[Resolvido!] Analisem meu log

[dre_carbonyc 0]

Esse notebook tá se comportando estranhamente... não sei se é problema de hardware mesmo ou se é vírus.

Verifiquem se meu log está limpo, por favor:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:38:08, on 02/03/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\pdfforge Toolbar\SearchSettings.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Anderson\AppData\Local\Greenpeace\BlackPixel\SaveWatts.exe

C:\Users\Anderson\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\BrOffice.org 2.2\program\soffice.exe

C:\Program Files\BrOffice.org 2.2\program\soffice.BIN

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\HijackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [black Pixel] "C:\Users\Anderson\AppData\Local\Greenpeace\BlackPixel\SaveWatts.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BrOffice.org 2.2.lnk = C:\Program Files\BrOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

O4 - Global Startup: DRSpawner.lnk = C:\ProgramData\ASGvis\DRSpawner\DRSpawner.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca6134ea6965d0) (gupdate1ca6134ea6965d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

 

--

End of file - 9832 bytes

 

Grato! ^_^

[wings 22]

Boa noite...

 

*Desative o UAC

 

Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Desmarque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme > Reinicie o PC

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle L > [ENTER]

*Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack

[dre_carbonyc 0]

Ok,seguem os logs:

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 05.02.2010 at 17:34

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 13:58:58, 03/03/2010 | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows Vista™ Service Pack 2 versÆo 6.0.6001

Computer Name: ANDERSON-PC | Current user: Anderson

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\Program Files\Mozilla FireFox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}

C:\Program Files\Mozilla FireFox\extensions\search@searchsettings.com

C:\Program Files\pdfforge Toolbar

C:\Users\Anderson\AppData\Roaming\Desktopicon

C:\Users\Anderson\AppData\Roaming\Search Settings

C:\Users\Anderson\AppData\LocalLow\pdfforge

C:\Users\Anderson\AppData\LocalLow\Search Settings

C:\Windows\Installer\180514.msi

 

(!) -- Temp files deleted.

 

.

HKCU\software\appdatalow\software\pdfforge

HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

HKCU\software\Search Settings

HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}

HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

HKLM\Software\Classes\Interface\{299C0BBF-8D14-431C-9E58-5BE8F786721F}

HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings

HKLM\software\pdfforge

HKLM\software\Search Settings

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.8 [pt-BR] *

.

ProfilePath: 4yrl9184.default (Anderson)

.

(Anderson, prefs.js) Browser.download.dir, C:\Users\Anderson\Downloads

(Anderson, prefs.js) Browser.download.lastDir, C:\Users\Anderson\Desktop

(Anderson, prefs.js) Browser.startup.homepage, hxxp://go.microsoft.com/fwlink/?LinkId=69157

(Anderson, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8

.

.

* Internet Explorer Version 7.0.6001.18000 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\Windows\system32\blank.htm

Show_ToolBar: yes

Enable Browser Extensions: yes

Start Page: hxxp://fr.msn.com/

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Start Page: hxxp://fr.msn.com/

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: %SystemRoot%\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Users\Anderson\AppData\Roaming\BSplayer\AC3 Filter\dialog_patch.exe

C:\Users\Anderson\Downloads\ESET.NOD32.Smart.Security.Business.Edition.v3.0.621FULL\ESET.NOD32.Smart.Security.Business.Edition.v3.0.621FULL\ESET 3.x Official Patch By KM92.exe

C:\Users\Anderson\organiza‡Æo anderson\pessoal\musicas ozaca\Acupuntura total\Extras\Dicionario Aurelio Sec XXI\crack\AeXXI.exe

.

===================================

.

4873 Byte(s) - C:\Ad-Report-CLEAN[1].log

.

18865 File(s) - C:\Users\Anderson\AppData\Local\Temp

62 File(s) - C:\Windows\Temp

0 File(s) - C:\Windows\Prefetch

.

20 File(s) - C:\Ad-Remover\BACKUP

77 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 14:06:16 | 03/03/2010 - CLEAN[1]

.

============== E.O.F ==============

.

 

O outro:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:28:41, on 03/03/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Anderson\AppData\Local\Greenpeace\BlackPixel\SaveWatts.exe

C:\ProgramData\ASGvis\DRSpawner\DRSpawner.exe

C:\Program Files\BrOffice.org 2.2\program\soffice.exe

C:\Program Files\BrOffice.org 2.2\program\soffice.BIN

C:\Users\Anderson\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wuauclt.exe

C:\HijackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [black Pixel] "C:\Users\Anderson\AppData\Local\Greenpeace\BlackPixel\SaveWatts.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BrOffice.org 2.2.lnk = C:\Program Files\BrOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: Atualizador de licenças ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

O4 - Global Startup: DRSpawner.lnk = C:\ProgramData\ASGvis\DRSpawner\DRSpawner.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca6134ea6965d0) (gupdate1ca6134ea6965d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

 

--

End of file - 8755 bytes

 

Grato!

[wings 22]

1.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

*Feche o hijack

 

 

O log está limpo.

 

2.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

3.

Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Marque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.