Logo Hardware.com.br
dwerbert
dwerbert Tô em todas Registrado
1.5K Mensagens 53 Curtidas

[Resolvido] Tirar duvida

#1 Por dwerbert 28/03/2011 - 15:37
boa tarde , estou com uma lentidão incomum no pc, gostaria de saber se tem algo ruim ou inutil neste log, desde já muito obrigado e um forte abraço...
Logfile of HijackThis v1.99.1
Scan saved at 15:32:53, on 28/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\sistem\Avira\AntiVir Desktop\sched.exe
E:\sistem\Avira\AntiVir Desktop\avguard.exe
E:\sistem\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\sistem\logmein\x86\LMIGuardianSvc.exe
E:\sistem\logmein\x86\RaMaint.exe
E:\sistem\logmein\x86\LogMeIn.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\sistem desktop\vono\System\Vono Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\sistem\Avira\AntiVir Desktop\avmailc.exe
E:\sistem\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\SOUNDMAN.EXE
E:\sistem\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=cine&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - (no file)
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "E:\sistem\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\sistem\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\SISTEM~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\sistem\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\sistem\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: e:\sistem\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: e:\sistem\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0A48350-B498-48FF-9504-2DCBABB91705}: NameServer = 201.10.128.2,201.10.128.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - E:\sistem\logmein\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\sistem\logmein\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\sistem\logmein\x86\LogMeIn.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - E:\sistem desktop\vono\System\Vono Manager.exe
Responder
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
28/03/2011 - 16:02
smile.png Olá!

veja.png Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=cine&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s

O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

O2 - BHO: Increase performance and video formats for your HTML5 - {326E768D-4182-46FD-9C16-1449A49795F4} - (no file)

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
___________________________

veja.png Siga também estas dicas:

Tutorial do Malwarebytes Anti-Malware

Tutorial do Ad-Remover
______________________

veja.png Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o log do Ad-remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC após estes procedimentos.

Ficamos no aguardo.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dwerbert
dwerbert Tô em todas Registrado
1.5K Mensagens 53 Curtidas
#3 Por dwerbert
29/03/2011 - 08:40
Opa é encontrei uma fazenda de trojans :-p como imaginava ,agora seria bom verificar se está tudo certo ai seguem os logs HijackThis e os outros 2
Logfile of HijackThis v1.99.1
Scan saved at 07:59:04, on 29/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\sistem\Avira\AntiVir Desktop\sched.exe
E:\sistem\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
E:\sistem\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\sistem\logmein\x86\LMIGuardianSvc.exe
C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe
E:\sistem\logmein\x86\RaMaint.exe
E:\sistem\logmein\x86\LogMeIn.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\sistem\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\sistem desktop\vono\System\Vono Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\sistem\Avira\AntiVir Desktop\avmailc.exe
E:\sistem\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "E:\sistem\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\sistem\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\SISTEM~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\sistem\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\sistem\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: e:\sistem\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: e:\sistem\avira\antivir desktop\avsda.dll
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0A48350-B498-48FF-9504-2DCBABB91705}: NameServer = 201.10.128.2,201.10.128.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - E:\sistem\logmein\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\sistem\logmein\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\sistem\logmein\x86\LogMeIn.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - E:\sistem desktop\vono\System\Vono Manager.exe
..............................................................................................................

======= REPORT FROM AD-REMOVER 2.0.0.2,F | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 07:47:03 on 29/03/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Administrador@SP3ADM ( )

============== ACTION(S) ==============


Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\i9t7bb4r.default\conduit
Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\i9t7bb4r.default\ConduitEngine
Folder deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\i9t7bb4r.default\extensions\engine@conduit.com
File deleted: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\i9t7bb4r.default\searchplugins\conduit.xml
Folder deleted: C:\Arquivos de programas\Trymedia

(!) -- Temporary files deleted.


-- File opened: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\i9t7bb4r.default\Prefs.js --
Line deleted: user_pref("CT2552374.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2552374/CT2552374...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"...
Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2552374");
Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_brasil");
Line deleted: user_pref("CommunityToolbar.IsEngineShown", true);
Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2552374");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_brasil");
Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://br.search.yahoo.com/search?fr=gre...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2552374");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2552374");
Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 23:29:46 GMT-03...
Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 12 2011 15:40:05 GMT-0300 (Hora ...
Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Line deleted: user_pref("CommunityToolbar.alert.locale", "en");
Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Mar 28 2011 09:22:26 GMT-0300 (Hora ofic...
Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line deleted: user_pref("CommunityToolbar.alert.userId", "bde041de-849a-4a82-85a1-cf21b1f85e5a");
Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2552374");
Line deleted: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Mar 22 2011 08:12:18 GMT-0300 (Hora oficial...
Line deleted: user_pref("ConduitEngine.BrowserCompStateIsOpen_7934682942210377233", true);
Line deleted: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Mar 28 2011 09:22:32 GMT-0300 (Hora ofici...
Line deleted: user_pref("ConduitEngine.FirstServerDate", "01/23/2011 20");
Line deleted: user_pref("ConduitEngine.FirstTime", true);
Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);
Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line deleted: user_pref("ConduitEngine.Initialize", true);
Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line deleted: user_pref("ConduitEngine.InstalledDate", "Sun Jan 23 2011 15:22:09 GMT-0200");
Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);
Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Mar 28 2011 09:22:32 GMT-0300 (Hora oficia...
Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Mar 03 2011 10:02:45 GMT-0300 (Hora oficial do Bra...
Line deleted: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Mar 29 2011 07:45:48 GMT-0300 (Hora oficial do Bra...
Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 29 2011 07:45:49 GMT-0300 (Hora oficial do...
Line deleted: user_pref("ConduitEngine.UserID", "UN82897221952613498");
Line deleted: user_pref("ConduitEngine.approveUntrustedApps", false);
Line deleted: user_pref("ConduitEngine.apps3278665797258266747", false);
Line deleted: user_pref("ConduitEngine.backendstorage. jtv_dailyactivity", "31333031333134393535333934");
Line deleted: user_pref("ConduitEngine.backendstorage. jtv_lifetimesent", "54525545");
Line deleted: user_pref("ConduitEngine.backendstorage.justin notify", "32");
Line deleted: user_pref("ConduitEngine.backendstorage.justin_mode_v201", "32");
Line deleted: user_pref("ConduitEngine.backendstorage.justin_user_token_secret_v201", "3567334B384773703249684C473...
Line deleted: user_pref("ConduitEngine.backendstorage.justin_user_token_v201", "4A6B5A36476A396354576F33516B756943...
Line deleted: user_pref("ConduitEngine.backendstorage.justin_user_v201", "6477657262657274");
Line deleted: user_pref("ConduitEngine.backendstorage.justintv_lang", "5054");
Line deleted: user_pref("ConduitEngine.backendstorage.justintv_notify", "31");
Line deleted: user_pref("ConduitEngine.backendstorage.justintv_user_first_login_date", "73656E64");
Line deleted: user_pref("ConduitEngine.backendstorage.justintv_user_survey_visit", "56495349544544");
Line deleted: user_pref("ConduitEngine.counterAppsAdded", 2);
Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");
Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Mar 28 2011 09:22:32 GMT-0300 (Hora ...
Line deleted: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Mar 29 2011 07:45:48 GMT-0300 (Hora...
Line deleted: user_pref("ConduitEngine.initDone", true);
Line deleted: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line deleted: user_pref("ConduitEngine.usagesFlag", 2);
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2552374&Sea...
Line deleted: user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .ti...
Line deleted: user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line deleted: user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {disp...
Line deleted: user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
-- File closed --


Key deleted: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT2552374
Key deleted: HKLM\Software\Canneverbe Limited\OpenCandy
Key deleted: HKLM\Software\Orbit\OpenCandy
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [4.0 (pt-BR)] ****

HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)
Searchplugins\fcmdSrchcine.xml (hxxp://start.facemoods.com/?a=cine&f=4&q={searchTerms}/)
Searchplugins\fcmdSrchddr.xml (hxxp://start.facemoods.com/?a=ddr&f=4&q={searchTerms}/)
Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)
Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)
Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\i9t7bb4r.default --
Extensions\pt-BR@dellalibera.sf.net (Verificador Ortográfico para Português do Brasil.)
Extensions\pt-BR@dictionaries.addons.mozilla.org (Dicionário para Ortografia pt-BR)
Extensions\startup.service@mozilla.com (startup.service)
Extensions\{058e9aa1-10ec-4e21-b7f4-c3ee70077a7d} (<?xml version="1.0"?>{058e9aa1-10ec-4e21-b7f4-c3ee70077a7d}AntiProtetor1.0.1AntiProtetorenfoxjsilvaenfoxjsilva@hotmail.comhttp://www.antiprotetor.com{ec8030f7-c20a-464f-9b0e-13a3a9e97384}2.04.0.*)
Extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} (Softonic_Brasil Community Toolbar)
Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} (Adicional de Seguranca CAIXA®)
Prefs.js - browser.download.dir, E:\\Downloads
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Administrador\\Desktop
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.hardware.com.br/comunidade/
Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0
Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-...ient&gfns=1&q=
Prefs.js - privacy.popups.showBrowserMessage, false

========================================

**** Google Chrome Version [10.0.648.204] ****

Extension - fnjbmmemklcjgepojigaapkoodmkgbae (x)
Extension\ihflimipbcaljfnojhhknppphnnciiif (C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoods.crx) (?)
Extension - nneajnkjbffgblleaoojgaacokifdkhm (x)

-- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.com/
Preferences - homepage_is_newtabpage: false
Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npdrmv2.dll)
Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll)
Plugin - Windows Live Photo Gallery (Enabled: true) (C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll)
Plugin - "Windows Live Photo Gallery" (Enabled: true)
Plugin - "Microsoft DRM" (Enabled: true)

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} - "Search" (hxxp://start.facemoods.com/?a=cine&s={searchTerms}&f=4)
HKCU_SearchScopes\{210073B5-670D-4ABE-A7CB-83EDBC77BF35} - "Orbit Search (Powered By Google)" (hxxp://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding})
HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll)
HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll)
HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Arquivos de programas\Orbitdownloader\orbitcth.dll)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 99 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 29/03/2011 07:47:06 (9888 Byte(s))
C:\Ad-Report-SCAN[1].txt - 28/03/2011 23:43:29 (16768 Byte(s))
C:\Ad-Report-SCAN[2].txt - 29/03/2011 07:40:34 (16833 Byte(s))

End at: 07:48:54, 29/03/2011

============== E.O.F ==============

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versão da Base de Dados: 6199

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/3/2011 08:23:10
mbam-log-2011-03-29 (08-23-10).txt

Tipo de Verificação: Verificação Rápida
Objetos escaneados: 153379
Tempo decorrido: 14 minuto(s), 27 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
(Não foram detectados ítens maliciosos)

"Penso noventa e nove vezes e nada descubro; deixo de pensar, mergulho em profundo silêncio - e eis que a verdade se me revela." Albert Einstein
Linux user #479710 Mint/win 7

Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#5 Por Power Max
29/03/2011 - 10:59
smile.png Vários problemas foram removidos pelo Ad-Remover.
________________________

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Tipo de Verificação: Verificação Rápida

observe.png No seu log do Malwarebytes está constando que você fez só uma verificação rápida com ele. Faça uma verificação completa com o Malwarebytes e remova os malwares que ele encontrar.
__________________________

veja.png Vá no menu: Iniciar > Painel de Controle > Adicionar ou remover programas > Veja se há na lista um programa com o nome facemoods Helper (ou facemoods.com) e o desinstale.
_________________________

veja.png Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):
http://swandog46.geekstogo.com/avenger2/download.php

*Selecione e copie (Ctrl+C) todo o texto destacado em vermelho abaixo:

Folders to delete:
C:\Arquivos de programas\facemoods.com

*Execute o programa Avenger
*Clique em [Load Script] > [Paste from Clipboard]
*Clique em [Execute] > [OK]
*O PC será reiniciado
*O relatório será criado em C:\avenger.txt
_______________________

veja.png Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis, o novo log do Malwarebytes e o log do Avenger que estará em C:\avenger.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dwerbert
dwerbert Tô em todas Registrado
1.5K Mensagens 53 Curtidas
#6 Por dwerbert
30/03/2011 - 08:53
muito obrigado pelas novas instruções mais logs...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:49:06, on 30/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\sistem\Avira\AntiVir Desktop\sched.exe
E:\sistem\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
E:\sistem\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
E:\sistem\logmein\x86\LMIGuardianSvc.exe
E:\sistem\logmein\x86\RaMaint.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\sistem\logmein\x86\LogMeIn.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
E:\sistem desktop\vono\System\Vono Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\sistem\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
E:\sistem\Avira\AntiVir Desktop\avmailc.exe
E:\sistem\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
E:\pasta unica de programas .atualisados\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "E:\sistem\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\sistem\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\SISTEM~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\sistem\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0A48350-B498-48FF-9504-2DCBABB91705}: NameServer = 201.10.128.2,201.10.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - E:\sistem\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - E:\sistem\logmein\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\sistem\logmein\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\sistem\logmein\x86\LogMeIn.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: Vono Manager (Vono_Manager) - Unknown owner - E:\sistem desktop\vono\System\Vono Manager.exe

--
End of file - 8446 bytes

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: folder "C:\Arquivos de programas\facemoods.com" not found!
Deletion of folder "C:\Arquivos de programas\facemoods.com" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

sobre o malwarebytes eu já havia feito a verificação completa mas postei o log errado :-) mais ai vai o que me deu medo.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versão da Base de Dados: 6199

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/3/2011 06:48:15
mbam-log-2011-03-29 (06-48-14).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Objetos escaneados: 199097
Tempo decorrido: 2 hora(s), 28 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 2
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 1
Pastas Infectadas: 0
Arquivos Infectados: 3

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
c:\WINDOWS\gendel32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\pasta unica de programas .atualisados\ultra iso 9.3.1.2633\ultraiso.premium.edition.v9.3.1.2633.multilingual.keymaker.only-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
e:\sistem\7-Zip\uninstall.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
não passei nod ainda mas logo que passar posto tambem...

"Penso noventa e nove vezes e nada descubro; deixo de pensar, mergulho em profundo silêncio - e eis que a verdade se me revela." Albert Einstein
Linux user #479710 Mint/win 7

Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal