darlas 0 Denunciar post Postado Julho 30, 2010 Boa tarde, O meu anti-virus do meu computador venceu e resolvir baixar outro, após ter feito a instalação o meu pc passou a apresentar ao ser inicializado uma caixa de mensagem com o título "ie3sh.exe - Não foi possível localizar o componente" e a mensagem da caixa é "Este aplicativo não pôde ser iniciado porquer não foi encontrado BHO.DLL. A reinstalação do aplicativo pode corrigir o problema.". Como não tenho noção do que está ocorrendo toda vez clico em ok e em siguida visualizo a mensagem "IE3SH Application parou de funcionar" e clico no botão fechar programa...Diante desta situação alguém pode me auxiliar a resolver este problema? Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 30, 2010 :) Olá Darlas! :seta: Crie uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis). Faça o download do HijackThis e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela. Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept. Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar). Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Julho 31, 2010 :) Olá Darlas! :seta: Crie uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis). Faça o download do HijackThis e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela. Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept. Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar). Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado. Ficamos no aguardo de sua resposta. Bem desculpe a falta de conhecimento ,...mas posso postar o log neste mesmo tópico que abri?... estou questionando pois não quero de maneira nenhuma quebrar alguma regra ou ser penalizada...desde já agradeço a atenção e a boa vontade em me ajudar e a paciência em aturar estas perguntas que faço...espero que possa me responder em breve. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 31, 2010 Bem desculpe a falta de conhecimento ,...mas posso postar o log neste mesmo tópico que abri?... estou questionando pois não quero de maneira nenhuma quebrar alguma regra ou ser penalizada...desde já agradeço a atenção e a boa vontade em me ajudar e a paciência em aturar estas perguntas que faço...espero que possa me responder em breve. :) Sim, todos os logs que te pedir você posta aqui neste mesmo tópico. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Julho 31, 2010 Bem desculpe a falta de conhecimento ,...mas posso postar o log neste mesmo tópico que abri?... estou questionando pois não quero de maneira nenhuma quebrar alguma regra ou ser penalizada...desde já agradeço a atenção e a boa vontade em me ajudar e a paciência em aturar estas perguntas que faço...espero que possa me responder em breve. :) Sim, todos os logs que te pedir você posta aqui neste mesmo tópico. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:43:44, on 31/07/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Oi Velox\Manager\desp2k.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe C:\SW_Cadastro\Monitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (file missing) O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PCFChecker] pcfchck.exe O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O15 - Trusted Zone: http://www.pcdafamilia.com.br O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: .norton2009Reset - - (no file) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 15119 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 31, 2010 :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Agosto 1, 2010 Estou enviando os log que pediu... bem me atrapalhei um pouco fazendo o que pediu mas acho que deu tudo certo no final,... a mensagem de erro sumiu... Devo agora apagar as pastas que foram criadas pelo dois programas, juntamente com seu respectivos instaladores? Desde já agradeço a sua disponibilidade e atenção dada a minha pessoa... :) ComboFix 10-07-31.04 - usuario 01/08/2010 16:11:09.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.2038.1177 [GMT -3:00] Executando de: c:\users\usuario\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - drivers: deleted 100 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\FF\chrome.manifest c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul c:\program files\Dealio Toolbar\FF\chrome\content\login.js c:\program files\Dealio Toolbar\FF\chrome\content\login.xul c:\program files\Dealio Toolbar\FF\chrome\content\parser.js c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\program files\Dealio Toolbar\FF\components\config.ini c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\install.rdf c:\program files\Dealio Toolbar\IE\4.0.2\config.ini c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\basis_br.xml c:\program files\Fast Browser Search\IE\basis_de.xml c:\program files\Fast Browser Search\IE\basis_en.xml c:\program files\Fast Browser Search\IE\basis_es.xml c:\program files\Fast Browser Search\IE\basis_fr.xml c:\program files\Fast Browser Search\IE\basis_it.xml c:\program files\Fast Browser Search\IE\basis_nr.xml c:\program files\Fast Browser Search\IE\basis_pt.xml c:\program files\Fast Browser Search\IE\basis_ru.xml c:\program files\Fast Browser Search\IE\basis_tr.xml c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\fbsProtection.xml c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe c:\program files\Fast Browser Search\IE\FBStoolbar.dll c:\program files\Fast Browser Search\IE\fbstoolbar.jar c:\program files\Fast Browser Search\IE\fbstoolbar.manifest c:\program files\Fast Browser Search\IE\icons.bmp c:\program files\Fast Browser Search\IE\ie3sh.exe c:\program files\Fast Browser Search\IE\info.txt c:\program files\Fast Browser Search\IE\local.xml c:\program files\Fast Browser Search\IE\logobg.bmp c:\program files\Fast Browser Search\IE\MTWB3SH.dll c:\program files\Fast Browser Search\IE\MTWBtoolbar.html c:\program files\Fast Browser Search\IE\search.bmp c:\program files\Fast Browser Search\IE\search_br.bmp c:\program files\Fast Browser Search\IE\search_de.bmp c:\program files\Fast Browser Search\IE\search_es.bmp c:\program files\Fast Browser Search\IE\search_fr.bmp c:\program files\Fast Browser Search\IE\search_it.bmp c:\program files\Fast Browser Search\IE\search_pt.bmp c:\program files\Fast Browser Search\IE\search_ru.bmp c:\program files\Fast Browser Search\IE\SearchAssistant.dll c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbhelper.dll c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\uninstall.exe c:\program files\Fast Browser Search\IE\uninstalSGP.exe c:\program files\Fast Browser Search\IE\uninstalSGPU.exe c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\FunWebProducts c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\components\rlxg.dll c:\program files\RelevantKnowledge\install.rdf c:\program files\RelevantKnowledge\msvcp71.dll c:\program files\RelevantKnowledge\msvcr71.dll c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlph.dll c:\program files\Search Guard Plus c:\program files\Search Guard Plus\fbsProtection.xml c:\program files\Search Guard Plus\fbsProtectionI.xml c:\program files\Search Guard Plus\fbsSearchProvider.xml c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe c:\program files\Search Guard Plus\SearchGuardPlus.exe c:\program files\Search Guard Plus\SearchGuardPlus.ico c:\program files\Search Guard Plus\uninstalSGP.exe c:\program files\Search Guard PlusU c:\program files\Search Guard PlusU\SGPU.ico c:\program files\Search Guard PlusU\sgpUpdater.exe c:\program files\Search Guard PlusU\sgpUpdater.xml c:\program files\Search Guard PlusU\sgpUpdaters.exe c:\program files\Search Guard PlusU\uninstalSGPU.exe c:\program files\Search Settings c:\program files\Search Settings\FF\chrome.manifest c:\program files\Search Settings\FF\chrome\content\plugin.js c:\program files\Search Settings\FF\chrome\content\plugin.xul c:\program files\Search Settings\FF\chrome\content\protection.js c:\program files\Search Settings\FF\chrome\content\utils.js c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties c:\program files\Search Settings\FF\components\IFBHOSearch.xpt c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt c:\program files\Search Settings\FF\components\SearchSettingsFF.dll c:\program files\Search Settings\FF\install.rdf c:\program files\Search Settings\SeARchsettings.dll c:\program files\Search Settings\SearchSettings.exe c:\program files\Search Settings\SearchSettingsRes409.dll c:\program files\SGPSA c:\program files\SGPSA\ie3sh.exe c:\program files\SGPSA\mtWB3sh.dll c:\program files\SGPSA\SeARchassistant.dll c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll C:\UNWISE.EXE c:\users\usuario\AppData\Roaming\Desktopicon c:\users\usuario\AppData\Roaming\Desktopicon\eBay.ico c:\users\usuario\AppData\Roaming\Desktopicon\mc.ico c:\users\usuario\AppData\Roaming\Desktopicon\uninst.exe c:\windows\system32\Thumbs.db c:\windows\system32\vb6ko.dll c:\windows\system32\vbzlib1.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_.norton2009Reset (((((((((((((((( Arquivos/Ficheiros criados de 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))) . 2010-08-01 19:22 . 2010-08-01 19:25 -------- d-----w- c:\users\usuario\AppData\Local\temp 2010-08-01 19:22 . 2010-08-01 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-30 17:38 . 2010-07-30 17:38 -------- d-----w- c:\users\usuario\AppData\Local\CutePDF Writer 2010-07-25 22:53 . 2010-07-25 22:53 -------- d-----w- c:\users\usuario\AppData\Local\AVG Security Toolbar 2010-07-25 22:43 . 2010-07-25 22:43 -------- d-----w- C:\$AVG 2010-07-25 22:38 . 2010-07-25 22:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-25 22:38 . 2010-07-25 22:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-25 22:37 . 2010-07-25 22:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-25 22:37 . 2010-07-25 22:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-07-25 22:37 . 2010-08-01 17:41 -------- d-----w- c:\windows\system32\drivers\Avg 2010-07-25 22:37 . 2010-07-25 22:42 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-07-25 22:37 . 2010-07-25 22:37 -------- d-----w- c:\program files\AVG 2010-07-25 22:37 . 2010-07-26 12:56 -------- d-----w- c:\programdata\avg9 2010-07-15 14:05 . 2010-07-15 14:05 -------- d-----w- c:\program files\Free PDF to Word Doc Converter 2010-07-15 14:03 . 2010-07-15 14:03 -------- d-----w- c:\program files\GPLGS 2010-07-15 14:01 . 2009-11-05 11:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2010-07-15 14:01 . 2010-07-15 14:01 -------- d-----w- c:\program files\Acro Software 2010-07-15 13:55 . 2010-07-15 13:55 -------- d-----w- c:\program files\MSECache 2010-07-11 13:35 . 2010-07-11 13:35 -------- d-----w- c:\programdata\Symantec 2010-07-09 19:27 . 2010-07-25 22:31 -------- d-----w- c:\programdata\Norton 2010-07-09 19:27 . 2010-07-09 19:27 -------- d-----w- c:\programdata\NortonInstaller 2010-07-09 02:38 . 2010-07-09 02:38 -------- d-----w- c:\users\usuario\AppData\Local\Apple Computer . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-01 19:03 . 2010-05-20 02:24 -------- d-----w- c:\programdata\Babylon 2010-08-01 18:09 . 2009-08-28 04:08 -------- d-----w- c:\users\usuario\AppData\Roaming\LimeWire 2010-08-01 13:37 . 2008-01-21 06:32 634024 ----a-w- c:\windows\system32\prfh0416.dat 2010-08-01 13:37 . 2008-01-21 06:32 121690 ----a-w- c:\windows\system32\prfc0416.dat 2010-07-21 01:02 . 2009-11-08 15:12 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-07-20 22:01 . 2009-08-28 01:52 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-07-15 04:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-15 01:57 . 2009-12-17 03:45 -------- d-----w- c:\users\usuario\AppData\Roaming\Audacity 2010-07-09 20:30 . 2010-05-20 02:24 -------- d-----w- c:\users\usuario\AppData\Roaming\Babylon 2010-07-09 19:41 . 2009-08-27 18:20 -------- d-----w- c:\programdata\Kaspersky Lab 2010-07-09 19:39 . 2009-08-27 18:20 -------- d-----w- c:\program files\Kaspersky Lab 2010-06-30 17:22 . 2010-07-25 22:42 2102600 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2010-06-16 21:18 . 2009-09-06 14:21 -------- d-----w- c:\program files\DsNET Corp 2010-06-16 19:03 . 2010-06-16 19:03 -------- d-----w- c:\program files\WinPcap 2010-06-09 22:20 . 2010-06-09 22:20 307200 ----a-w- c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe 2010-06-09 22:20 . 2010-06-09 22:20 172032 ----a-w- c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe 2010-06-05 16:33 . 2009-08-28 01:41 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-26 17:06 . 2010-06-10 12:30 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-10 12:30 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-23 20:50 . 2010-06-09 22:20 73216 ----a-w- c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll 2010-05-21 17:14 . 2009-10-02 17:45 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-20 02:25 . 2010-05-20 02:25 114717 ----a-w- c:\windows\system32\3kB_7682Q.exe 2010-05-04 05:59 . 2010-06-10 12:33 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-10 12:33 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-10 12:33 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-10 12:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-28 21:57 . 2009-08-28 21:54 848 --sha-w- c:\windows\System32\KGyGaAvL.sys 2008-06-20 20:49 . 2008-06-20 20:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}] 2010-05-31 17:44 2515552 ----a-w- c:\program files\4shared.com\tb4sh1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a7d1aed-2150-410e-a094-14d834aaf430}] 2010-05-29 15:50 2393184 ----a-w- c:\program files\Games_Bar_Brazil\tbGam1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}] 2009-12-28 17:50 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-06-30 17:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-05-06 20:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2009-10-19 18:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736] "{1a7d1aed-2150-410e-a094-14d834aaf430}"= "c:\program files\Games_Bar_Brazil\tbGam1.dll" [2010-05-29 2393184] "{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sh1.dll" [2010-05-31 2515552] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{1a7d1aed-2150-410e-a094-14d834aaf430}] [HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736] "{1A7D1AED-2150-410E-A094-14D834AAF430}"= "c:\program files\Games_Bar_Brazil\tbGam1.dll" [2010-05-29 2393184] "{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sh1.dll" [2010-05-31 2515552] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{1a7d1aed-2150-410e-a094-14d834aaf430}] [HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-26 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 4702208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656] "Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2002-01-31 258116] "NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 1373480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "desp2k"="c:\program files\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Skytel"="Skytel.exe" [2007-10-12 1826816] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-05-20 3740088] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-25 2065760] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-1 113664] AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2008-11-28 163840] Monitor.lnk - c:\sw_cadastro\Monitor.exe [2008-11-28 3671427] PCTV Quick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-11-28 598016] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex( B ) :a5,dd,02,c3,c2,6e,ca,01 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 135664] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-08-29 1183744] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432] R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-08 691696] S0 Shield;Shield; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-25 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-25 243024] S1 cloverm;cloverm; [x] S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928] S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-04-14 348160] S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-04-11 393216] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-25 308136] S2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440] S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704] S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:54] 2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:54] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm Trusted Zone: com.br\www.pcdafamilia Trusted Zone: realsecureweb.com.br\www Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORFÃOS REMOVIDOS - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe HKLM-Run-PCFChecker - pcfchck.exe HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe AddRemove-eBay Icon - c:\users\usuario\AppData\Roaming\Desktopicon\uninst.exe AddRemove-Fruity Loops Studio Producer Edition XXL v6.04 Patcher - C:\UNWISE.EXE AddRemove-GDIC - c:\dts\GDIC\instal32.exe AddRemove-{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1 - c:\program files\DsNET Corp\aTube Catcher 1.0\unins000.exe AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-01 16:25 Windows 6.0.6002 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run FBSSA = c:\program files\SGPSA\ie3sh.exe??????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-2554772655-2881659568-2422397633-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6AF87E5F-5AFD-0BDC-5AA7-D83AF7E71150}*] "oadckcmkpbodpkacemacgheljmpmdl"=hex:6b,61,61,70,65,61,6d,63,64,6f,64,66,70,6f, 6a,68,61,68,6c,69,6a,69,00,00 "nafdmdhfkmklkkegpjjnloiacmmd"=hex:6b,61,61,70,62,61,62,64,67,65,6a,68,64,62, 63,67,6d,69,62,65,6e,66,00,00 "oapailoldoakepjhblajjipoiajeao"=hex:64,61,61,70,67,61,70,66,00,64 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Outros Processos em Execução ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe . ************************************************************************** . Tempo para conclusão: 2010-08-01 16:33:38 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-08-01 19:33 Pré-execução: 126.620.663.808 bytes disponíveis Pós execução: 131.850.518.528 bytes disponíveis - - End Of File - - 58AA37720030F56B93FB5B21A1A7B0CE Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:43:44, on 31/07/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Oi Velox\Manager\desp2k.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe C:\SW_Cadastro\Monitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (file missing) O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PCFChecker] pcfchck.exe O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O15 - Trusted Zone: http://www.pcdafamilia.com.br O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: .norton2009Reset - - (no file) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 15119 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 1, 2010 :) Vários problemas foram removidos pelo Combofix. __________________________ :!: Mas o seu log do Hijackthis é o mesmo daquele que você postou ontem. Poste um novo log do Hijackthis, por gentileza, para podermos analisar como o seu PC está melhorando. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Agosto 2, 2010 :) Vários problemas foram removidos pelo Combofix. __________________________ :!: Mas o seu log do Hijackthis é o mesmo daquele que você postou ontem. Poste um novo log do Hijackthis, por gentileza, para podermos analisar como o seu PC está melhorando. Bem eu acabei de gerar um log do Hijackthis até marquei o horário que o gerei está na segunda linha do log...bem como não entendo nada do que está querendo dizer este "log" espero que possa me informar assim se possível se houve uma ação eficiente para deixar o meu pc arrumado... Desde já agradeço a sua gentileza e atenção... ^_^ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:43:19, on 02/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Oi Velox\Manager\desp2k.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe C:\SW_Cadastro\Monitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing) O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O15 - Trusted Zone: http://www.pcdafamilia.com.br O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 13504 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 2, 2010 :) Seu log já melhorou, mas ainda existem outros problemas. _______________________________ :seta: Baixe e execute este programa do link abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento): http://download.gizmo5.com/jasmine/TurnOffBonjour.exe _______________________________ :seta: Siga, por gentileza, as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover '>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware ____________________________ :seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis, o log que estará em C:\Ad-Report-CLEAN[1].log e o log que estará em C:\ToolBar SD\TB_1.txt e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Agosto 3, 2010 :) Seu log já melhorou, mas ainda existem outros problemas. _______________________________ :seta: Baixe e execute este programa do link abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento): http://download.gizmo5.com/jasmine/TurnOffBonjour.exe _______________________________ :seta: Siga, por gentileza, as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover '>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware ____________________________ :seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis, o log que estará em C:\Ad-Report-CLEAN[1].log e o log que estará em C:\ToolBar SD\TB_1.txt e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Estou enviando os logs que pediu e gostaria de saber quanto tempo até eu poder excluir os arquivos queestão de quarentena por causa do Malwarebytes. Durane a execução dos programas que me indicou um deles apresentou, ao me ver um comportamento estranho, :huh: ad-r ele começou a scaniar e logo deu a seguinte mensagem: Line9356 (File "C:\Program Files\Ad-Remover|main.exe"); Error: Incorrect number of parameters in function call. Ma mesmo assim no C tinha este arquivo, poderia me informar se algo está errado ou se é realmente assim que este programa trabalha ======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 ======= Updated by C_XX on 13/06/10 at 20:40 Contact: AdRemover.contact@gmail.com website: http://pagesperso-orange.fr/NosTools/ad_remover.html C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 10:58:48 on 03/08/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) usuario, USUARIO-PC (Positivo Informatica S/A POS-MIG31AG) ============== ACTION(S) ============== Service: "Application Updater" Service stopped and deleted Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4386 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 03/08/2010 18:07:48 mbam-log-2010-08-03 (18-07-48).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 198723 Tempo decorrido: 56 minuto(s), 21 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 2 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 3 Arquivos Infectados: 6 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CLASSES_ROOT\FlashVideo.clsFlashVideo (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SeekService (Adware.SeekService) -> Quarantined and deleted successfully. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: C:\ProgramData\SeekService (Adware.SeekService) -> Quarantined and deleted successfully. C:\Program Files\SeekService (Adware.SeekService) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Arquivos Infectados: C:\Program Files\Adobe\Reader 8.0\Reader\AIR\nppdf32.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft® Windows Vista™ Home Basic ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2200 @ 2.20GHz ) BIOS : Default System BIOS USER : usuario ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:232 Go (Free:112 Go) D:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 03/08/2010|16:13 ) [ UAC => 1 ] -----------\\ Procura por Arquivos / Ficheiros ... C:\Program Files\Mozilla Firefox\extensions\dealio@mybrowserbar.com C:\Program Files\DAEMON Tools Toolbar C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak0 C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak1 C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak2 C:\Program Files\DAEMON Tools Toolbar\Resources C:\Program Files\DAEMON Tools Toolbar\uninst.exe C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico C:\Program Files\DAEMON Tools Toolbar\Resources\accept.ico C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico C:\Program Files\DAEMON Tools Toolbar\Resources\as.png C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astroburn_site.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astroLite_16.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_buy.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_download.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_feedback.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_forum.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_home.ico C:\Program Files\DAEMON Tools Toolbar\Resources\astro_lite.ico C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico C:\Program Files\DAEMON Tools Toolbar\Resources\burn_files.ico C:\Program Files\DAEMON Tools Toolbar\Resources\burn_image.ico C:\Program Files\DAEMON Tools Toolbar\Resources\burn_imgs.ico C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\download.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt-home.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dtt16.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dtt32.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_about.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_buy.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_download.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_faq.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_feedback.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_forum.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_line.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_lite.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_manual.ico C:\Program Files\DAEMON Tools Toolbar\Resources\dt_pro.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico C:\Program Files\DAEMON Tools Toolbar\Resources\faq.ico C:\Program Files\DAEMON Tools Toolbar\Resources\favicon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico C:\Program Files\DAEMON Tools Toolbar\Resources\feedback.ico C:\Program Files\DAEMON Tools Toolbar\Resources\forum.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameS.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GameSA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\games_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\games_search_SA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\gct16.ico C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico C:\Program Files\DAEMON Tools Toolbar\Resources\hide.ico C:\Program Files\DAEMON Tools Toolbar\Resources\home.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ImageS.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ImageSA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\image_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\image_search_SA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\manual.ico C:\Program Files\DAEMON Tools Toolbar\Resources\map.ico C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico C:\Program Files\DAEMON Tools Toolbar\Resources\mount.ico C:\Program Files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioM.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\rbcheck.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rbtxt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RssA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RssA1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico C:\Program Files\DAEMON Tools Toolbar\Resources\RssRefresh.ico C:\Program Files\DAEMON Tools Toolbar\Resources\s2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\show.ico C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\size_lr.ico C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\size_rl.ico C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico C:\Program Files\DAEMON Tools Toolbar\Resources\soft24.ico C:\Program Files\DAEMON Tools Toolbar\Resources\soft24_SA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico C:\Program Files\DAEMON Tools Toolbar\Resources\timer.ico C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico C:\Program Files\DAEMON Tools Toolbar\Resources\unmount-all.ico C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp C:\Program Files\DAEMON Tools Toolbar\Resources\WebS.ico C:\Program Files\DAEMON Tools Toolbar\Resources\WebSa.ico C:\Program Files\DAEMON Tools Toolbar\Resources\web_resources.ico C:\Program Files\DAEMON Tools Toolbar\Resources\web_search.ico C:\Program Files\DAEMON Tools Toolbar\Resources\web_search_SA.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi14.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.google.com.br/" "Url"="http://go.microsoft.com/fwlink/?LinkId=75724" "Url"="http://go.microsoft.com/fwlink/?LinkId=75723" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\Windows\\System32\\blank.htm" "Search Bar"="http://search.msn.com/spbasic.htm" --------------------\\ Procurando por outras infecções Não foram encontradas outras infecções. [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 03/08/2010|16:14 - Option : [1] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:30:05, on 03/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Oi Velox\Manager\desp2k.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe C:\SW_Cadastro\Monitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\HiJackThis\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing) O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing) O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O15 - Trusted Zone: http://www.pcdafamilia.com.br O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 13142 bytes Desde já agradeço a ajuda... :D Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 4, 2010 Estou enviando os logs que pediu e gostaria de saber quanto tempo até eu poder excluir os arquivos queestão de quarentena por causa do Malwarebytes. :seta: Depois de uma semana você já pode removê-los definitivamente. _______________________________ :seta: Vários problemas foram encontrados pelo Toolbar S&D, mas consta que ainda não foram removidos. Dê um duplo clique no ícone do Toolbar S&D e surgirá uma tela onde você irá teclar P e pressione a tecla Enter Aparecerá uma outra tela, na qual você clicará no botão OK Surgirá então outra tela, onde você teclará 2 e pressionará a tecla Enter Será iniciada a busca pelas toolbars maliciosas e a remoção delas, aguarde a conclusão da limpeza. Aguarde até que o escaneamento seja concluído. Assim que ele terminar, surgirá uma tela como esta abaixo: Surgirá também um arquivo do Bloco de Notas contendo o relatório (log) mostrando todos os problemas que possam ter sido encontrados e removidos. O log (relatório) do escaneamento estará também em C:\ToolBar SD\TB_1.txt (ou então em TB_2.txt) ______________________________ Durante a execução dos programas que me indicou um deles apresentou, ao me ver um comportamento estranho, ad-r ele começou a scaniar e logo deu a seguinte mensagem: Line9356 (File "C:\Program Files\Ad-Remover|main.exe"); Error: Incorrect number of parameters in function call. Ma mesmo assim no C tinha este arquivo, poderia me informar se algo está errado ou se é realmente assim que este programa trabalha Realmente houve um problema na execução dele, tente executá-lo novamente seguindo as dicas daquele tutorial dele que te passei e veja se desta vez ele consegue concluir a limpeza. Caso desta vez ele consiga, você posta o log dele também em sua próxima resposta, juntamente com um novo log do Hijackthis, o log do Toolbar S&D e nos diz como está seu PC depois destes procedimentos. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Agosto 4, 2010 Estou enviando os logs que pediu e gostaria de saber quanto tempo até eu poder excluir os arquivos queestão de quarentena por causa do Malwarebytes. :seta: Depois de uma semana você já pode removê-los definitivamente. _______________________________ :seta: Vários problemas foram encontrados pelo Toolbar S&D, mas consta que ainda não foram removidos. Dê um duplo clique no ícone do Toolbar S&D e surgirá uma tela onde você irá teclar P e pressione a tecla Enter Aparecerá uma outra tela, na qual você clicará no botão OK Surgirá então outra tela, onde você teclará 2 e pressionará a tecla Enter Será iniciada a busca pelas toolbars maliciosas e a remoção delas, aguarde a conclusão da limpeza. Aguarde até que o escaneamento seja concluído. Assim que ele terminar, surgirá uma tela como esta abaixo: Surgirá também um arquivo do Bloco de Notas contendo o relatório (log) mostrando todos os problemas que possam ter sido encontrados e removidos. O log (relatório) do escaneamento estará também em C:\ToolBar SD\TB_1.txt (ou então em TB_2.txt) ______________________________ Durante a execução dos programas que me indicou um deles apresentou, ao me ver um comportamento estranho, ad-r ele começou a scaniar e logo deu a seguinte mensagem: Line9356 (File "C:\Program Files\Ad-Remover|main.exe"); Error: Incorrect number of parameters in function call. Ma mesmo assim no C tinha este arquivo, poderia me informar se algo está errado ou se é realmente assim que este programa trabalha Realmente houve um problema na execução dele, tente executá-lo novamente seguindo as dicas daquele tutorial dele que te passei e veja se desta vez ele consegue concluir a limpeza. Caso desta vez ele consiga, você posta o log dele também em sua próxima resposta, juntamente com um novo log do Hijackthis, o log do Toolbar S&D e nos diz como está seu PC depois destes procedimentos. Ficamos na espera. tive que baixar o ad-remver de ouro site para que conseguir que ele executasse ======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 ======= Updated by C_XX on 26/07/10 at 12:00 Contact: AdRemover.contact[AT]gmail.com website: http://pagesperso-orange.fr/NosTools/ad_remover.html C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:02:09 on 04/08/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) usuario@USUARIO-PC (Positivo Informatica S/A POS-MIG31AG) ============== ACTION(S) ============== 3,File deleted: C:\Windows\system32\3kB_7682Q.exe 0,Folder deleted: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} 0,File deleted: C:\Users\Public\MyWebTattoo.exe 0,File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar 0,Folder deleted: C:\Program Files\Application Updater 0,Folder deleted: C:\Program Files\Ask.com 0,Folder deleted: C:\Users\usuario\AppData\LocalLow\Conduit 0,Folder deleted: C:\Program Files\Conduit 0,Folder deleted: C:\Users\usuario\AppData\LocalLow\Dealio 0,Folder deleted: C:\Users\usuario\AppData\LocalLow\PriceGong 0,Folder deleted: C:\Users\usuario\AppData\LocalLow\Search Settings 3,File deleted: C:\Windows\Installer\165d250.msi 3,File deleted: C:\Windows\Installer\27ce638.msi 3,File deleted: C:\Windows\Installer\27ce63e.msi (!) -- Temporary files deleted. -- File opened: C:\Users\usuario\AppData\Roaming\Mozilla\FireFox\Profiles\sld7ts7d.default\Prefs.js -- Line deleted: user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Line deleted: user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223... Line deleted: user_pref("browser.search.defaultthis.engineName", "4shared Web Search"); Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&Sea... -- File closed -- 1,Key deleted: HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} 1,Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} 1,Key deleted: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} 1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} 1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} 1,Key deleted: HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} 1,Key deleted: HKLM\Software\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} 1,Key deleted: HKLM\Software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} 1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} 1,Key deleted: HKLM\Software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A} 1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} 1,Key deleted: HKLM\Software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF} 1,Key deleted: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} 1,Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B} 1,Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} 1,Key deleted: HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} 3,Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3kB_7682Q 0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd 0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 0,Key deleted: HKLM\Software\Classes\Toolbar.CT2233703 0,Key deleted: HKLM\Software\Classes\Toolbar.CT2444516 0,Key deleted: HKLM\Software\Classes\URLSearchHook.UOLSearchHook 0,Key deleted: HKLM\Software\Classes\URLSearchHook.UOLSearchHook.1 0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL 1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} 0,Key deleted: HKLM\Software\Application Updater 0,Key deleted: HKLM\Software\Conduit 0,Key deleted: HKCU\Software\Ask.com 0,Key deleted: HKCU\Software\Conduit 0,Key deleted: HKCU\Software\AppDataLow\AskBarDis 0,Key deleted: HKCU\Software\AppDataLow\AskHomePage 0,Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar 0,Key deleted: HKCU\Software\AppDataLow\Software\Conduit 0,Key deleted: HKCU\Software\AppDataLow\Software\Dealio 0,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\RelevantKnowledge 3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{12B1D6FA-C6EF-4275-B0EA-5BBEA6551E44} 3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} 3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} 3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04DC431D-A404-4c51-AC7E-3C316CCEEFB6} 3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} 0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} 0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91} 0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings 0,Key deleting error: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar (Error code: 1) 0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} 0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{1BB22D38-A411-4B13-A746-C2A4F4EC7344} 0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} 0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{1BB22D38-A411-4B13-A746-C2A4F4EC7344} ============== ADDITIONNAL SCAN ============== ** Mozilla Firefox Version [3.6.8 (pt-BR)] ** -- C:\Users\usuario\AppData\Roaming\Mozilla\FireFox\Profiles\sld7ts7d.default\Prefs.js -- browser.download.lastDir, C:\\Users\\usuario\\Desktop browser.search.defaultenginename, Yahoo browser.search.selectedEngine, Yahoo browser.startup.homepage, hxxp://www.google.com.br/ browser.startup.homepage_override.mstone, rv:1.9.2.8 keyword.URL, hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p= ======================================== ** Internet Explorer Version [8.0.6001.18928] ** [HKCU\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\Windows\System32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 58 File(s) C:\Program Files\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 04/08/2010 (8946 Byte(s)) End at: 12:08:13, 04/08/2010 ============== E.O.F ============== -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft® Windows Vista™ Home Basic ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2200 @ 2.20GHz ) BIOS : Default System BIOS USER : usuario ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:232 Go (Free:110 Go) D:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 04/08/2010|12:19 ) [ UAC => 1 ] -----------\\ Procura por Arquivos / Ficheiros ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Start Page"="http://fr.msn.com/" "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search bar"="http://go.microsoft.com/fwlink/?linkid=54896" "Url"="http://go.microsoft.com/fwlink/?LinkId=75724" "Url"="http://go.microsoft.com/fwlink/?LinkId=75723" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\Windows\\System32\\blank.htm" "Search Bar"="http://search.msn.com/spbasic.htm" --------------------\\ Procurando por outras infecções Não foram encontradas outras infecções. [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 03/08/2010|16:14 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 03/08/2010|16:17 - Option : [1] 3 - "C:\ToolBar SD\TB_3.txt" - 03/08/2010|16:27 - Option : [2] 4 - "C:\ToolBar SD\TB_4.txt" - 04/08/2010|11:16 - Option : [2] 5 - "C:\ToolBar SD\TB_5.txt" - 04/08/2010|12:20 - Option : [2] -----------\\ Verificação completa em 12:20:31,18 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:21:27, on 04/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Oi Velox\Manager\desp2k.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe C:\SW_Cadastro\Monitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\usuario\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O15 - Trusted Zone: http://www.pcdafamilia.com.br O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 12644 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 4, 2010 :) Vários problemas foram removidos. _________________________ :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) __________________________ :seta: Desinstale estas toolbars que costumam deixar a navegação mais lenta: CUOLSearchHook Object SweetIM Toolbar SuggestMeYesBHO AutocompletePro Oryte Games Brazil Toolbar __________________________ :seta: Acesse o site http://virscan.org/ e envie o arquivo C:\SW_Cadastro\Monitor.exe para análise. Aguarde até que a análise seja concluida > copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta > caso o site acima esteja com algum problema envie o arquivo para análise nestes sites abaixo e nos diga o resultado da análise: http://www.virustotal.com/ http://virusscan.jotti.org/ http://www.viruschief.com/ Nestes sites acima o arquivo será escaneado por vários antivírus ao mesmo tempo, o que dará uma certeza muito maior de que o arquivo seja seguro ou não. ____________________________ :seta: Siga também estas dicas: '>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner '>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online __________________________ :seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner, o link com o resultado do escaneamento do arquivo C:\SW_Cadastro\Monitor.exe e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Agosto 8, 2010 :) Vários problemas foram removidos. _________________________ :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) __________________________ :seta: Desinstale estas toolbars que costumam deixar a navegação mais lenta: CUOLSearchHook Object SweetIM Toolbar SuggestMeYesBHO AutocompletePro Oryte Games Brazil Toolbar __________________________ :seta: Acesse o site http://virscan.org/ e envie o arquivo C:\SW_Cadastro\Monitor.exe para análise. Aguarde até que a análise seja concluida > copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta > caso o site acima esteja com algum problema envie o arquivo para análise nestes sites abaixo e nos diga o resultado da análise: http://www.virustotal.com/ http://virusscan.jotti.org/ http://www.viruschief.com/ Nestes sites acima o arquivo será escaneado por vários antivírus ao mesmo tempo, o que dará uma certeza muito maior de que o arquivo seja seguro ou não. ____________________________ :seta: Siga também estas dicas: '>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner '>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online __________________________ :seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner, o link com o resultado do escaneamento do arquivo C:\SW_Cadastro\Monitor.exe e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Desculpe a demora, bem... aqui está o que pediu http://virscan.org/report/000d8af89581cc6b3c70ee07768be460.html'>http://virscan.org/report/000d8af89581cc6b3c70ee07768be460.html"]http://virscan.org/report/000d8af89581cc6b3c70ee07768be460.html Norman Malware Cleaner Version 1.6.2 Copyright © 1990 - 2009, Norman ASA. Built 2010/08/06 21:28:46 Norman Scanner Engine Version: 6.05.11 Nvcbin.def Version: 6.05.00, Date: 2010/08/06 21:28:46, Variants: 6459110 Scan started: 07/08/2010 11:36:54 Running pre-scan cleanup routine: Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2 Logged on user: usuario-PC\usuario Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Scanning bootsectors... Number of sectors found: 0 Number of sectors scanned: 0 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 0s Scanning running processes and process memory... C:\Windows\system32\cmpe.exe (Infected with W32/Suspicious_Gen2.TUSB) Terminated process Removed service: cmpe Deleted file Number of processes/threads found: 7355 Number of processes/threads scanned: 7355 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 1 Total scanning time: 6m 39s Scanning file system... Scanning: prescan Scanning: C:\*.* C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\FbsSearchProviderIE8.exe.vir (Infected with W32/Suspicious_Gen3.EJJQ) Deleted file C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\sgpUpdater.exe.vir (Infected with W32/SearchGuardPlus.A) Deleted file C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\SGPUpdaterS.exe.vir (Infected with W32/SearchGuardPlus.A) Deleted file C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\components\rlxg.dll.vir (Infected with W32/Adware.A!genr) Deleted file C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir (Infected with W32/Adware.A!genr) Deleted file C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir (Infected with AdSpy.U) Deleted file C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlph.dll.vir (Infected with W32/Adware.A!genr) Deleted file C:\Qoobox\Quarantine\C\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe.vir (Infected with W32/Suspicious_Gen3.EJJQ) Deleted file C:\Qoobox\Quarantine\C\Program Files\Search Guard PlusU\sgpUpdater.exe.vir (Infected with W32/SearchGuardPlus.A) Deleted file C:\Qoobox\Quarantine\C\Program Files\Search Guard PlusU\sgpUpdaters.exe.vir (Infected with W32/SearchGuardPlus.A) Deleted file C:\System Volume Information\{1ccfe11b-9fca-11df-8702-c460a5c7f0a7}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{209cf42b-9ca8-11df-ac18-8ea76b9c5ccb}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{414a5941-a0a5-11df-9f2f-ac23f6e4aaa6}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{5ba48a9a-a0e1-11df-bda6-bbc41ab9a3c9}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{94cc11a4-a158-11df-863a-cd3ebc707096}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{a8fbd01b-9e33-11df-bda7-b6a18448ffcf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{adc5731f-9da4-11df-ba4c-a60d4c520b9b}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{cf2f77a4-9ee8-11df-98ce-9f946ee6f8b3}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\System Volume Information\{cf2f77d2-9ee8-11df-98ce-e9d863cf8655}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied) C:\Users\usuario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3a8bbaf1-18b8d4c5/Main.class (Infected with JAVA/DLoader. B ) Deleted file C:\Users\usuario\Documents\eryk\programas\Fruity Loops Studio Producer Edition XXL v6.04 [WwW.LiMiTeDiVx.CoM][LMD-T34M Flint].zip/Fruity Loops Studio Producer Edition XXL v6.04 [WwW.LiMiTeDiVx.CoM][LMD-T34M Flint]/PATCHER.EXE (Infected with Suspicious_Gen2.AAOTW) Deleted file Scanning: postscan Running post-scan cleanup routine: Set TCP/IP autotuning to "normal" (or it was already "normal") Number of files found: 512026 Number of archives unpacked: 3702 Number of files scanned: 511971 Number of files not scanned: 55 Number of files skipped due to exclude list: 0 Number of infected files found: 12 Number of infected files repaired/deleted: 12 Number of infections removed: 12 Total scanning time: 4h 6m 56s Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:22:30, on 08/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Oi Velox\Manager\desp2k.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe C:\SW_Cadastro\Monitor.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\conime.exe C:\Program Files\LimeWire\LimeWire.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Users\usuario\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O15 - Trusted Zone: http://www.pcdafamilia.com.br O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 12230 bytes bem estou em dúvida a respeito do eset online, o executei um vez ele listou 7 arquivos infectados, e no log só se encontrava esta mensagem: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK no tutorial não explica se devo selecionar ou não a opção delete quarantined files antes de clicar em finish então resolvi executar o programa novamente só que desta vez não foi encontrado nenhum arquivo infectado, mas na lista de quarentena se encontravam os memos 7 arquivos... e no log estava escrito assim: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 o que estou questionando se devo ou não deletar estes arquivos que ficaram de quarentena e quando devo fazer isto... desde já agradeço Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 8, 2010 Antonio Vieira está ocupado com monografia na faculdade e solicitou-me, via MP, para dar continuidade nos seus casos. O PC está limpo. :) 1. *Execute novamente o AD-Remover *Clique em [uninstall] 2. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 3. *Vá em Adicionar/Remover programas e desinstale o Norman Malware Cleaner 4. *Execute o arquivo abaixo: c:\arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
darlas 0 Denunciar post Postado Agosto 9, 2010 obrigada aos dois por ter me auxiliado de maneira tão gentil. :clap: Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Agosto 9, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites