[Arquivado] &nbspmeu pc falta e não liga

Dom Luiz · Abril 8, 2011

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:10:39, on 8/4/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Apoint2K\Apoint.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Apoint2K\Apntex.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Documents and Settings\luiz carlos\Desktop\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll

R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: mipony-plugin - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [updateMyDrivers] C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300546623312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--

End of file - 10830 bytes

Power Max · Abril 8, 2011

:) Olá Dom Luiz!

:seta: Siga, por gentileza, estas dicas:

Tutorial do Ad-Remover

Tutorial do Malwarebytes Anti-Malware

_______________________

:seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC após estes procedimentos.

Ficamos no aguardo.

Dom Luiz · Abril 11, 2011

ola estou enviado os log mas meu pc ainda continua com o mesmo problema eu ligo ele mas não inicia logo de inicio so depois de aparecer a tela pra inicia em modo de segurança ou normalmente, varias vezes ele liga eu mando ele iniciar em modo de segurança mas ele retorna pra o inicio a primeira tela quando você liga o pc ta ok me ajudem

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versão da Base de Dados: 6333

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/4/2011 18:41:46

mbam-log-2011-04-11 (18-41-45).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 201685

Tempo decorrido: 26 minuto(s), 15 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

c:\documents and settings\luiz carlos\meus documentos\nero 7 multilanguage + keygen\keygen (2).exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 08/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:52:16 on 11/04/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)

luiz carlos@CASA-DE8EE919F4 ( )

============== ACTION(S) ==============

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\extensions\toolbar@ask.com

Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\conduit

Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\ConduitEngine

Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\extensions\engine@conduit.com

Folder deleted: C:\Arquivos de programas\Ask.com

Folder deleted: C:\Arquivos de programas\AskTBar

Folder deleted: C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\AskToolbar

Folder deleted: C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

Folder deleted: C:\Documents and Settings\yurik\Dados de aplicativos\PriceGong

(!) -- Temporary files deleted.

-- File opened: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\Prefs.js --

Line deleted: user_pref("CT2465030.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT246...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1018238/1013952/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168936/1164621/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/858666/854468/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897678/893476/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2465030", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2465030/CT2465030...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...

Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2465030");

Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{90d46c30-9f25-4104-aea9-35c3f84477ff}");

Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "mipony-plugin");

Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2465030");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{90d46c30-9f25-4104-aea9-35c3f84477ff}");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "mipony-plugin");

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2465030");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2465030");

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Apr 11 2011 13:23:04 GMT-0300 (Hora ...

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Apr 11 2011 13:23:04 GMT-0300 (Hora ofic...

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "4b3a4b84-3665-453f-abdf-1e57b10db3f2");

Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2465030");

Line deleted: user_pref("ConduitEngine.FirstServerDate", "03/21/2011 13");

Line deleted: user_pref("ConduitEngine.FirstTime", true);

Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);

Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Line deleted: user_pref("ConduitEngine.Initialize", true);

Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line deleted: user_pref("ConduitEngine.InstalledDate", "Mon Mar 21 2011 08:24:54 GMT-0300 (Hora oficial do Brasil)...

Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);

Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Apr 11 2011 13:23:10 GMT-0300 (Hora oficia...

Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Mon Apr 11 2011 13:23:15 GMT-0300 (Hora oficial do Bra...

Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 120);

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Apr 11 2011 13:23:15 GMT-0300 (Hora oficial do...

Line deleted: user_pref("ConduitEngine.UserID", "UN25292018622901360");

Line deleted: user_pref("ConduitEngine.counterAppsAdded", 3);

Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");

Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Apr 11 2011 13:23:13 GMT-0300 (Hora ...

Line deleted: user_pref("ConduitEngine.initDone", true);

Line deleted: user_pref("ConduitEngine.usagesFlag", 2);

Line deleted: user_pref("extensions.asktb.abar-war-timeout", "4000");

Line deleted: user_pref("extensions.asktb.cbid", "8E");

Line deleted: user_pref("extensions.asktb.config-updated", false);

Line deleted: user_pref("extensions.asktb.crumb", "2011.04.06+03.45.59-toolbar006iad-BR-UGFsbWFzLEJyYXppbA%3D%3D")...

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&gct=b...

Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR");

Line deleted: user_pref("extensions.asktb.fresh-install", false);

Line deleted: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.last-config-req", "1302538931203");

Line deleted: user_pref("extensions.asktb.locale", "en_US");

Line deleted: user_pref("extensions.asktb.location", "Palmas,Brazil");

Line deleted: user_pref("extensions.asktb.new-tab-enabled", true);

Line deleted: user_pref("extensions.asktb.o", "41647997");

Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.r", "2");

Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true);

Line deleted: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Line deleted: user_pref("extensions.asktb.to", "41647997");

Line deleted: user_pref("extensions.enabledItems", "wrc@avast.com:20110101,{90d46c30-9f25-4104-aea9-35c3f84477ff}:...

-- File closed --

Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key deleted: HKLM\Software\Classes\CLSID\{236A4E01-DEFA-4A7D-85F8-5405341D611A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{236A4E01-DEFA-4A7D-85F8-5405341D611A}

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Classes\CLSID\{D8947B5E-407C-467E-96CF-4FE74EFB0B3A}

Key deleted: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKLM\Software\Classes\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}

Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\Toolbar.CT2247187

Key deleted: HKLM\Software\Classes\Toolbar.CT2465030

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKLM\Software\AskToolbar

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AskToolbar

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F04A146B-C98F-49D0-AB25-1E778B2B9D4D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.6.15 (pt-BR)] ****

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

-- C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default --

Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar)

Extensions\{707db484-2428-402d-afb5-d85b387544c7} (Mario Forever Toolbar)

Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil)

Extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff} (mipony-plugin Community Toolbar)

Searchplugins\absearch-search.xml (hxxp://www.astroburn-search.com/search/web?q={searchTerms}/)

Prefs.js - browser.search.defaultenginename, Bing

Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=

Prefs.js - browser.startup.homepage, hxxp://go.microsoft.com/fwlink/?LinkId=69157

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

-- C:\Documents and Settings\rozangela\Dados de aplicativos\Mozilla\FireFox\Profiles\smmvco1z.default --

Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil)

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll)

HKCU_URLSearchHooks|{707db484-2428-402d-afb5-d85b387544c7} - "Mario Forever Toolbar" (C:\Arquivos de programas\Mario_Forever\tbMari.dll)

HKCU_SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26} - "Astroburn Search" (hxxp://www.astroburn-search.com/search/web?q={searchTerms})

HKCU_Toolbar\WebBrowser|{90D46C30-9F25-4104-AEA9-35C3F84477FF} (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll)

HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll)

HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll)

HKCU_Toolbar\WebBrowser|{707DB484-2428-402D-AFB5-D85B387544C7} (C:\Arquivos de programas\Mario_Forever\tbMari.dll)

HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll)

HKLM_Toolbar|{90d46c30-9f25-4104-aea9-35c3f84477ff} (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll)

HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll)

HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll)

HKLM_Toolbar|{707db484-2428-402d-afb5-d85b387544c7} (C:\Arquivos de programas\Mario_Forever\tbMari.dll)

HKLM_ElevationPolicy\c021572c-eac1-4a42-9f41-ef40e1a3b4cc - C:\Arquivos de programas\Mario_Forever\Mario_ForeverToolbarHelper.exe (?)

HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

HKLM_ElevationPolicy\{4FB65F2F-0E65-44A5-B5FA-87A1134849B7} - C:\Arquivos de programas\mipony-plugin\mipony-pluginToolbarHelper1.exe (?)

HKLM_ElevationPolicy\{53508A5B-3ECF-458A-977C-754605BA4E25} - C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\Conduit\CT2465030\mipony-pluginAutoUpdaterHelper.exe (x)

BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Arquivos de programas\Orbitdownloader\orbitcth.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll)

BHO\{707db484-2428-402d-afb5-d85b387544c7} - "Mario Forever Toolbar" (C:\Arquivos de programas\Mario_Forever\tbMari.dll)

BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\Arquivos de programas\GbPlugin\gbieh.dll)

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 327 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 11/04/2011 13:52:20 (16134 Byte(s))

End at: 13:53:19, 11/04/2011

============== E.O.F ==============

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:42:28, on 11/4/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Apoint2K\Apoint.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Apoint2K\Apntex.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\luiz carlos\Desktop\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =