[Resolvido] &nbspWinrar corrompido

[MasterFuxi 0]

Olá, estou com um problema no winrar que começou a acontecer hoje. Baixei um arquivo normal em RAR, e quando fui extrair, não estava conseguindo. Aparece uma mensagem dizendo que o Winrar está corrompido, tentei baixar o Winrar e instalar, mas quando vou instalar no diretorio "C:\Arquivos de programas\WinRAR", diz que a pasta não acessível. Tentei deletar, mas aparece que a pasta Formats não pode ser deletada. Aparece um triangulo amarelo com um "!" dentro, dizendo para executar o utilitário Chkdsk, mas mesmo usando esse comando de nada adiantou. O que eu faço ? Até.

 

Uploaded with ImageShack.us

@EditConsegui consertar, passei anti-vírus e dei boot, e o problema foi resolvido.

Aqui está o log

 

HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:08:57, on 12/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Magic Desktop\server\MagicDesktopServer.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Meus documentos\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,"C:\Arquivos de programas\Velocidade Do PC\PCSpeedUpNotifier.exe"

O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\ARQUIV~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\ARQUIV~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O3 - Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Arquivos de programas\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCSpeedUp] C:\Arquivos de programas\Velocidade Do PC\PCSpeedUp.lnk

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe" /silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\eduardo e binha\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F32A35DC-6CD5-4A59-93F2-1B77FF085840}: NameServer = 200.222.122.134 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apache - Avira GmbH - (no file)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Magic Desktop Server - Unknown owner - C:\Arquivos de programas\Magic Desktop\server\MagicDesktopServer.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8472 bytes

[Power Max 54]

Consegui consertar, passei anti-vírus e dei boot, e o problema foi resolvido.

:) Ficamos felizes que este problema do Winrar foi resolvido. Mas consta no seu log algumas toolbars problemáticas.

 

:seta: Siga, por gentileza, estas dicas:

 

Tutorial do Ad-Remover

 

Tutorial do Malwarebytes Anti-Malware

______________________

 

:seta: Na sua próxima resposta poste um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log, o log do Malwarebytes e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[MasterFuxi 0]

Olá, aqui estão os logs.

 

HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:30:19, on 14/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Magic Desktop\server\MagicDesktopServer.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Meus documentos\HiJackThis.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\Arquivos de programas\Velocidade Do PC\PCSpeedUpNotifier.exe",

O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O3 - Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCSpeedUp] C:\Arquivos de programas\Velocidade Do PC\PCSpeedUp.lnk

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe" /silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\eduardo e binha\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F32A35DC-6CD5-4A59-93F2-1B77FF085840}: NameServer = 200.222.122.134 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apache - Avira GmbH - (no file)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Magic Desktop Server - Unknown owner - C:\Arquivos de programas\Magic Desktop\server\MagicDesktopServer.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8144 bytes

 

 

Ad-Remover

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 10:58:22 on 14/09/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

eduardo e binha@EDUARDO-9481FDB ( )

 

============== ACTION(S) ==============

 

 

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

File deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\searchplugins\askcom.xml

Folder deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\conduit

File deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\searchplugins\conduit.xml

Folder deleted: C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

Folder deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\OpenCandy

Folder deleted: C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\OpenCandy

Folder deleted: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\PriceGong

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default\Prefs.js --

/!\ Unable to open the file, cleaning interrupted /!\

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{AC6240AE-33B6-40D3-8683-31BBE86049A0}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6240AE-33B6-40D3-8683-31BBE86049A0}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT1060933

Key deleted: HKLM\Software\Classes\Toolbar.CT2233703

Key deleted: HKLM\Software\Classes\Toolbar.CT2851643

Key deleted: HKLM\Software\AskToolbar

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\Complitly

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\DataMngr

Key deleted: HKCU\Software\PriceGong

Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [4.0.1 (pt-BR)] ****

 

Plugins\npwachk.dll (Nullsoft, Inc.)

HKLM_MozillaPlugins\@ommoo.net/Ommoo Runner,version=1.0 (x)

HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)

HKLM_MozillaPlugins\@Webzen.com/NPGameWebStarter (x)

HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)

Searchplugins\babylon.xml (hxxp://search.babylon.com/web/{searchTerms})

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\fcmdSrch.xml ( hxxp://start.facemoods.com/?a=ironto&f=4&q={searchTerms}/)

Searchplugins\fcmdSrchstonicbr.xml ( hxxp://start.facemoods.com/?a=stonicbr&f=4&q={searchTerms}/)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\SearchResults.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&q={searchTerms}/)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

HKCU_Extensions|{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - C:\Arquivos de programas\DAP\DAPFireFox

 

-- C:\Documents and Settings\eduardo e binha\Dados de aplicativos\Mozilla\FireFox\Profiles\yp8mhne4.default --

Extensions\ffxtlbr@babylon.com (Babylon)

Extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} (4shared.com Community Toolbar)

Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} (Freecorder Community Toolbar)

Searchplugins\SearchResults.xml ( hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&q={searchTerms}/)

Searchplugins\speedbit.xml (hxxp://home.speedbit.com/search.aspx)

Searchplugins\sweetim.xml (?)

Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

Prefs.js - browser.search.selectedEngine, Freecorder Customized Web Search

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br

Prefs.js - browser.startup.homepage_override.buildID, 20110413222027

Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

 

========================================

 

**** Google Chrome Version [13.0.782.215] ****

 

Extension - dhkplhfnhceodhffomolpfigojocbpcb (x)

Extension\ffdcfjdljhbehggjdkdioajnknjcpbjb (C:\Arquivos de programas\DAP\DAPChrome\DAPChrome6.crx) (?)

Extension - mdebcffgnijbblbinknkbefciofebcda (x)

 

-- C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t)

Preferences - homepage: hxxp://www.google.com.br/

Preferences - homepage_is_newtabpage: false

Plugin - Chrome NaCl (Enabled: false) (C:\Documents and Settings\eduardo e binha\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll) (x)

Plugin - Pando Web Plugin (Enabled: true) (C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll)

Plugin - NPGameWebStarter (Enabled: true) (C:\Arquivos de programas\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll)

Plugin - "Java" (Enabled: true)

Plugin - "Silverlight" (Enabled: true)

Plugin - "Chrome NaCl" (Enabled: false)

Plugin - "Chrome DAP extension" (Enabled: true)

Plugin - "Winamp Application Detector" (Enabled: true)

Plugin - "Ommoo Plugin" (Enabled: true)

Plugin - "Pando Web Plugin" (Enabled: true)

Plugin - "NPGameWebStarter" (Enabled: true)

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{12fc3d37-2a42-4fe3-8489-81296878cba5} - "Softonic_Brasil Toolbar" (C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll)

HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "?" (?)

HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})

HKCU_Toolbar\WebBrowser|{12FC3D37-2A42-4FE3-8489-81296878CBA5} (C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll)

HKLM_Toolbar|{12fc3d37-2a42-4fe3-8489-81296878cba5} (C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll)

HKLM_Toolbar|{99079a25-328f-4bd4-be04-00955acaa0a7} (x)

HKLM_Toolbar|!{30F9B915-B755-4826-820B-08FBA6BD249D} (x)

HKCU_ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} - C:\Documents and Settings\eduardo e binha\Desktop\IEMonitor.exe (x)

HKCU_ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} - C:\Documents and Settings\eduardo e binha\Desktop\IDMan.exe (x)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{12fc3d37-2a42-4fe3-8489-81296878cba5} - "Softonic_Brasil Toolbar" (C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 106 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 14/09/2011 10:58:35 (8641 Byte(s))

 

End at: 11:01:09, 14/09/2011

 

============== E.O.F ==============

 

 

Malwarebytes

 

 

 

Malwarebytes' Anti-Malware 1.24

Versão do banco de dados: 1012

Windows 5.1.2600 Service Pack 3

 

16:22:41 14/9/2011

mbam-log-9-14-2011 (16-22-41).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 152715

Tempo decorrido: 5 hour(s), 9 minute(s), 14 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\install (Rogue.Multiple) -> Delete on reboot.

[Power Max 54]

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

[MasterFuxi 0]

Olá , o computador está funcionando normalmente.

 

Aqui estão os log. O ESET não saia dos 45% então dei stop e finish ,nada foi encontrado.

 

 

HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:41:44, on 15/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Magic Desktop\server\MagicDesktopServer.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Desktop\iexplore.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\eduardo e binha\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\eduardo e binha\Meus documentos\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\Arquivos de programas\Velocidade Do PC\PCSpeedUpNotifier.exe",

O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSoft.dll

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O3 - Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PCSpeedUp] C:\Arquivos de programas\Velocidade Do PC\PCSpeedUp.lnk

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam\Bin\ManyCam.exe" /silent

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\eduardo e binha\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F32A35DC-6CD5-4A59-93F2-1B77FF085840}: NameServer = 200.222.122.134 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apache - Avira GmbH - (no file)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Magic Desktop Server - Unknown owner - C:\Arquivos de programas\Magic Desktop\server\MagicDesktopServer.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8538 bytes

 

 

Nod32 Online

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=266fbc5df26ec44e83d7306563f835c0

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-09-15 09:40:43

# local_time=2011-09-15 06:40:43 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 93 0 48349843 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=42787

# found=0

# cleaned=0

# scan_time=4172

[Power Max 54]

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

 

O3 - Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

 

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

 

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

________________________

 

:seta: Abra o Ad-remover > clique em Uninstall > aí é só ir seguindo os passos que ele te mostra para desinstalá-lo.

__________________________

 

:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

 

Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

___________________

 

Olá , o computador está funcionando normalmente.

:thumbsup: Ficamos felizes que o problema foi resolvido. Conte sempre conosco!

[Power Max 54]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.