BurnoutXD 0 Denunciar post Postado Abril 26, 2011 Preciso muito de ajuda... Há um tempo, do nada assim, começou a simplesmente nao pegar mais nada ! por exemplo, eu jogo muitos jogos online, tenho MapleStory, Combat Arms, Pangya, Point Blank, Crossfire. Só que depois de um tempo, nada que tinha relação com a internet funcionava, só msn e o internet explorer. Eram erros variados, por exemplo, combat arms parava de fucionar qdo abria, maple tambem, point blank, abria e depois nao acontecia nada, mas ele tava la aberto nos processos. O google chrome a mesma coisa, nao abria só fica no processo. Instalei varios antivirus, dei full scan com TODOS, removi os virus que tinham mas tudo continuou, só que dessa vez, a internet começou a ficar EXTREMAMENTE LENTA. Minha internet é 15 megabytes, nao demorava nem 4 segundos pra carregar uma pagina por completo. agora fica "Conectando..." por uns 40 segundos, antes de abrir o_O depois veio o pior, desinstalei, pra ver se era o Avast!, agora nao conseguia mais baixar, simplesmente o download ja comecava cancelado, tentei com outro navegador mas nao abria, baixei outro navegador, mas mesmo problema, ficava nos processos e nao abria. Lembrei q tinha um instalador pelo pen drive do meu tio, quando tentei instalar, a mesma coisa dos jogos. Eu cliquei avançar na primeira etapa, mas na segunda ele fechava e ficava só la nos processos. PReciso muito de ajuda, ja tentei tudo, menos formatar que nao tenho cd do windows.. Chega a ser muito irritante, to a quase 1 mes sem poder fazer quase nada no meu pc >_> Segue o log do hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:31:46, on 26/04/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16766) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Windows\vmsnap3.exe C:\Windows\Domino.exe C:\Program Files\NitroPC\NitroPC.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\DllHost.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Real\RealUpgrade\RealUpgrade.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugin-container.exe c:\windows\system32\inetsrv\w3wp.exe C:\HijackTHis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.bing.com/?pc=Z006&form=ZGAPHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://hd.sysdownfit.com:8083/connect.dat R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file) O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.exe O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe O4 - HKCU\..\Run: [NitroPC] "C:\Program Files\NitroPC\NitroPC.exe" -minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\install\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\install\server.exe O4 - HKCU\..\Policies\Explorer\Run: [internet] "C:\Users\Junior\system.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 10743 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 26, 2011 Olá BurnoutXD 1. *Baixe o createsrp e salve-o no desktop *Execute-o e clique [OK] 2. *Baixe o OTS e salve-o no desktop *Execute-o e selecione a opção: [x] Scan All Users *Clique [Quick Scan] e cole o relatório apresentado (OTS.txt localizado no desktop) Caso o relatório fique demasiadamente grande... *Acesse este link *Clique [Enviar arquivo] *Localize o arquivo OTS.txt no desktop *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado Compartilhar este post Link para o post Compartilhar em outros sites
BurnoutXD 0 Denunciar post Postado Abril 26, 2011 Olá BurnoutXD 1. *Baixe o createsrp e salve-o no desktop *Execute-o e clique [OK] 2. *Baixe o OTS e salve-o no desktop *Execute-o e selecione a opção: [x] Scan All Users *Clique [Quick Scan] e cole o relatório apresentado (OTS.txt localizado no desktop) Caso o relatório fique demasiadamente grande... *Acesse este link *Clique [Enviar arquivo] *Localize o arquivo OTS.txt no desktop *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado É ficou, demasiadamente grande, obrigado por tentar ajudar. o link é esse aqui http://cjoint.com/?ADBbKs5zbIt se você conseguir resolver meu problema, eu te venero pra sempre :/ Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 26, 2011 *Selecione e copie o código abaixo: [unregister Dlls] [Registry - Safe List] < Internet Explorer Settings [HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\] > -> YN -> HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\: "AutoConfigURL" -> http://hd.sysdownfit.com:8083/connect.dat < FireFox Settings [Prefs.js] > -> C:\Users\Junior\AppData\Roaming\Mozilla\FireFox\Profiles\kw0nn405.default\prefs.js YN -> network.proxy.autoconfig_url -> "http://hd.sysdownfit.com:8083/connect.dat" YN -> network.proxy.type -> 2 < HOSTS File > ([2011/02/21 21:16:00 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts YN -> Reset Hosts -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \Run\\"Policies" -> [C:\Program Files\install\server.exe] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000] > -> HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \Run\\"Policies" -> [C:\Program Files\install\server.exe] YN -> \Run\\"Internet" -> ["C:\Users\Junior\system.exe"] [Alternate Data Streams] NY -> @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C NY -> @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 NY -> @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF NY -> @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF NY -> @Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst [Empty Temp Folders] [Reboot] *Execute o OTS *Clique no espaço abaixo de "Paste Fix Here", e cole o código *Clique [Run Fix] *O PC será reiniciado *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
BurnoutXD 0 Denunciar post Postado Abril 27, 2011 *Selecione e copie o código abaixo: [unregister Dlls] [Registry - Safe List] < Internet Explorer Settings [HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\] > -> YN -> HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\: "AutoConfigURL" -> http://hd.sysdownfit.com:8083/connect.dat < FireFox Settings [Prefs.js] > -> C:\Users\Junior\AppData\Roaming\Mozilla\FireFox\Profiles\kw0nn405.default\prefs.js YN -> network.proxy.autoconfig_url -> "http://hd.sysdownfit.com:8083/connect.dat" YN -> network.proxy.type -> 2 < HOSTS File > ([2011/02/21 21:16:00 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts YN -> Reset Hosts -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \Run\\"Policies" -> [C:\Program Files\install\server.exe] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000] > -> HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \Run\\"Policies" -> [C:\Program Files\install\server.exe] YN -> \Run\\"Internet" -> ["C:\Users\Junior\system.exe"] [Alternate Data Streams] NY -> @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C NY -> @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 NY -> @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B11E0DF NY -> @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF NY -> @Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst [Empty Temp Folders] [Reboot] *Execute o OTS *Clique no espaço abaixo de "Paste Fix Here", e cole o código *Clique [Run Fix] *O PC será reiniciado *Cole o relatório apresentado Ok, fiz tudinho, ta aqui : All Processes Killed [Registry - Safe List] Registry value HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully. Prefs.js: "http://hd.sysdownfit.com:8083/connect.dat" removed from network.proxy.autoconfig_url Prefs.js: 2 removed from network.proxy.type HOSTS file reset successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. Registry value HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies deleted successfully. Registry value HKEY_USERS\S-1-5-21-933256955-1169006077-3740424904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Internet deleted successfully. [Alternate Data Streams] ADS C:\ProgramData\TEMP:010ADD2C deleted successfully. ADS C:\ProgramData\TEMP:888AFB86 deleted successfully. ADS C:\ProgramData\TEMP:2B11E0DF deleted successfully. ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully. ADS C:\Windows\System32\drivers:GbpKmAp.lst deleted successfully. [Empty Temp Folders] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Junior ->Temp folder emptied: 2335935 bytes ->Temporary Internet Files folder emptied: 2941756 bytes ->Java cache emptied: 2090803 bytes ->FireFox cache emptied: 48837823 bytes ->Google Chrome cache emptied: 267772184 bytes ->Flash cache emptied: 24408472 bytes User: Public User: Todos os Usuários User: Usuário Padrão ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 6370269122 bytes Total Files Cleaned = 6.407,00 mb < End of fix log > OTS by OldTimer - Version 3.1.42.0 fix logfile created on 04262011_215240 Files\Folders moved on Reboot... C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CC8NLI8H\ADSAdClient31CABUHR8T.txt moved successfully. Registry entries deleted on Reboot... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 27, 2011 *Baixe o AD-Remover e salve-o no desktop *Clique com o botão direito do mouse nele e selecione "Executar como administrador", clique [Clean] > [sim] > [OK] > [sim] *O PC será reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt Compartilhar este post Link para o post Compartilhar em outros sites
BurnoutXD 0 Denunciar post Postado Abril 27, 2011 *Baixe o AD-Remover e salve-o no desktop *Clique com o botão direito do mouse nele e selecione "Executar como administrador", clique [Clean] > [sim] > [OK] > [sim] *O PC será reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:05:09 on 26/04/2011, Normal boot Microsoft Windows 7 Professional (X86) Junior@JUNIOR-PC (Gigabyte Technology Co., Ltd. G31M-ES2L) ============== ACTION(S) ============== Folder deleting error: C:\Users\Junior\AppData\Roaming\Mozilla\FireFox\Profiles\kw0nn405.default\conduit Folder deleted: C:\Users\Junior\AppData\Roaming\Mozilla\FireFox\Profiles\kw0nn405.default\ConduitEngine Folder deleted: C:\Users\Junior\AppData\Roaming\Mozilla\FireFox\Profiles\kw0nn405.default\extensions\engine@conduit.com Folder deleted: C:\Users\Junior\AppData\LocalLow\Conduit Folder deleted: C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato Folder deleted: C:\Users\Junior\AppData\Roaming\ClickPotatoLite Folder deleted: C:\Program Files\ClickPotatoLite Folder deleted: C:\ProgramData\ClickPotatoLiteSA Folder deleted: C:\Users\Junior\AppData\LocalLow\PriceGong Folder deleted: C:\Program Files\ScanQuery Folder deleted: C:\Program Files\Search Toolbar (!) -- Temporary files deleted. -- File opened: C:\Users\Junior\AppData\Roaming\Mozilla\FireFox\Profiles\kw0nn405.default\Prefs.js -- Line deleted: user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", ... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2405280/CT2405280... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"... Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"... Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2405280"); Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"); Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-eng7"); Line deleted: user_pref("CommunityToolbar.IsEngineShown", true); Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2405280"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"); Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-eng7"); Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2405280"); Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2405280"); Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 13 2011 21:14:56 GMT-03... Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Apr 26 2011 18:30:04 GMT-0300 (Hora ... Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.locale", "en"); Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Apr 26 2011 18:04:45 GMT-0300 (Hora ofic... Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927"); Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line deleted: user_pref("CommunityToolbar.alert.userId", "7b317ad8-6c5f-442c-b47a-1aac2bb650f2"); Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 08 2010 10:19:14 GMT-0200"); Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line deleted: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Apr 26 2011 17:31:01 GMT-0300 (Hora oficial... Line deleted: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Apr 24 2011 17:57:51 GMT-0300 (Hora ofici... Line deleted: user_pref("ConduitEngine.FirstServerDate", "12/22/2010 00"); Line deleted: user_pref("ConduitEngine.FirstTime", true); Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true); Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true); Line deleted: user_pref("ConduitEngine.Initialize", true); Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true); Line deleted: user_pref("ConduitEngine.InstalledDate", "Wed Dec 08 2010 10:19:12 GMT-0200"); Line deleted: user_pref("ConduitEngine.IsMulticommunity", false); Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false); Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true); Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Apr 26 2011 17:57:51 GMT-0300 (Hora oficia... Line deleted: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Wed Dec 15 2010 17:00:21 GMT-0200"); Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Jan 05 2011 22:21:53 GMT-0200"); Line deleted: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Apr 26 2011 21:58:54 GMT-0300 (Hora oficial do Bra... Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0); Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Apr 26 2011 17:30:40 GMT-0300 (Hora oficial do... Line deleted: user_pref("ConduitEngine.UserID", "UN03935860273914848"); Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR"); Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Apr 26 2011 17:57:51 GMT-0300 (Hora ... Line deleted: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Apr 26 2011 14:30:18 GMT-0300 (Hora... Line deleted: user_pref("ConduitEngine.initDone", true); Line deleted: user_pref("ConduitEngine.isAppTrackingManagerOn", true); Line deleted: user_pref("ConduitEngine.usagesFlag", 2); Line deleted: user_pref("extensions.m3ffxtbr@mywebsearch.com.install-event-fired", true); Line deleted: user_pref("extensions.toolbar@ask.com.install-event-fired", true); -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} Key deleted: HKLM\Software\Classes\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key deleted: HKLM\Software\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} Key deleted: HKLM\Software\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} Key deleted: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key deleted: HKLM\Software\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} Key deleted: HKLM\Software\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} Key deleted: HKLM\Software\Classes\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} Key deleted: HKLM\Software\Classes\ClickPotatoLiteAx.Info Key deleted: HKLM\Software\Classes\ClickPotatoLiteAx.Info.1 Key deleted: HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles Key deleted: HKLM\Software\Classes\ClickPotatoLiteAX.UserProfiles.1 Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\MenuButtonIE.ButtonIE Key deleted: HKLM\Software\Classes\MenuButtonIE.ButtonIE.1 Key deleted: HKLM\Software\Classes\Toolbar.CT2405280 Key deleted: HKLM\Software\Classes\AppID\MenuButtonIE.DLL Key deleted: HKLM\Software\Classes\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} Key deleted: HKLM\Software\ClickPotatoLite Key deleted: HKLM\Software\Freeze.com Key deleted: HKLM\Software\ScanQuery Key deleted: HKCU\Software\ClickPotatoLiteSA Key deleted: HKCU\Software\Zugo Key deleted: HKCU\Software\AppDataLow\Software\PriceGong Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\My Web Search Bar Search Scope Monitor Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|ClickPotatoLite@ClickPotatoLite.com Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== ADDITIONNAL SCAN ============== -- C:\Users\Junior\AppData\Roaming\Mozilla\FireFox\Profiles\kw0nn405.default -- Extensions\battlefieldheroespatcher@ea.com (Battlefield Heroes Updater) Extensions\gamebox@toolbar (GameBox) Extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} (Softonic-Eng7 Community Toolbar) Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil) Searchplugins\bing-zugo.xml (?) Searchplugins\search-results.xml (?) Prefs.js - browser.download.lastDir, C:\\Users\\Junior\\Downloads Prefs.js - browser.startup.homepage, hxxp://www.bing.com/?pc=Z006&form=ZGAPHP Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://www.bing.com/search?pc=Z006&form=ZGAADF&q= ======================================== **** Google Chrome Version [12.0.712.0] **** Extension\ffdcfjdljhbehggjdkdioajnknjcpbjb (C:\Program Files\DAP\DAPChrome\DAPChrome6.crx) (?) Extension\jfmjfhklogoienhpfnppmbcbjfjnkonk (C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx) (?) -- C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://maplestory.nexon.net/ Preferences - homepage_is_newtabpage: false ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01} - "Search-Results Search" (hxxp://websearch.search-results.com/redirect?client=ie&tb=AF2&o=15666&src=crm&q=...) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKCU_Toolbar\WebBrowser|{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} (x) HKCU_Toolbar\WebBrowser|{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} (x) HKCU_Toolbar\WebBrowser|{9D425283-D487-4337-BAB6-AB8354A81457} (x) HKLM_Toolbar|{9D425283-D487-4337-BAB6-AB8354A81457} (x) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed6} - C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{6a0490af-eadc-416c-abda-d6146b8ea0ee} - C:\Program Files\DAP\DAPupd.exe (Speedbit Ltd.) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) BHO\{9D425283-D487-4337-BAB6-AB8354A81457} (?) BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\Program Files\GbPlugin\gbieh.dll) BHO\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - "Hotspot Shield Class" (C:\Program Files\Hotspot Shield\HssIE\HssIE.dll) BHO\{FF6C3CF0-4B15-11D1-ABED-709549C10000} - "Download Accelerator Plus Integration" (C:\PROGRA~1\DAP\DAPIEL~1.DLL) ======================================== C:\Program Files\Ad-Remover\Quarantine: 148 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s) C:\Ad-Report-CLEAN[1].txt - 26/04/2011 22:05:20 (16881 Byte(s)) End at: 22:06:26, 26/04/2011 ============== E.O.F ============== Taí, vish, muita coisa hein o_O Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 27, 2011 1. *Execute o AD-Remover como administrador e clique [uninstall] > [Não] > [Close] 2. *Baixe o MalwareBytes e salve-o no desktop *Instale o programa como administrador e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
BurnoutXD 0 Denunciar post Postado Abril 27, 2011 1. *Execute o AD-Remover como administrador e clique [uninstall] > [Não] > [Close] 2. *Baixe o MalwareBytes e salve-o no desktop *Instale o programa como administrador e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado tae Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 6455 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 27/04/2011 14:26:25 mbam-log-2011-04-27 (14-26-25).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 254322 Tempo decorrido: 2 hora(s), 46 minuto(s), 28 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 10 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 2 Arquivos Infectados: 3 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{p4fw24w3-ye1r-e35f-4frq-s1v4s7uk3068} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\bifrost (Bifrose.Trace) -> Quarantined and deleted successfully. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: C:\Windows\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\Users\Junior\AppData\Roaming\WhiteSmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Arquivos Infectados: C:\Users\Junior\Documents\camilla\cad2008\ACAD2008\Crack\AutoCAD-2008-keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. C:\Windows\Bifrost\server.exe-up.txt (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\Users\Junior\AppData\Roaming\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. Vai dizendo que eu vo fazendo :) Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 28, 2011 *Execute novamente o OTS e selecione a opção: [x] Scan All Users *Clique [Quick Scan] e cole o relatório apresentado (OTS.txt localizado no desktop) Caso o relatório fique demasiadamente grande... *Acesse este link *Clique [Enviar arquivo] *Localize o arquivo OTS.txt no desktop *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado Compartilhar este post Link para o post Compartilhar em outros sites
BurnoutXD 0 Denunciar post Postado Abril 28, 2011 *Execute novamente o OTS e selecione a opção: [x] Scan All Users *Clique [Quick Scan] e cole o relatório apresentado (OTS.txt localizado no desktop) Caso o relatório fique demasiadamente grande... *Acesse este link *Clique [Enviar arquivo] *Localize o arquivo OTS.txt no desktop *Clique [Abrir] > [Créer le lien Cjoint] *Cole o endereço criado http://cjoint.com/?ADCrDFPNxnW Ai Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 28, 2011 1. *Execute o OTS *Clique [CleanUp] > [Yes] *O PC será reiniciado 2. *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log Compartilhar este post Link para o post Compartilhar em outros sites
BurnoutXD 0 Denunciar post Postado Abril 28, 2011 1. *Execute o OTS *Clique [CleanUp] > [Yes] *O PC será reiniciado 2. *Faça um scan online com o NOD32 *Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=a288ea8cf662f4408f17ba0992620fb0 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-04-28 07:52:37 # local_time=2011-04-28 04:52:37 (-0300, Hora oficial do Brasil) # country="Brazil" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 22707049 22707049 0 0 # compatibility_mode=5893 16776574 100 94 31018 55560096 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=109297 # found=8 # cleaned=8 # scan_time=8651 C:\Coisas pra salvar\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Users\Junior\AppData\Local\Temp\NOD8A4C.tmp a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Junior\Documents\4.9_1.rar a variant of Win32/Packed.VMProtect.AAH trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Junior\Documents\4.9_1\4.9.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Junior\Downloads\x1njector.rar a variant of Win32/HackTool.Inject.D application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\autohelp.dll a variant of Win32/Kryptik.MKB trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKL7ULP3\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application (deleted - quarantined) 00000000000000000000000000000000 C ... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 28, 2011 OK...o PC está limpo. :) 1. *Delete o createsrp 2. *Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 3. *Instale um antivírus. Sugestões: Avira ou Avast Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
BurnoutXD 0 Denunciar post Postado Abril 28, 2011 OK...o PC está limpo. :) 1. *Delete o createsrp 2. *Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 3. *Instale um antivírus. Sugestões: Avira ou Avast Um abraço. ?! ?! Resolveu OMFG TE AMO CARA... vou instalar agora msm !! valeu demais ! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 28, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
