Amador

Meu pc abre páginas de propaganda sozinho.

24 posts neste tópico

Ora boas, o meu problema é o seguinte, eu qaundo tou com o pc ligado normal sem eu tar na internet ele abre páginas de propaganda Sozinho, abre 1 passando um tempo abre outra depois outra....

Eu sei que isto é um virus, mas não consigo, o remover, e é muito chato tar sempre abrir paginas sozinho.

Gostava que me ajudassem a resolver este problema.

Aguardo respostas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amador,

Seja bem-vindo ao Fórum do Linha Defensiva. :legal:

Meu nome é Carlos Turco, e vou analisar seu caso.

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Peço que leia as instruções para usar a área Remoção de Vírus:

http://www.linhadefe...mocao-de-virus/

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta colocando um log do HijackThis de acordo com as instruções presentes na página que lhe passei acima.

Qualquer dúvida é só perguntar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 22:15:20, on 26-02-2013

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v8.00 (8.00.6001.19088)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Windows\System32\ASUSTPE.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\TUTO4PC\tuto4pc_pt_5.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\software tmn\software tmn.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\ASUS\Desktop\hijkackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2851643

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pt-PT&Src=MSE&Tid=0002F86C&OHP=about%3Ablank&OSP=http%3A%2F%2Fsearch.babylon.com%2F%3Fq%3D%7BsearchTerms%7D%26affID%3D113480%26tt%3D4712%5F1%26babsrc%3DSP%5Fss%26mntrId%3D28cc3bac000000000000000000000000

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\ASUS\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

O2 - BHO: (no name) - {978C7B0C-1709-4f9e-AE1C-95DC75079894} - (no file)

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: uTorrentBar_PT - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - (no file)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files\uTorrentBar_PT\prxtbuTor.dll

O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Tutorials] "C:\Program Files\TUTO4PC\tuto4pc_pt_5.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [steam] "C:\Program Files\Valve\Steam\steam.exe" -silent

O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{18B559B9-B733-4942-B8AC-65A122941611}: NameServer = 88.214.182.1 88.214.178.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{18B559B9-B733-4942-B8AC-65A122941611}: NameServer = 88.214.182.1 88.214.178.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\browse~1\261123~1.78\{c16c1~1\mngr.dll

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.6.1123.78\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe

O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe

O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\ASUS\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amador,

MSIE: Internet Explorer v8.00 (8.00.6001.19088)

Atualize seu Internet Explorer.

Siga os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.

http://www.bleepingc...cleaner/dl/125/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Baixe o Malwarebytes' Anti-Malware (MBAM)

http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  1. Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  2. Se houver atualizações a serem feitas, serão baixadas e instaladas.
  3. Ao final da atualização, com o programa aberto, marque Verificação Completa e clique no botão Verificar.
  4. Começará então o exame. Aguarde, pois pode demorar.
  5. Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  6. Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  7. Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  8. O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  9. Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:

http://linhadefensiv...showtopic=75554

3)

Baixe o MbrScan.exe e salve no desktop.

http://eric71.geekst...ols/MbrScan.exe

Execute o arquivo MbrScan.exe.

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo MbrScan.exe, depois clique em execadmin.png

Selecione, copie e cole o seu conteúdo na próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Internet atualizada - Feito

1-Resultado do AdwCleaner.

# AdwCleaner v2.113 - Logfile created 02/27/2013 at 23:12:40

# Updated 23/02/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : ASUS

# Boot Mode : Normal

# Running from : C:\Users\ASUS\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

Stopped & Deleted : DefaultTabSearch

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

Deleted on reboot : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

File Deleted : C:\user.js

File Deleted : C:\Users\ASUS\AppData\Local\funmoods-speeddial.crx

File Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

File Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

File Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\bprotector_extensions.sqlite

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\bprotector_prefs.js

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\Askcom.xml

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\askcomsearch.xml

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\browsemngr.xml

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\Conduit.xml

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\mngr.xml

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\search.xml

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\Search_Results.xml

File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\searchplugins\search-here.xml

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Program Files\BabylonToolbar

Folder Deleted : C:\Program Files\BasicScan

Folder Deleted : C:\Program Files\Claro LTD

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DealPly

Folder Deleted : C:\Program Files\DefaultTab

Folder Deleted : C:\Program Files\Funmoods

Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\adapter@babylontc.com

Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ocr@babylon.com

Folder Deleted : C:\Program Files\Searchqu Toolbar

Folder Deleted : C:\Program Files\Tuto4pc

Folder Deleted : C:\Program Files\uTorrentBar_PT

Folder Deleted : C:\Program Files\Yontoo

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\IBUpdaterService

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4pc

Folder Deleted : C:\ProgramData\search protection

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\ASUS\AppData\Local\Conduit

Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Folder Deleted : C:\Users\ASUS\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\ASUS\AppData\Local\OpenCandy

Folder Deleted : C:\Users\ASUS\AppData\Local\RavenBleuSA

Folder Deleted : C:\Users\ASUS\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\ASUS\AppData\Local\Temp\CT2851643

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\bbrs_002.tb

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\Claro LTD

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\Funmoods

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\searchquband

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\Searchqutoolbar

Folder Deleted : C:\Users\ASUS\AppData\LocalLow\uTorrentBar_PT

Folder Deleted : C:\Users\ASUS\AppData\Roaming\blekko

Folder Deleted : C:\Users\ASUS\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\ConduitCommon

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\CT2851643

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\addon@defaulttab.com

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\bbrs_002@blabbers.com

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\ffxtlbr@claro.com

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\ffxtlbr@funmoods.com

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\plugin@yontoo.com

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\extensions\toolbar@ask.com

Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\Searchqutoolbar

Folder Deleted : C:\Users\ASUS\AppData\Roaming\OpenCandy

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261123~1.78\{c16c1~1\mngr.dll

Key Deleted : HKCU\Software\59e8d8ab76ebd12

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\RewardsArcade

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar_PT

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Blabbers

Key Deleted : HKCU\Software\BrowserCompanion

Key Deleted : HKCU\Software\Claro LTD

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\Funmoods

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicScan

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RewardsArcade

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tuto4pc_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_PT Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKLM\SOFTWARE\59e8d8ab76ebd12

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\Software\BrowserCompanion

Key Deleted : HKLM\Software\Claro LTD

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader

Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1

Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore

Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore.1

Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd

Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr

Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{075FB993-E0E5-42BC-9558-BE07965E184A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2857573

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\DefaultTab

Key Deleted : HKLM\Software\Funmoods

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A480E15-D644-4177-A289-64687DFC2D63}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE33D30B-2547-4CF6-BE30-6E09EACBE3C6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{075FB993-E0E5-42BC-9558-BE07965E184A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_PT Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar

Key Deleted : HKLM\Software\SearchquMediabarTb

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\uTorrentBar_PT

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}

Key Deleted : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKU\S-1-5-21-2218256957-1757012758-3880606964-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851643 --> hxxp://www.google.com

Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\prefs.js

C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\jh9e5ai6.default\user.js ... Deleted !

Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com Search");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentBar_PT Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&Sea[...]

Deleted : user_pref("browser.search.order.1", "Ask.com Search");

Deleted : user_pref("browser.search.selectedEngine", "Ask.com Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=091012_24_4112_1&b[...]

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851643&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_PT Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243677/1239350/PT", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851643", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851643",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851643/CT2851643[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"fa7[...]

Deleted : user_pref("CommunityToolbar.globalUserId", "e413c538-ae4e-46c5-aa2c-1ce42774d111");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851643");

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\ASUS\\AppData\\Roaming\\Mozilla\\Fi[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Sep 12 2012 13:22:1[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Aug 30 2012 18:36:49 GMT+010[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 12 2012 13:22:08 GMT+0100");

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "043e70af-707e-4729-b430-910580fad9aa");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.lphant.com");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851643");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851643");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851643");

Deleted : user_pref("CT2851643..clientLogIsEnabled", false);

Deleted : user_pref("CT2851643..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2851643..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2851643.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2851643.alertChannelId", "1243677");

Deleted : user_pref("CT2851643.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2851643.AppTrackingLastCheckTime", "Thu Aug 30 2012 18:36:56 GMT+0100");

Deleted : user_pref("CT2851643.backendstorage.cbfirsttime", "547565204A756C20323420323031322032323A30343A32302[...]

Deleted : user_pref("CT2851643.CTID", "CT2851643");

Deleted : user_pref("CT2851643.CurrentServerDate", "25-7-2012");

Deleted : user_pref("CT2851643.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2851643.DialogsGetterLastCheckTime", "Wed Sep 12 2012 13:22:11 GMT+0100");

Deleted : user_pref("CT2851643.DownloadReferralCookieData", "");

Deleted : user_pref("CT2851643.DSChangedManually", false);

Deleted : user_pref("CT2851643.DSInstall", true);

Deleted : user_pref("CT2851643.EMailNotifierPollDate", "Wed Sep 12 2012 13:22:08 GMT+0100");

Deleted : user_pref("CT2851643.FeedLastCount1733423638652034402", 207);

Deleted : user_pref("CT2851643.FeedPollDate2429156812186649977", "Thu Aug 30 2012 18:36:43 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156813040823546", "Thu Aug 30 2012 18:36:42 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156813130095866", "Wed Sep 12 2012 13:22:08 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156813224203613", "Wed Sep 12 2012 13:22:08 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156813230837251", "Thu Aug 30 2012 18:36:42 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156813454291735", "Thu Aug 30 2012 18:36:42 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156813729834876", "Wed Sep 12 2012 13:22:08 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156813860870021", "Thu Aug 30 2012 18:36:43 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156814264681793", "Thu Aug 30 2012 18:36:42 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156814863075366", "Thu Aug 30 2012 18:36:42 GMT+0100");

Deleted : user_pref("CT2851643.FeedPollDate2429156815257761081", "Thu Aug 30 2012 18:36:41 GMT+0100");

Deleted : user_pref("CT2851643.FeedTTL2429156813040823546", 15);

Deleted : user_pref("CT2851643.FeedTTL2429156813130095866", 10);

Deleted : user_pref("CT2851643.FeedTTL2429156813454291735", 5);

Deleted : user_pref("CT2851643.FeedTTL2429156814264681793", 5);

Deleted : user_pref("CT2851643.FirstServerDate", "25-7-2012");

Deleted : user_pref("CT2851643.FirstTime", true);

Deleted : user_pref("CT2851643.FirstTimeFF3", true);

Deleted : user_pref("CT2851643.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2851643.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2851643.globalFirstTimeInfoLastCheckTime", "Wed Sep 12 2012 13:22:11 GMT+0100");

Deleted : user_pref("CT2851643.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2851643.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2851643.HasUserGlobalKeys", true);

Deleted : user_pref("CT2851643.HomepageBeforeUnload", "hxxp://search.lphant.com");

Deleted : user_pref("CT2851643.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2851643.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2851643.HPInstall", true);

Deleted : user_pref("CT2851643.initDone", true);

Deleted : user_pref("CT2851643.Initialize", true);

Deleted : user_pref("CT2851643.InitializeCommonPrefs", true);

Deleted : user_pref("CT2851643.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2851643.InstallationId", "ConduitXPEIntegration");

Deleted : user_pref("CT2851643.InstallationType", "ConduitXPEIntegration");

Deleted : user_pref("CT2851643.InstalledDate", "Tue Jul 24 2012 22:03:53 GMT+0100");

Deleted : user_pref("CT2851643.IsAlertDBUpdated", true);

Deleted : user_pref("CT2851643.isAppTrackingManagerOn", false);

Deleted : user_pref("CT2851643.IsGrouping", false);

Deleted : user_pref("CT2851643.IsInitSetupIni", true);

Deleted : user_pref("CT2851643.IsMulticommunity", false);

Deleted : user_pref("CT2851643.IsOpenThankYouPage", true);

Deleted : user_pref("CT2851643.IsOpenUninstallPage", false);

Deleted : user_pref("CT2851643.IsProtectorsInit", true);

Deleted : user_pref("CT2851643.LanguagePackLastCheckTime", "Thu Aug 30 2012 18:36:52 GMT+0100");

Deleted : user_pref("CT2851643.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2851643.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2851643.LastLogin_3.10.0.1", "Wed Sep 12 2012 13:22:11 GMT+0100");

Deleted : user_pref("CT2851643.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT2851643.Locale", "pt");

Deleted : user_pref("CT2851643.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2851643.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2851643.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2851643.myStuffEnabled", true);

Deleted : user_pref("CT2851643.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2851643.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2851643.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2851643.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2851643.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2851643.navigateToUrlOnSearch", false);

Deleted : user_pref("CT2851643.OriginalFirstVersion", "3.10.0.1");

Deleted : user_pref("CT2851643.revertSettingsEnabled", true);

Deleted : user_pref("CT2851643.SavedHomepage", "hxxp://search.lphant.com");

Deleted : user_pref("CT2851643.SearchCaption", "uTorrentBar_PT Customized Web Search");

Deleted : user_pref("CT2851643.SearchEngineBeforeUnload", "Search the web (Babylon)");

Deleted : user_pref("CT2851643.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]

Deleted : user_pref("CT2851643.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2851643.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2851643.SearchInNewTabLastCheckTime", "Wed Sep 12 2012 13:22:08 GMT+0100");

Deleted : user_pref("CT2851643.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2851643.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2851643.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2851643.SearchProtectorEnabled", true);

Deleted : user_pref("CT2851643.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2851643.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2851643.ServiceMapLastCheckTime", "Thu Aug 30 2012 18:36:43 GMT+0100");

Deleted : user_pref("CT2851643.SettingsLastCheckTime", "Wed Sep 12 2012 13:22:07 GMT+0100");

Deleted : user_pref("CT2851643.SettingsLastUpdate", "1346220208");

Deleted : user_pref("CT2851643.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");

Deleted : user_pref("CT2851643.testingCtid", "");

Deleted : user_pref("CT2851643.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2851643.ThirdPartyComponentsLastCheck", "Thu Aug 30 2012 18:36:40 GMT+0100");

Deleted : user_pref("CT2851643.ThirdPartyComponentsLastUpdate", "1331806008");

Deleted : user_pref("CT2851643.toolbarAppMetaDataLastCheckTime", "Wed Sep 12 2012 13:22:11 GMT+0100");

Deleted : user_pref("CT2851643.toolbarContextMenuLastCheckTime", "Thu Aug 30 2012 18:36:46 GMT+0100");

Deleted : user_pref("CT2851643.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2851643.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2851643.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851643");

Deleted : user_pref("CT2851643.UserID", "UN61481231163632852");

Deleted : user_pref("CT2851643.WeatherNetwork", "");

Deleted : user_pref("CT2851643.WeatherPollDate", "Thu Aug 30 2012 18:36:43 GMT+0100");

Deleted : user_pref("CT2851643.WeatherUnit", "C");

Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");

Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

Deleted : user_pref("extensions.asktb.cbid", "VX");

Deleted : user_pref("extensions.asktb.config-updated", false);

Deleted : user_pref("extensions.asktb.crumb", "2010.12.13+12.47.34-toolbar001iad-PT-TGlzYm9uLFBvcnR1Z2Fs");

Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l[...]

Deleted : user_pref("extensions.asktb.displaybehavior", "");

Deleted : user_pref("extensions.asktb.displaytext", "");

Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYPT");

Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "POXX0016");

Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "chrome://browser-region/locale/region.propert[...]

Deleted : user_pref("extensions.asktb.guid", "570D2357-A31D-414C-B5D2-8CDABBFAC32F");

Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Deleted : user_pref("extensions.asktb.if", "su");

Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

Deleted : user_pref("extensions.asktb.l", "dis");

Deleted : user_pref("extensions.asktb.last-config-req", "1342898283752");

Deleted : user_pref("extensions.asktb.last-v", "3.14.1.20007");

Deleted : user_pref("extensions.asktb.locale", "pt_EU");

Deleted : user_pref("extensions.asktb.location", "Lisbon,Portugal");

Deleted : user_pref("extensions.asktb.lstation", "");

Deleted : user_pref("extensions.asktb.o", "14778");

Deleted : user_pref("extensions.asktb.pstate", "");

Deleted : user_pref("extensions.asktb.qsrc", "2871");

Deleted : user_pref("extensions.asktb.sa", "YES");

Deleted : user_pref("extensions.asktb.saguid", "0144D425-8924-4BF6-ADC8-15FC714B0EAB");

Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);

Deleted : user_pref("extensions.asktb.silent-upgrade", true);

Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

Deleted : user_pref("extensions.asktb.socialmini-first", true);

Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");

Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");

Deleted : user_pref("extensions.asktb.socialmini-native-on", true);

Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");

Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);

Deleted : user_pref("extensions.asktb.themeid", "");

Deleted : user_pref("extensions.asktb.timeinstalled", "11-01-2012 19:00:21");

Deleted : user_pref("extensions.asktb.to", "");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110808&tt=3412_1");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 24);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "PT");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "0794E2AEA070A08598D88986DD2F4B4F");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);

Deleted : user_pref("extensions.BabylonToolbar.id", "28cc3bac000000000000000000000000");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15576");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=113480&tt=280612[...]

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 24);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.610:01:24");

Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");

Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 81723839);

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Deleted : user_pref("extensions.BabylonToolbar.sg", "none");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.610:01:24");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110808&tt=3412_1");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "28cc3bac000000000000000000000000");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "28cc3bac000000000000000000000000");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15521");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.610:01:24");

Deleted : user_pref("extensions.basicscan.init", true);

Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]

Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1342898299");

Deleted : user_pref("extensions.crossriderapp498.498.InstallationTime", 1342898299);

Deleted : user_pref("extensions.crossriderapp498.bic", "138aaf9df963ca2ad9da8eb811b6420f");

Deleted : user_pref("extensions.crossriderapp498.firstrun", false);

Deleted : user_pref("extensions.crossriderapp498.installationdate", 1342898299);

Deleted : user_pref("extensions.crossriderapp498.jsver", 3);

Deleted : user_pref("extensions.crossriderapp498.lastcheck", 22457542);

Deleted : user_pref("extensions.crossriderapp498.lastcheckitem", 22457542);

Deleted : user_pref("extensions.crossriderapp498.misc.lastBgWorkerTimer", "1343164026250");

Deleted : user_pref("extensions.crossriderapp498.misc.lastDomWorkerTimer", "1343164026244");

Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

-\\ Google Chrome v25.0.1364.97

File : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [53318 octets] - [27/02/2013 23:12:40]

########## EOF - C:\AdwCleaner[s1].txt - [53379 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Amador,

Aguardo o log do Malwarebytes e do MbrScan.

Compartilhar este post


Link para o post
Compartilhar em outros sites

2-Relatório do Mbam.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versão da base de dados: v2013.02.27.12

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

ASUS :: [administrador]

27-02-2013 23:32:19

mbam-log-2013-02-27 (23-32-19).txt

Tipo de pesquisa: Completa (C:\|D:\|)

Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI

Opções de pesquisa desactivadas: P2P

Objectos verificados: 406439

Tempo decorrido: 2 hora(s), 4 minuto(s), 29 segundo(s)

Processos de memória Detectados: 0

(Nenhum item malicioso detectado)

Módulos de Memória Detectados: 0

(Nenhum item malicioso detectado)

Chaves do Registo Detectadas: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Movido para a quarentena e eliminado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Movido para a quarentena e eliminado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Movido para a quarentena e eliminado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Movido para a quarentena e eliminado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Movido para a quarentena e eliminado com sucesso.

Valores do Registo Detectados: 0

(Nenhum item malicioso detectado)

Itens de dados do Registo Detectados: 0

(Nenhum item malicioso detectado)

Pastas Detectadas: 0

(Nenhum item malicioso detectado)

Ficheiros Detectados: 2

C:\Program Files\Adobe\Adobe Photoshop CS3\Msvcrt.dll (Malware.Packer.Gen) -> Movido para a quarentena e eliminado com sucesso.

D:\Left 4 Dead 2\left4dead2\sound\Globe Converter.exe (Trojan.StartPage.SMR) -> Movido para a quarentena e eliminado com sucesso.

(fim)

3- relatório do MbrScan.

MBRScan v1.1.1

OS             : Windows Vista Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 13, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/02/28 (ISO 8601) at 13:26:30
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST9250827AS (3.AAA)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 232.9 Go  [Fixed] ==> Vista MBR Code

MBR_MD5   : 7306563CBB6B56AF4E1705C81C0AC108
MBR_SHA1  : 6D1DBE84311365F8C4B34197AA0E59061D55A462

Device\Harddisk0\Partition1 9.77 Go   0x1C Hidden FAT32 [LBA] 
Device\Harddisk0\Partition2 116.4 Go   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3 106.7 Go   0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x8A5DD000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x8EC00000
SIZE    : 32.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : /NOEXECUTE=OPTIN /DETECTHAL

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~......².
0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   ë.U2ä.V.Í.]ë..>þ
0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uªun.v.è......°
0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 00 00 00   Ñædè..°ßæ`èx....
0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dèq.¸.»Í.f#Àu;f.
0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   ûTCPAu2.ù..r,fh.
0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   »..fh....fh....f
0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.
0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah...Í.Z2öê.|.
0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   .Í..·.ë..¶.ë..µ.
0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2ä....ð¬<.tü»..´
0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   .Í.ëò+Éädë.$.àø$
0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .ÃInvalid partit
0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 
0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin
0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing
0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000001B0   6D 00 00 00 00 62 7A 99 29 6C 64 97 00 00 00 01   m....bz.)ld.....
0x000001C0   01 00 1C FE FF FF 3F 00 00 00 FC 8A 38 01 80 FE   ...þ..?...ü.8..þ
0x000001D0   FF FF 07 FE FF FF 00 90 38 01 00 28 8E 0E 00 FE   ...þ....8..(...þ
0x000001E0   FF FF 0F FE FF FF 00 B8 C6 0F 00 98 55 0D 00 00   ...þ...¸Æ...U...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Amador,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Poste um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.6 (02.27.2013:1)

OS: Windows Vista Home Premium x86

Ran by ASUS on 28-02-2013 at 18:12:42,37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2218256957-1757012758-3880606964-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browser manager"

Successfully deleted: [Folder] "C:\Users\ASUS\appdata\locallow\datamngr"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28-02-2013 at 18:16:30,47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Relatório do HijackThis.

Logfile of HijackThis v1.99.1

Scan saved at 18:19:05, on 28-02-2013

Platform: Unknown Windows (WinNT 6.00.1906 SP2)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Windows\System32\ASUSTPE.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\banda larga tmn\Modem.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\ASUS\Desktop\hijkackthis\HijackThis.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)

O2 - BHO: (no name) - {978C7B0C-1709-4f9e-AE1C-95DC75079894} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [steam] "C:\Program Files\Valve\Steam\steam.exe" -silent

O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{18B559B9-B733-4942-B8AC-65A122941611}: NameServer = 88.214.178.1 88.214.182.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{18B559B9-B733-4942-B8AC-65A122941611}: NameServer = 88.214.178.1 88.214.182.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o RogueKiller e salve no desktop. e salve no desktop.

http://www.sur-la-to...RogueKiller.exe

Execute o arquivo RogueKiller.exe.

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo RogueKiller.exe, depois clique em execadmin.png.

Clique no botão Verificar e aguarde o exame finalizar.

Clique no botão Report. Abrirá um bloco de notas com informações.

Este log é salvo no desktop com o nome de RKreport[1].txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

OBS: não use o botão Deletar pois precisamos avaliar os ítens antes de fazer isso.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do RogueKiller.

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : ASUS [Admin rights]

Mode : Scan -- Date : 02/28/2013 19:41:16

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\ASUS\AppData\Local\RavenBleuSA\bin\1.0.13.0\RavenBleuSA.exe" [x] -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{18B559B9-B733-4942-B8AC-65A122941611} : NameServer (88.214.178.1 88.214.182.2) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250827AS ATA Device +++++

--- User ---

[MBR] 7306563cbb6b56af4e1705c81c0ac108

[bSP] 68a9a69bc00139773c4fa2984750dba9 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 10001 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 119237 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 264681472 | Size: 109235 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02282013_02d1941.txt >>

RKreport[1]_S_02282013_02d1941.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kas...builds/AVPTool/

http://dnl-us6.kaspe...builds/AVPTool/

OBS: Após o cadastro, escolha a versão 11 em Inglês e clique no botão btnversion10pt-br-1.png

Salve-o em sua área de trabalho.

  • Duplo clique no arquivo ”setup" e aguarde a instalação;
    ** Usuários do Windows Vista e Windows 7:
    Clique com o direito sobre o arquivo, depois clique em execadmin.png
  • Na próxima tela marque I accept the licence agreement e clique em Start
  • Clique no botão f4uZX.png e marque:
    • Meu computador
    • Disco local (C:) (a letra do disco local pode variar)

    [*]Clique em Actions e desmarque os dois quadros:

    Zqewdl.jpg

    [*]Clique na aba Automatic Scan e logo depois em Start Scan. Aguarde o término da verificação.

    [*]Clique no botão AouIc.png, em Detected threats e no botão "Save".

    [*]Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

    [*]Favor postar também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora fiquei na duvida é pa deletar os itens do roguerKiller?

Não há o que se preocupar com as detecções, por isso que pedimos para verifcar o log antes.

Prossiga com o Kaspersky.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não sei se fiz alguma coisa de mal, mas no Kaspersky é so pa marcar a caixa disco local c? ou marcar a caixa meu computador e a caixa disco local c, é que eu marquei as 2 e o exame vaime demorar 19 horas...........

Segue aqui em baixo o relatório do hijackThis.

Logfile of HijackThis v1.99.1

Scan saved at 21:34:41, on 28-02-2013

Platform: Unknown Windows (WinNT 6.00.1906 SP2)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Windows\System32\ASUSTPE.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\banda larga tmn\Modem.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\software tmn\software tmn.exe

C:\Program Files\Windows Media Player\WMPEnc.exe

C:\Users\ASUS\Desktop\setup_11.0.0.1245.x01_2013_02_28_22_18.exe

C:\Users\ASUS\AppData\Local\Temp\RarSFX0\8164689.exe

C:\Users\ASUS\AppData\Local\Temp\9949891\8164689.exe

C:\Users\ASUS\Desktop\hijkackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)

O2 - BHO: (no name) - {978C7B0C-1709-4f9e-AE1C-95DC75079894} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [VDownloader] "C:\Program Files\VDownloader\VDownloader.exe" /silent

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [steam] "C:\Program Files\Valve\Steam\steam.exe" -silent

O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: _uninst_64605234.lnk = C:\Users\ASUS\AppData\Local\Temp\_uninst_64605234.bat

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{18B559B9-B733-4942-B8AC-65A122941611}: NameServer = 88.214.178.2 88.214.182.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{18B559B9-B733-4942-B8AC-65A122941611}: NameServer = 88.214.178.2 88.214.182.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Editado por Amador

Compartilhar este post


Link para o post
Compartilhar em outros sites
Não sei se fiz alguma coisa de mal, mas no Kaspersky é so pa marcar a caixa disco local c? ou marcar a caixa meu computador e a caixa disco local c, é que eu marquei as 2 e o exame vaime demorar 19 horas...........

Fez certo. Vai depender da quandidade de arquivos a ser analisados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do kaspersky.

Status: Detected (events: 9)

01-03-2013 18:17:23 Detected adware not-a-virus:AdWare.Win32.Bromngr.b C:\Documents and Settings\ASUS\AppData\Local\Temp\DBFD.tmp Medium

01-03-2013 18:23:21 Detected adware not-a-virus:AdWare.Win32.Bromngr.b C:\Documents and Settings\ASUS\Definições locais\Temp\DBFD.tmp Medium

01-03-2013 18:30:43 Detected Trojan program Exploit.Win32.MS08-067.il C:\Documents and Settings\ASUS\Documents\Ndrive nokia\Ndrive\NDrive Keygen v3-v9\Keygen.exe High

01-03-2013 18:32:25 Detected Trojan program Exploit.Win32.MS08-067.il C:\Documents and Settings\ASUS\Os meus documentos\Ndrive nokia\Ndrive\NDrive Keygen v3-v9\Keygen.exe High

01-03-2013 19:01:59 Detected adware not-a-virus:AdWare.Win32.Bromngr.b C:\Users\ASUS\AppData\Local\Temp\DBFD.tmp Medium

01-03-2013 19:05:20 Detected adware not-a-virus:AdWare.Win32.Bromngr.b C:\Users\ASUS\Definições locais\Temp\DBFD.tmp Medium

01-03-2013 19:08:26 Detected Trojan program Exploit.Win32.MS08-067.il C:\Users\ASUS\Documents\Ndrive nokia\Ndrive\NDrive Keygen v3-v9\Keygen.exe High

01-03-2013 19:08:48 Detected Trojan program Exploit.Win32.MS08-067.il C:\Users\ASUS\Os meus documentos\Ndrive nokia\Ndrive\NDrive Keygen v3-v9\Keygen.exe High

01-03-2013 19:28:27 Detected adware not-a-virus:HEUR:AdWare.Win32.OneStep.gen C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOA9WEYR\upgrade[1].cab//upgrade.exe//basicscan.exe Medium

Editado por Amador

Compartilhar este post


Link para o post
Compartilhar em outros sites

Execute o Kaspersky AVP Tool novamente.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em execadmin.png

Nota: Atente para a instrução nº 3.

  1. Na próxima tela marque I accept the licence agreement e clique em Start
  2. Clique no botão f4uZX.png e marque:
    • Meu computador
    • Disco local (C:) (a letra do disco local pode variar)

[*]Clique em Actions e MARQUE os dois quadros:

  • Desinfect
  • Delete if desinfection fail

[*]Clique na aba Automatic Scan e logo depois em Start Scan. Aguarde o término da verificação.

[*]Clique no botão AouIc.png, em Detected threats e no botão "Save".

[*]Copie o conteúdo do arquivo salvo (se houver algo detectado) e poste na sua próxima resposta.

[*]Favor postar também um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do kaspersky.

Status: Deleted (events: 2)

02-03-2013 10:24:59 Deleted adware not-a-virus:AdWare.Win32.Bromngr.b C:\Documents and Settings\ASUS\AppData\Local\Temp\DBFD.tmp Medium

02-03-2013 10:38:19 Deleted Trojan program Exploit.Win32.MS08-067.il C:\Documents and Settings\ASUS\Documents\Ndrive nokia\Ndrive\NDrive Keygen v3-v9\Keygen.exe High

Status: Detected (events: 1)

02-03-2013 13:18:04 Detected adware not-a-virus:HEUR:AdWare.Win32.OneStep.gen C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOA9WEYR\upgrade[1].cab//upgrade.exe//basicscan.exe Medium

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amador,

qaundo tou com o pc ligado normal sem eu tar na internet ele abre páginas de propaganda Sozinho, abre 1 passando um tempo abre outra depois outra....

O problema ainda continua?

Compartilhar este post


Link para o post
Compartilhar em outros sites

não já não me abre páginas sozinho.

Isso significa que o meu pc já nao tem mais virus?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

Os logs estão limpos. :)

Para finalizar:

  1. Faça o Download do CCleaner
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.

[*]iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.

  • Faça download da última versão do Java SE 7u15.
  • Clique em JRE Download
  • Marque a caixa Accept License Agreement..
  • Clique no link para download Windows x86 Offline 30.05 MB jre-7u15-windows-i586.exe e salve no seu desktop.
  • Feche qualquer programa que esteja executando, especialmente navegadores.
  • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
    Exemplos de versões antigas
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
  • Clique no botão Remover ou Alterar/Remover.
  • Repita quantas vezes for necessária para remover cada versão do Java.
  • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
  • Agora vá no seu desktop, clique duas vezes em jre-7u15-windows-i586.exe para instalar a mais nova versão.
  • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.

[*]iconadobe.png Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

Clique aqui e instale a mais nova versão.

[*]iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.

[*]worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.

Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

Para criar um arquivo autorun.inf protegido no Windows XP:

Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.

  • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
  • Execute o Flash_Disinfector.exe.
  • Vá seguindo os prompts que poderão aparecer.
  • Espere até que o programa conclua a busca e depois saia do programa.

Para Windows Vista e 7: Panda USB Vaccine[*]TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

Caso não lhe seja solicitado, reinicie manualmente.

[*]iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.

Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.

Por isso é fundamental manter o seu sistema atualizado.

[*]Desative e ative novamente a Restauração do Sistema.

[*]Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:

http://linhadefensiv...proteja-seu-pc/

[*]Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO


Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.