:46:10 | 000,088,410 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2012/05/11 13:46:10 | 000,076,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 03:51:56 | 000,378,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 07:47:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/10 00:59:05 | 000,000,098 | ---- | M] () -- C:\Documents and Setting

Arquivo(s) anexado(s)



#10
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

O log OTL.txt está incompleto. Por gentileza compacte o arquivo e anexe o arquivo compactado conforme consta nas instruções acima, ou siga o procedimento abaixo:

Acesse o Pastebin.com:
http://pastebin.com/

  • No campo New Paste cole o conteúdo do log OTL.txt.
  • Clique no botão Submit.
  • Será feita uma verificação de segurança, digite o código correto no campo Enter Captcha: e por fim clique no botão Submit.
  • Será aberta uma nova página, na barra cinza acima a direita clique em RAW.

    Imagem Postada
  • Será aberta uma nova página com o log.
  • Copie e poste aqui no tópico o endereço desta página.

** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#11
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
Gostaria de saber o que está acontecendo no meu pc...
está muito infectado??porque foram muitos procedimentos até agora e eu não sei o porque de cada um...
obrigada



http://pastebin.com/raw.php?i=FaSLVcEj

Arquivo(s) anexado(s)



#12
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

Gostaria de saber o que está acontecendo no meu pc...
está muito infectado??porque foram muitos procedimentos até agora e eu não sei o porque de cada um...
obrigada


Está sendo tratado apenas com relação ao adware que relatou anteriormente, obviamente se aparecer algo mais complexo certamente será tratado. Até agora não vi nenhuma infecção grave no PC.

----------

Selecione e copie o texto dentro do QUOTE, clique com o direito sobre a seleção e escolha a opção copiar:

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ":o" de OTL.

:OTL
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-14 20:42:00&v=11.0.0.9&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_PT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://Mystart.incre...ibar.com/mb124"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
[2012/04/24 18:34:27 | 000,000,000 | ---D | M] (Softonic_Brasil Community Toolbar) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}
[2012/04/24 18:34:31 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012/04/24 18:34:34 | 000,000,000 | ---D | M] (uTorrentBar_PT Community Toolbar) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}
[2012/05/05 00:03:07 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\ffxtlbr@incredibar.com
[2012/04/24 22:06:36 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\searchplugins\conduit.xml
[2012/05/14 20:41:49 | 000,003,677 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\avg-secure-search.xml
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
[2012/05/04 23:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Babylon
[2012/01/08 14:44:26 | 000,143,240 | ---- | C] (Ask.com) -- C:\Arquivos de programas\Arquivos comuns\ApnStub.exe
[2012/05/20 21:45:57 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/05/05 00:03:25 | 000,000,622 | ---- | M] () -- C:\user.js

:Commands
[createrestorepoint]
[purity]
[emptytemp]
[emptyflash]


Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão
Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Poste também um novo log do Hijackthis.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#13
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "uTorrentBar_PT Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://Mystart.incre...ibar.com/mb124" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\searchplugin folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\modules folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\META-INF folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\defaults folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\components folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5}\chrome folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\searchplugin folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\modules folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\META-INF folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\defaults folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\chrome folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\searchplugin folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\modules folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\META-INF folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\defaults folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\components folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\chrome folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48} folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\extensions\ffxtlbr@incredibar.com folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Dados de aplicativos\Mozilla\Firefox\Profiles\m431frk3.default\searchplugins\conduit.xml moved successfully.
C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Babylon\Setup folder moved successfully.
C:\Documents and Settings\Fabiana Melo\Configurações locais\Dados de aplicativos\Babylon folder moved successfully.
C:\Arquivos de programas\Arquivos comuns\ApnStub.exe moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.ics moved successfully.
C:\user.js moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Fabiana Melo
->Temp folder emptied: 1489006 bytes
->Temporary Internet Files folder emptied: 6348355 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 251463655 bytes
->Google Chrome cache emptied: 134204951 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3086 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4229186 bytes
%systemroot%\System32 .tmp files removed: 2969 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120510 bytes
RecycleBin emptied: 419343 bytes

Total Files Cleaned = 380,00 mb


[EMPTYFLASH]

User: Administrador

User: All Users

User: Default User

User: Fabiana Melo
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05222012_211311









Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:30:02, on 22/5/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG2012\avgemcx.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe
C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
C:\Arquivos de programas\flexlm\SolidWorks 2005 SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
C:\Arquivos de programas\AVG Secure Search\vprot.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\DOCUME~1\FABIAN~1\CONFIG~1\Temp\RtkBtMnt.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoHelpDesk] C:\Documents and Settings\Fabiana Melo\Meus documentos\Downloads\DiagnosticoBB(1).exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: VDownloader.lnk = C:\Arquivos de programas\VDownloader\VDownloader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe (file missing)
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Arquivos de programas\flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--
End of file - 13302 bytes

#14
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

Faça o download do Kaspersky Virus Removal Tool de um desses 2 links:
http://devbuilds.kas...builds/AVPTool/
http://dnl-us6.kaspe...builds/AVPTool/

Salve-o em sua área de trabalho.

- Duplo clique no arquivo "setup" e aguarde a instalação;
- Na próxima tela marque I accept the licence agreement e clique em Start
- Clique no botão
Imagem Postada
e marque:
  • Meu computador
  • Disco local (C:) (a letra do disco local pode variar)
- Clique em Actions e desmarque os dois quadros:
Imagem Postada
- Clique na aba Automatic Scan e aguarde o término da verificação.

- Clique no botão
Imagem Postada
, em Detected threats e no botão "Save".
- Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#15
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
Olá!
parece que não houve nada detectado pois o arquivo não foi gerado.
Além disso, quando abro o firefox e o g chrome, não aparece mais a página
que surgia antes do incredibar.com e nem avisos dizendo que minhas configurações estavam sendo alteradas.
Muito obrigada!!!

#16
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

Para finalizar:
  • Renomeie o Combofix para uninstall e execute-o.

    IMPORTANTE: Preste atenção na grafia, para não haver erros de digitação!


  • Execute o OTL.exe
    Clique no botão
    Imagem Postada
    .

    Permita que seu computador seja reiniciado.


  • É de extrema importância que execute este procedimento. Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

    Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):
    http://www.microsoft...splayLang=pt-br

  • Atualize o Internet Explorer. Baixe e instale o Internet Explorer 8.

  • Imagem Postada
    Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u4.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 20.08 MB jre-7u4-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u4-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.

  • Imagem Postada
    Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.

  • Imagem Postada
    Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.

  • Imagem Postada
    Worms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.

    Para Windows Vista e 7: Panda USB Vaccine

  • Imagem Postada
    Para manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.

  • Imagem Postada
    Visite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.


  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/

  • Se não há mais nenhum problema relacionado a malwares, clique no botão
    Imagem Postada
    e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#17
hf2003

hf2003

    Novato

  • Novato
  • Pip
  • 20 posts
oi!
tenho uma dúvida sim em relação ao item 3, pois meu windows xp não é original, baixar atualizações não vai me trazer problemas?
obrigada


"3.É de extrema importância que execute este procedimento. Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):
http://www.microsoft...splayLang=pt-br

Atualize o Internet Explorer. Baixe e instale o Internet Explor
er [/I]8."[/I]

#18
Ciro-Mota

Ciro-Mota

    Assistente Profissional

  • Assistente Profissional
  • 55.156 posts
hf2003,

Não só o seu como o da maioria não é original, porém não se deve abrir mão da segurança que as atualizações proporcionam. Poderá haver um pequeno empecilho com uma atualização, porém contornável.

Infelizmente não podemos dar mais detalhes em virtude das regras.
** Tenha consideração a quem te ajuda, não Abandone seu tópico! **
[Membro da ASAP] // [Junte-se ao ARIS-LD] // [Linha Defensiva no Twitter]
Imagem Postada

Blog do Ciro Mota
Visite em: http://www.ciromota.net/ _-_ Siga-me no Twitter: @ciromota

#19
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.