Dom Luiz 0 Denunciar post Postado Abril 8, 2011 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:10:39, on 8/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\Arquivos de programas\Apoint2K\Apoint.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Apoint2K\Apntex.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\RALINK\Common\RaUI.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Documents and Settings\luiz carlos\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: mipony-plugin - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [updateMyDrivers] C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300546623312 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 10830 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 8, 2011 :) Olá Dom Luiz! :seta: Siga, por gentileza, estas dicas: Tutorial do Ad-Remover Tutorial do Malwarebytes Anti-Malware _______________________ :seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Dom Luiz 0 Denunciar post Postado Abril 11, 2011 ola estou enviado os log mas meu pc ainda continua com o mesmo problema eu ligo ele mas não inicia logo de inicio so depois de aparecer a tela pra inicia em modo de segurança ou normalmente, varias vezes ele liga eu mando ele iniciar em modo de segurança mas ele retorna pra o inicio a primeira tela quando você liga o pc ta ok me ajudem Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6333 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/4/2011 18:41:46 mbam-log-2011-04-11 (18-41-45).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 201685 Tempo decorrido: 26 minuto(s), 15 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\documents and settings\luiz carlos\meus documentos\nero 7 multilanguage + keygen\keygen (2).exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 08/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:52:16 on 11/04/2011, Normal boot Microsoft Windows XP Professional Service Pack 3 (X86) luiz carlos@CASA-DE8EE919F4 ( ) ============== ACTION(S) ============== File deleted: C:\WINDOWS\system32\ConduitEngine.tmp File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\extensions\toolbar@ask.com Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\conduit Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\ConduitEngine Folder deleted: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\extensions\engine@conduit.com Folder deleted: C:\Arquivos de programas\Ask.com Folder deleted: C:\Arquivos de programas\AskTBar Folder deleted: C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\AskToolbar Folder deleted: C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\Conduit Folder deleted: C:\Arquivos de programas\Conduit Folder deleted: C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\ConduitEngine Folder deleted: C:\Arquivos de programas\ConduitEngine Folder deleted: C:\Documents and Settings\yurik\Dados de aplicativos\PriceGong (!) -- Temporary files deleted. -- File opened: C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default\Prefs.js -- Line deleted: user_pref("CT2465030.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT246... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1018238/1013952/BR", "\"0\"... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168936/1164621/BR", "\"0\"... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/858666/854468/BR", "\"0\"")... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897678/893476/BR", "\"0\"")... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2465030", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2465030/CT2465030... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634... Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2465030"); Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{90d46c30-9f25-4104-aea9-35c3f84477ff}"); Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "mipony-plugin"); Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2465030"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{90d46c30-9f25-4104-aea9-35c3f84477ff}"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "mipony-plugin"); Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr... Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2465030"); Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2465030"); Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Apr 11 2011 13:23:04 GMT-0300 (Hora ... Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.locale", "en"); Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Apr 11 2011 13:23:04 GMT-0300 (Hora ofic... Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634"); Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line deleted: user_pref("CommunityToolbar.alert.userId", "4b3a4b84-3665-453f-abdf-1e57b10db3f2"); Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2465030"); Line deleted: user_pref("ConduitEngine.FirstServerDate", "03/21/2011 13"); Line deleted: user_pref("ConduitEngine.FirstTime", true); Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true); Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line deleted: user_pref("ConduitEngine.Initialize", true); Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line deleted: user_pref("ConduitEngine.InstalledDate", "Mon Mar 21 2011 08:24:54 GMT-0300 (Hora oficial do Brasil)... Line deleted: user_pref("ConduitEngine.IsMulticommunity", false); Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true); Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Apr 11 2011 13:23:10 GMT-0300 (Hora oficia... Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Mon Apr 11 2011 13:23:15 GMT-0300 (Hora oficial do Bra... Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 120); Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Apr 11 2011 13:23:15 GMT-0300 (Hora oficial do... Line deleted: user_pref("ConduitEngine.UserID", "UN25292018622901360"); Line deleted: user_pref("ConduitEngine.counterAppsAdded", 3); Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR"); Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Apr 11 2011 13:23:13 GMT-0300 (Hora ... Line deleted: user_pref("ConduitEngine.initDone", true); Line deleted: user_pref("ConduitEngine.usagesFlag", 2); Line deleted: user_pref("extensions.asktb.abar-war-timeout", "4000"); Line deleted: user_pref("extensions.asktb.cbid", "8E"); Line deleted: user_pref("extensions.asktb.config-updated", false); Line deleted: user_pref("extensions.asktb.crumb", "2011.04.06+03.45.59-toolbar006iad-BR-UGFsbWFzLEJyYXppbA%3D%3D")... Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&gct=b... Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR"); Line deleted: user_pref("extensions.asktb.fresh-install", false); Line deleted: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com... Line deleted: user_pref("extensions.asktb.l", "dis"); Line deleted: user_pref("extensions.asktb.last-config-req", "1302538931203"); Line deleted: user_pref("extensions.asktb.locale", "en_US"); Line deleted: user_pref("extensions.asktb.location", "Palmas,Brazil"); Line deleted: user_pref("extensions.asktb.new-tab-enabled", true); Line deleted: user_pref("extensions.asktb.o", "41647997"); Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Line deleted: user_pref("extensions.asktb.qsrc", "2871"); Line deleted: user_pref("extensions.asktb.r", "2"); Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true); Line deleted: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Line deleted: user_pref("extensions.asktb.to", "41647997"); Line deleted: user_pref("extensions.enabledItems", "wrc@avast.com:20110101,{90d46c30-9f25-4104-aea9-35c3f84477ff}:... -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key deleted: HKLM\Software\Classes\CLSID\{236A4E01-DEFA-4A7D-85F8-5405341D611A} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{236A4E01-DEFA-4A7D-85F8-5405341D611A} Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Classes\CLSID\{D8947B5E-407C-467E-96CF-4FE74EFB0B3A} Key deleted: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKLM\Software\Classes\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C} Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Key deleted: HKLM\Software\Classes\Toolbar.CT2247187 Key deleted: HKLM\Software\Classes\Toolbar.CT2465030 Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key deleted: HKLM\Software\AskToolbar Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\conduitEngine Key deleted: HKCU\Software\Ask.com Key deleted: HKCU\Software\AskToolbar Key deleted: HKCU\Software\Conduit Key deleted: HKCU\Software\conduitEngine Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F04A146B-C98F-49D0-AB25-1E778B2B9D4D} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [3.6.15 (pt-BR)] **** Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura) Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk) Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca) Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search) -- C:\Documents and Settings\luiz carlos\Dados de aplicativos\Mozilla\FireFox\Profiles\i6ddxiu0.default -- Extensions\DTToolbar@toolbarnet.com (DAEMON Tools Toolbar) Extensions\{707db484-2428-402d-afb5-d85b387544c7} (Mario Forever Toolbar) Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil) Extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff} (mipony-plugin Community Toolbar) Searchplugins\absearch-search.xml (hxxp://www.astroburn-search.com/search/web?q={searchTerms}/) Prefs.js - browser.search.defaultenginename, Bing Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q= Prefs.js - browser.startup.homepage, hxxp://go.microsoft.com/fwlink/?LinkId=69157 Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15 -- C:\Documents and Settings\rozangela\Dados de aplicativos\Mozilla\FireFox\Profiles\smmvco1z.default -- Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil) Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.15 ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll) HKCU_URLSearchHooks|{707db484-2428-402d-afb5-d85b387544c7} - "Mario Forever Toolbar" (C:\Arquivos de programas\Mario_Forever\tbMari.dll) HKCU_SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26} - "Astroburn Search" (hxxp://www.astroburn-search.com/search/web?q={searchTerms}) HKCU_Toolbar\WebBrowser|{90D46C30-9F25-4104-AEA9-35C3F84477FF} (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll) HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll) HKCU_Toolbar\WebBrowser|{707DB484-2428-402D-AFB5-D85B387544C7} (C:\Arquivos de programas\Mario_Forever\tbMari.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll) HKLM_Toolbar|{90d46c30-9f25-4104-aea9-35c3f84477ff} (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll) HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll) HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll) HKLM_Toolbar|{707db484-2428-402d-afb5-d85b387544c7} (C:\Arquivos de programas\Mario_Forever\tbMari.dll) HKLM_ElevationPolicy\c021572c-eac1-4a42-9f41-ef40e1a3b4cc - C:\Arquivos de programas\Mario_Forever\Mario_ForeverToolbarHelper.exe (?) HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) HKLM_ElevationPolicy\{4FB65F2F-0E65-44A5-B5FA-87A1134849B7} - C:\Arquivos de programas\mipony-plugin\mipony-pluginToolbarHelper1.exe (?) HKLM_ElevationPolicy\{53508A5B-3ECF-458A-977C-754605BA4E25} - C:\Documents and Settings\luiz carlos\Configurações locais\Dados de aplicativos\Conduit\CT2465030\mipony-pluginAutoUpdaterHelper.exe (x) BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Arquivos de programas\Orbitdownloader\orbitcth.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll) BHO\{707db484-2428-402d-afb5-d85b387544c7} - "Mario Forever Toolbar" (C:\Arquivos de programas\Mario_Forever\tbMari.dll) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{90d46c30-9f25-4104-aea9-35c3f84477ff} - "mipony-plugin Toolbar" (C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll) BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\Arquivos de programas\GbPlugin\gbieh.dll) ======================================== C:\Arquivos de programas\Ad-Remover\Quarantine: 327 File(s) C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s) C:\Ad-Report-CLEAN[1].txt - 11/04/2011 13:52:20 (16134 Byte(s)) End at: 13:53:19, 11/04/2011 ============== E.O.F ============== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:42:28, on 11/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\Arquivos de programas\Apoint2K\Apoint.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Apoint2K\Apntex.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\RALINK\Common\RaUI.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\luiz carlos\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: mipony-plugin - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Arquivos de programas\Mario_Forever\tbMari.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [updateMyDrivers] C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300546623312 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 10275 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 12, 2011 :) Vários problemas foram removidos do seu PC. _____________________ :seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial: Escolhendo Programas que Iniciam com o PC De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows. Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos. _______________________ :seta: Há várias toolbars (barras de ferramentas) instaladas em seu PC e seria muito bom desinstalá-las, pois estas toolbars costumam deixar a navegação muito mais lenta e algumas toolbars ainda costumam ficar vigiando os hábitos de navegação da pessoa e levando estas informações para os autores desta toolbar. ________________________ :seta: Siga também esta dica: Tutorial do Norman Malware Cleaner Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e nos diga como está o seu PC depois disto. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Dom Luiz 0 Denunciar post Postado Abril 12, 2011 Norman Malware Cleaner Version 1.8.3 Copyright © 1990 - 2010, Norman ASA. Built 2011/04/12 05:23:02 Norman Scanner Engine Version: 6.07.07 Nvcbin.def Version: 6.07.00, Date: 2011/04/12 05:23:02, Variants: 11345439 Scan started: 2011/04/12 18:20:20 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Logged on user: CASA-DE8EE919F4\luiz carlos Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Scanning kernel... Kernel scan complete Scanning bootsectors... Number of sectors found: 3 Number of sectors scanned: 3 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 0s 235ms Scanning running processes and process memory... Number of processes/threads found: 4212 Number of processes/threads scanned: 4212 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 4m 24s Scanning file system... Scanning: prescan Scanning: C:\*.* C:\Level Up! Games\Combat Arms\NGM.exe (Infected with W32/Downloader.BEYM) Removed registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall -> Combat Arms Deleted file C:\System Volume Information\_restore{3E641F51-0A6E-4331-BF4F-9C7880EEB430}\RP66\A0014477.exe (Infected with W32/Downloader.BEYM) Deleted file Scanning: D:\*.* Scanning: F:\*.* Scanning: G:\*.* Scanning: postscan Running post-scan cleanup routine: Number of files found: 104819 Number of archives unpacked: 1585 Number of files scanned: 104817 Number of files not scanned: 2 Number of files skipped due to exclude list: 0 Number of infected files found: 2 Number of infected files repaired/deleted: 2 Number of infections removed: 2 Total scanning time: 1h 11m 54s Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:46:07, on 12/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\Arquivos de programas\Apoint2K\Apoint.exe C:\Arquivos de programas\Apoint2K\ApMsgFwd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Arquivos de programas\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Orbitdownloader\orbitdm.exe C:\Arquivos de programas\RALINK\Common\RaUI.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Orbitdownloader\orbitnet.exe C:\Documents and Settings\luiz carlos\Desktop\Norman_Malware_Cleaner.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\luiz carlos\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=111 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: mipony-plugin - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\prxtbmip0.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Apoint] C:\Arquivos de programas\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [speedBitVideoAccelerator] "C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquivos de programas\speedbit video accelerator\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300546623312 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Arquivos de programas\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 10073 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Abril 13, 2011 :) Outros problemas foram removidos. ______________________ :seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) _______________________ :seta: Acesse o Painel de Controle -> Adicionar ou remover programas -> procure e desinstale o programa abaixo: mipony-plugin Toolbar (ou mipony-plugin) ________________________ :seta: Siga também esta dica: Tutorial do Dr. Web CureIt ________________________ :seta: Na sua próxima resposta poste este log do Dr. Web CureIt juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 13, 2011 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
