[Arquivado] Probleminha

[Fros 0]

Bom, me ajudem meu pc ele inicia normalmente e eu uso ele normalmente e esse problema começou ontem vamos bem dizer,quando tento usar o skype ,Ts,Msn ou hamachi programas desse tipo quando ele ta iniciando pra entrar diz que encontrou um erro e precisa ser fechado o que pode ser isso =/? Ja passei varios programas como MV RGclean 2.9,Avira,Spyware Doctor,Nitro PC,Ccleaner,Malwarebytes' Anti-Malvware e nada de resolver.

 

 

Log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:56:15, on 7/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe

C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\Temp\Rar$EX00.547\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: Soldat-BR Toolbar - {0f2afee7-0192-4cac-a305-3da91ae85ba2} - (no file)

R3 - URLSearchHook: DigitalPowered Toolbar - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Arquivos de programas\DigitalPowered\tbDig1.dll

R3 - URLSearchHook: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc0.dll

R3 - URLSearchHook: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - (no file)

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Soldat-BR Toolbar - {0f2afee7-0192-4cac-a305-3da91ae85ba2} - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc0.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - (no file)

O2 - BHO: DigitalPowered Toolbar - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Arquivos de programas\DigitalPowered\tbDig1.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Soldat-BR Toolbar - {0f2afee7-0192-4cac-a305-3da91ae85ba2} - (no file)

O3 - Toolbar: DigitalPowered Toolbar - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Arquivos de programas\DigitalPowered\tbDig1.dll

O3 - Toolbar: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc0.dll

O3 - Toolbar: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - (no file)

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1074440212078

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F047C78-CEE2-4156-BA8B-274006AF2478}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Nero AG - (no file)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 12196 bytes

 

 

Uma SS - http://img41.imageshack.us/img41/1880/errosg.png

 

Quando tento entrar em algum server do ts da isso - http://img684.imageshack.us/img684/3530/errotenso.png

[Power Max 54]

:) Olá Fros!

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R3 - URLSearchHook: Soldat-BR Toolbar - {0f2afee7-0192-4cac-a305-3da91ae85ba2} - (no file)

 

R3 - URLSearchHook: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - (no file)

 

R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

 

O2 - BHO: Soldat-BR Toolbar - {0f2afee7-0192-4cac-a305-3da91ae85ba2} - (no file)

 

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

 

O2 - BHO: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - (no file)

 

O3 - Toolbar: Soldat-BR Toolbar - {0f2afee7-0192-4cac-a305-3da91ae85ba2} - (no file)

 

O3 - Toolbar: LocalStrike_English Toolbar - {41fe951c-2aaf-4f08-ab67-aebd1ed636f2} - (no file)

__________________________________

 

:seta: Siga as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D

__________________________________

 

:seta: Baixe e execute o programa que está disponível no site abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

__________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

__________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com o log que estará em C:\Ad-Report-CLEAN[1].log, o log que estará em C:\ToolBar SD\TB_1.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[Fros 0]

só uma duvida, Você quer o Log do AD-R e do Toolbar.S&D após eu ja ter passado do relatorio pela primeira vez e ter feito a limpeza dos problemas?ou o relatorio de antes de remover os problemas que encontrar como segue o tutorial....!?

[Power Max 54]

só uma duvida, Você quer o Log do AD-R e do Toolbar.S&D após eu ja ter passado do relatorio pela primeira vez e ter feito a limpeza dos problemas?ou o relatorio de antes de remover os problemas que encontrar como segue o tutorial....!?

Olá amigo, poste por gentileza os logs depois de remover os problemas, para a gente confirmar que foram realmente removidos.

 

Ficamos na espera.

[Fros 0]

Logo AD-R

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 05.02.2010 at 17:34

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 3:02:00, qua 10/03/2010 | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 2 versÆo 5.1.2600

Computer Name: HOME-770E348A9E | Current user: Fire

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\DOCUME~1\Fire\DADOSD~1\Mozilla\FireFox\Profiles\saoc10w7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

C:\DOCUME~1\Fire\DADOSD~1\Mozilla\FireFox\Profiles\saoc10w7.default\searchplugins\sweetim.xml

C:\DOCUME~1\Fire\DADOSD~1\Mozilla\FireFox\Profiles\saoc10w7.default\SweetIMToolbarData

C:\Arquivos de programas\Mozilla FireFox\searchplugins\crawlersrch.xml

C:\Arquivos de programas\AskBarDis

C:\DOCUME~1\Fire\MENUIN~1\Ebay.lnk

 

(!) -- Temp files deleted.

 

.

HKCU\software\appdatalow\AskBarDis

HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

HKCU\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

HKCU\software\SweetIM

HKLM\software\AskBarDis

HKLM\software\classes\AskIBar.PopSwatterBarButton

HKLM\software\classes\AskIBar.PopSwatterBarButton.1

HKLM\software\classes\AskIBar.PopSwatterSettingsControl

HKLM\software\classes\AskIBar.PopSwatterSettingsControl.1

HKLM\software\classes\AskToolBar.SettingsPlugin

HKLM\software\classes\AskToolBar.SettingsPlugin.1

HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}

HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}

HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}

HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}

HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}

HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}

HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}

HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}

HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}

HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}

HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}

HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}

HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}

HKLM\software\microsoft\windows\currentversion\uninstall\Ask Toolbar_is1

HKLM\software\SweetIM

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.8 [pt-BR] *

.

ProfilePath: saoc10w7.default (Fire)

.

(Fire, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Fire\Desktop

(Fire, prefs.js) Browser.search.defaultenginename, SweetIM Search

(Fire, prefs.js) Browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}

(Fire, prefs.js) Browser.search.selectedEngine, 4shared Web Search

(Fire, prefs.js) Browser.startup.homepage, hxxp://www.google.com.br/

(Fire, prefs.js) Extensions.enabledItems, {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:2.4.0.4,battlefieldheroespatcher@ea.com:4.0.27.0,{b317125e-2f10-4388-bf1f-2c31c6cd89ed}:2.2.0.9,{31c7d459-9cc3-44f2-9dca-fc11795309b4}:2.4.0.4,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.7.10,{87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.7.8,{0f2afee7-0192-4cac-a305-3da91ae85ba2}:2.2.0.9,{EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8

(Fire, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

(Fire, prefs.js) Sweetim.toolbar.previous.browser.search.defaultenginename, LocalStrike

(Fire, prefs.js) Sweetim.toolbar.previous.browser.search.defaulturl, hxxp://search.localstrike.com.ar/?q={searchTerms}

(Fire, prefs.js) Sweetim.toolbar.previous.browser.search.selectedEngine, LocalStrike

(Fire, prefs.js) Sweetim.toolbar.previous.browser.startup.homepage, hxxp://www.google.com.br/

(Fire, prefs.js) Sweetim.toolbar.previous.keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=2&q=

.

(Fire, prefs.js) ERASED - Browser.search.defaultenginename, SweetIM Search

(Fire, prefs.js) ERASED - Browser.search.defaultthis.engineName, 4shared Web Search

(Fire, prefs.js) ERASED - Browser.search.selectedEngine, 4shared Web Search

(Fire, prefs.js) ERASED - Sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0

(Fire, prefs.js) ERASED - Sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7

(Fire, prefs.js) ERASED - Sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log

(Fire, prefs.js) ERASED - Sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000

(Fire, prefs.js) ERASED - Sweetim.toolbar.logger.FileHandler.MinReportLevel, 7

(Fire, prefs.js) ERASED - Sweetim.toolbar.mode.debug, false

(Fire, prefs.js) ERASED - Sweetim.toolbar.previous.browser.search.defaultenginename, LocalStrike

(Fire, prefs.js) ERASED - Sweetim.toolbar.previous.browser.search.defaulturl, hxxp://search.localstrike.com.ar/?q={searchTerms}

(Fire, prefs.js) ERASED - Sweetim.toolbar.previous.browser.search.selectedEngine, LocalStrike

(Fire, prefs.js) ERASED - Sweetim.toolbar.previous.browser.startup.homepage, hxxp://www.google.com.br/

(Fire, prefs.js) ERASED - Sweetim.toolbar.previous.keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=2&q=

(Fire, prefs.js) ERASED - Sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://search.yahoo.com/*\ param=\p=\ /><EXTERNAL_SEARCH engine=\hxxp://search.sweetim.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://*.live.*/*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://*youtube.com/\ param=\search_query=\ /><EXTERNAL_SEARCH engine=\hxxp://*.ebay.*/search/*\ param=\satitle=\ /><EXTERNAL_SEARCH engine=\hxxp://*.amazon.com/s/*\ param=\field-keywords=\ /></TOOLBAR>

(Fire, prefs.js) ERASED - Sweetim.toolbar.search.history.capacity, 10

(Fire, prefs.js) ERASED - Sweetim.toolbar.simapp_id, {DDD65DF2-0330-11DF-A037-001C254BA226}

(Fire, prefs.js) ERASED - Sweetim.toolbar.urls.homepage, hxxp://home.sweetim.com

(Fire, prefs.js) ERASED - Sweetim.toolbar.version, 1.0.0.9

.

.

.

* Internet Explorer Version 6.0.2900.2180 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

Enable Browser Extensions: yes

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: %SystemRoot%\system32\blank.htm

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Administrador\Desktop\Patch_JusT-RF_2.2.rar

C:\Documents and Settings\Administrador\Desktop\patch_v2.rar

C:\Documents and Settings\Administrador\Desktop\Jogos\Patch.rar

C:\Documents and Settings\Administrador\Desktop\Perfect world Chines\Perfect World\Patch 1.rar

C:\Documents and Settings\Administrador\Desktop\Perfect world Chines\Perfect World\patcher\patcher.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\Patch 2.2\Just RF CCR.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\RF War Final Update.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\rfaviplayer.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\unins000.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\uninshs.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\$$IUTemp\update1.zip

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\RF War Final Update.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\rfaviplayer.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\unins000.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\uninshs.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\$$IUTemp\update1.zip

C:\Documents and Settings\Administrador\Desktop\SkyPriston tale\SkyGames\PristonTale\image\Sinimage\Inven\PT BMP Patcher.exe

C:\Documents and Settings\Administrador\Meus documentos\cs16patch_full_V22.exe

C:\Documents and Settings\Administrador\Meus documentos\cs16patch_full_V22.rar

C:\Documents and Settings\Administrador\Meus documentos\LMS-PWPatch1.31.6.exe

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part1.exe

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part2.rar

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part3.rar

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part4.rar

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part5.rar

C:\Documents and Settings\Administrador\Meus documentos\PW-EN-MY-Patch12-13.zip

C:\Documents and Settings\Administrador\Meus documentos\PW-EN-MY-Patch2-6.zip

C:\Documents and Settings\Administrador\Meus documentos\PW-EN-MY-Patch6-12.zip

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\GreatM_Full_Patch.zip

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\MuBrowSPatch.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\patch.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\Patch_FULL.exe

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\Patch_FULL_1.exe

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\Patch_JusT-RF_2.2.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\patch1.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\RFe_Patch_v4.0.0.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\RFe_Patch_v4.0.0_1.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\WarZone51_Patch_v4.0_Tabula_Wars_Part1_ENG.rar

C:\Documents and Settings\Fire\Dados de aplicativos\BitTorrent\Adobe Photoshop CS3 Extended + Crack.torrent

C:\Documents and Settings\Fire\Dados de aplicativos\Mozilla\Firefox\Profiles\saoc10w7.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe

C:\Documents and Settings\Fire\Desktop\Pasta RF\Patch RF street\Fix.rar

C:\Documents and Settings\Fire\Desktop\Pasta RF\Patch RF street\Patch StreetWars-RF PvP Server 2.2.3 v.1.3.exe

C:\Documents and Settings\Fire\Meus documentos\cs16patch_full_V23(8).exe

C:\Documents and Settings\Fire\Meus documentos\cs16patch_full_v26.exe

C:\Documents and Settings\Fire\Meus documentos\Patch_Sitecs_protocolo_47_48.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Instructions.nfo

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Setup.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Crack\Photoshop.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsInstaller-KB893803-v2-x86.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-ia64-enu.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x64-enu.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x86-enu.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsXP-KB898715-x64-enu.exe

.

===================================

.

13682 Byte(s) - C:\Ad-Report-CLEAN[1].log

13900 Byte(s) - C:\Ad-Report-SCAN[1].log

.

30 File(s) - C:\Temp

4 File(s) - C:\WINDOWS\Temp

0 File(s) - C:\WINDOWS\Prefetch

.

20 File(s) - C:\Ad-Remover\BACKUP

31 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 3:46:19 | qua 10/03/2010 - CLEAN[1]

.

============== E.O.F ==============

.

 

Log Nod32

 

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=225aa888760a0c45af0ff9757208c037

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-03-10 11:32:27

# local_time=2010-03-10 08:32:27 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16774142 0 2 7473195 7473195 0 0

# compatibility_mode=1026 16777214 0 2 42558502 42558502 0 0

# compatibility_mode=1792 16777191 100 0 1082516 1082516 0 0

# compatibility_mode=2560 16777175 100 0 0 0 0 0

# compatibility_mode=7937 16777214 0 25 16290516 16290516 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=176907

# found=2

# cleaned=2

# scan_time=13661

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Ares\My Shared Folder\nero 8 ultra edition v8 3 2 1 [multilanguage].rar Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrador\Desktop\SkyPriston tale\SkyGames\PristonTale\XPva02.dll probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

outro logo do HiJackthis como você pediu

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:46:35, on 12/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Rockstar Games\GTA San Andreas\samp.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Temp\Rar$EX00.657\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: DigitalPowered Toolbar - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Arquivos de programas\DigitalPowered\tbDig1.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc0.dll

O2 - BHO: DigitalPowered Toolbar - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Arquivos de programas\DigitalPowered\tbDig1.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DigitalPowered Toolbar - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Arquivos de programas\DigitalPowered\tbDig1.dll

O3 - Toolbar: LocalStrike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Arquivos de programas\Local_Strike\tbLoc0.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Arquivos de programas\Arquivos comuns\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1074440212078

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F047C78-CEE2-4156-BA8B-274006AF2478}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Skype\toolbars\Shared\Skype4ComAPI.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Nero AG - (no file)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 10509 bytes

 

 

Obs: Esses erros ja estavam dando antes de seguir os tutoriais que você pediu

 

SS de um outro erro > http://img708.imageshack.us/img708/997/errotenso.jpg

 

SS de outro erro, depois que clico em Fechar Mensagem da erro no explorer.Exe ai eu clico em Enviar relatorio de erros ai a barra de ferramentas e os Icones do desktop somem depois volta ao normal e da erro no Explorer.exe novamente > http://img46.imageshack.us/img46/87/errotenso2.jpg

 

Obs²: repare que minha barra de ferramentas ali em baixo está congelada não consigo clicar em nada nem no iniciar, ou seja varios programas que tento abrir diz que encontrou um erro e precisa ser fechado

 

Obs³: Não Consegui rodar o Toolbar S&D o Spawre doctor encontrou Trojan Oo E ja passei varios programas como MV RGclean 2.9,Avira,Spyware Doctor,Nitro PC,Ccleaner,Malwarebytes' Anti-Malvware o Nod32 e nada de resolver.

[Power Max 54]

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Administrador\Desktop\Patch_JusT-RF_2.2.rar

C:\Documents and Settings\Administrador\Desktop\patch_v2.rar

C:\Documents and Settings\Administrador\Desktop\Jogos\Patch.rar

C:\Documents and Settings\Administrador\Desktop\Perfect world Chines\Perfect World\Patch 1.rar

C:\Documents and Settings\Administrador\Desktop\Perfect world Chines\Perfect World\patcher\patcher.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\Patch 2.2\Just RF CCR.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\RF War Final Update.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\rfaviplayer.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\unins000.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\uninshs.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF Online\RF WAR PATCH UP6\$$IUTemp\update1.zip

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\RF War Final Update.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\rfaviplayer.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\unins000.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\uninshs.exe

C:\Documents and Settings\Administrador\Desktop\RF PVP WAR\RF WAR PATCH UP6\$$IUTemp\update1.zip

C:\Documents and Settings\Administrador\Desktop\SkyPriston tale\SkyGames\PristonTale\image\Sinimage\Inven\PT BMP Patcher.exe

C:\Documents and Settings\Administrador\Meus documentos\cs16patch_full_V22.exe

C:\Documents and Settings\Administrador\Meus documentos\cs16patch_full_V22.rar

C:\Documents and Settings\Administrador\Meus documentos\LMS-PWPatch1.31.6.exe

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part1.exe

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part2.rar

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part3.rar

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part4.rar

C:\Documents and Settings\Administrador\Meus documentos\PatchFor1.3.1.part5.rar

C:\Documents and Settings\Administrador\Meus documentos\PW-EN-MY-Patch12-13.zip

C:\Documents and Settings\Administrador\Meus documentos\PW-EN-MY-Patch2-6.zip

C:\Documents and Settings\Administrador\Meus documentos\PW-EN-MY-Patch6-12.zip

C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\GreatM_Full_Patch.zip

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\MuBrowSPatch.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\patch.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\Patch_FULL.exe

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\Patch_FULL_1.exe

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\Patch_JusT-RF_2.2.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\patch1.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\RFe_Patch_v4.0.0.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\RFe_Patch_v4.0.0_1.rar

C:\Documents and Settings\Administrador\Meus documentos\My Completed Downloads\WarZone51_Patch_v4.0_Tabula_Wars_Part1_ENG.rar

C:\Documents and Settings\Fire\Dados de aplicativos\BitTorrent\Adobe Photoshop CS3 Extended + Crack.torrent

C:\Documents and Settings\Fire\Dados de aplicativos\Mozilla\Firefox\Profiles\saoc10w7.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe

C:\Documents and Settings\Fire\Desktop\Pasta RF\Patch RF street\Fix.rar

C:\Documents and Settings\Fire\Desktop\Pasta RF\Patch RF street\Patch StreetWars-RF PvP Server 2.2.3 v.1.3.exe

C:\Documents and Settings\Fire\Meus documentos\cs16patch_full_V23(8).exe

C:\Documents and Settings\Fire\Meus documentos\cs16patch_full_v26.exe

C:\Documents and Settings\Fire\Meus documentos\Patch_Sitecs_protocolo_47_48.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Instructions.nfo

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Setup.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Crack\Photoshop.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsInstaller-KB893803-v2-x86.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-ia64-enu.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x64-enu.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x86-enu.exe

C:\Documents and Settings\Fire\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsXP-KB898715-x64-enu.exe

:!: É muito importante desinstalar todos os programas crackeados ou pirateados que existam no seu PC, pois a enorme maioria destes programas vem com virus e/ou malwares embutidos neles, além de poderem conter brechas de segurança que facilitam a invasão de seu computador.

_________________________________

 

:seta: Sugiro que você desinstale a DigitalPowered Toolbar e a LocalStrike Toolbar, pois estas toolbars deixam a internet mais lenta e ainda podem trazer brechas de segurança.

_________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo BitDefender Online:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.