[Resolvido!] Mensagem de erro ao iniciar o pc

[darlas 0]

Boa tarde,

 

 

O meu anti-virus do meu computador venceu e resolvir baixar outro, após ter feito a instalação o meu pc passou a apresentar ao ser inicializado uma caixa de mensagem com o título "ie3sh.exe - Não foi possível localizar o componente" e a mensagem da caixa é "Este aplicativo não pôde ser iniciado porquer não foi encontrado BHO.DLL. A reinstalação do aplicativo pode corrigir o problema.". Como não tenho noção do que está ocorrendo toda vez clico em ok e em siguida visualizo a mensagem "IE3SH Application parou de funcionar" e clico no botão fechar programa...Diante desta situação alguém pode me auxiliar a resolver este problema?

[Power Max 54]

:) Olá Darlas!

 

:seta: Crie uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis).

 

Faça o download do HijackThis e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela.

 

Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept.

 

Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

 

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

 

Ficamos no aguardo de sua resposta.

[darlas 0]

:) Olá Darlas!

 

:seta: Crie uma pasta própria (como por exemplo C:\Arquivos de Programas\HijackThis).

 

Faça o download do HijackThis e no momento de salvá-lo escolha a opção de salvá-lo nesta pasta que você acabou de criar e descompacte o hijackthis.zip dentro dela.

 

Dê um duplo clique no instalador do Hijackthis > clique na opção I Accept.

 

Clique no botão: Do a system scan and save a logfile. Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

 

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

 

Ficamos no aguardo de sua resposta.

Bem desculpe a falta de conhecimento ,...mas posso postar o log neste mesmo tópico que abri?... estou questionando pois não quero de maneira nenhuma quebrar alguma regra ou ser penalizada...desde já agradeço a atenção e a boa vontade em me ajudar e a paciência em aturar estas perguntas que faço...espero que possa me responder em breve.

[Power Max 54]

Bem desculpe a falta de conhecimento ,...mas posso postar o log neste mesmo tópico que abri?... estou questionando pois não quero de maneira nenhuma quebrar alguma regra ou ser penalizada...desde já agradeço a atenção e a boa vontade em me ajudar e a paciência em aturar estas perguntas que faço...espero que possa me responder em breve.

:) Sim, todos os logs que te pedir você posta aqui neste mesmo tópico.

[darlas 0]

Bem desculpe a falta de conhecimento ,...mas posso postar o log neste mesmo tópico que abri?... estou questionando pois não quero de maneira nenhuma quebrar alguma regra ou ser penalizada...desde já agradeço a atenção e a boa vontade em me ajudar e a paciência em aturar estas perguntas que faço...espero que possa me responder em breve.

:) Sim, todos os logs que te pedir você posta aqui neste mesmo tópico.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:43:44, on 31/07/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Oi Velox\Manager\desp2k.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\SW_Cadastro\Monitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (file missing)

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [PCFChecker] pcfchck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe

O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O15 - Trusted Zone: http://www.pcdafamilia.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: .norton2009Reset - - (no file)

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 15119 bytes

[Power Max 54]

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[darlas 0]

Estou enviando os log que pediu... bem me atrapalhei um pouco fazendo o que pediu mas acho que deu tudo certo no final,... a mensagem de erro sumiu...

 

Devo agora apagar as pastas que foram criadas pelo dois programas, juntamente com seu respectivos instaladores?

 

Desde já agradeço a sua disponibilidade e atenção dada a minha pessoa... :)

 

 

ComboFix 10-07-31.04 - usuario 01/08/2010 16:11:09.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.55.1046.18.2038.1177 [GMT -3:00]

Executando de: c:\users\usuario\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 100 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Dealio Toolbar

c:\program files\Dealio Toolbar\FF\chrome.manifest

c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js

c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul

c:\program files\Dealio Toolbar\FF\chrome\content\login.js

c:\program files\Dealio Toolbar\FF\chrome\content\login.xul

c:\program files\Dealio Toolbar\FF\chrome\content\parser.js

c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js

c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js

c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul

c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js

c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul

c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties

c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css

c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif

c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css

c:\program files\Dealio Toolbar\FF\components\config.ini

c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll

c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt

c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt

c:\program files\Dealio Toolbar\FF\install.rdf

c:\program files\Dealio Toolbar\IE\4.0.2\config.ini

c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

c:\program files\Dealio Toolbar\Res\amazon.gif

c:\program files\Dealio Toolbar\Res\apple.gif

c:\program files\Dealio Toolbar\Res\barnes.gif

c:\program files\Dealio Toolbar\Res\bestbuy.gif

c:\program files\Dealio Toolbar\Res\dealio_logo.gif

c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\Res\ebay.gif

c:\program files\Dealio Toolbar\Res\icon_settings.gif

c:\program files\Dealio Toolbar\Res\macys.gif

c:\program files\Dealio Toolbar\Res\newegg.gif

c:\program files\Dealio Toolbar\Res\overstock.gif

c:\program files\Dealio Toolbar\Res\search-button-hover.gif

c:\program files\Dealio Toolbar\Res\search-button.gif

c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

c:\program files\Dealio Toolbar\Res\search-chevron.gif

c:\program files\Dealio Toolbar\Res\search_amazon.gif

c:\program files\Dealio Toolbar\Res\search_dealio.gif

c:\program files\Dealio Toolbar\Res\search_ebay.gif

c:\program files\Dealio Toolbar\Res\search_yahoo.gif

c:\program files\Dealio Toolbar\Res\target.gif

c:\program files\Dealio Toolbar\Res\walmart.gif

c:\program files\Dealio Toolbar\Res\widgets.xml

c:\program files\Dealio Toolbar\WidgiHelper.exe

c:\program files\Fast Browser Search

c:\program files\Fast Browser Search\IE\1.bat

c:\program files\Fast Browser Search\IE\about.html

c:\program files\Fast Browser Search\IE\affid.dat

c:\program files\Fast Browser Search\IE\basis.xml

c:\program files\Fast Browser Search\IE\basis_br.xml

c:\program files\Fast Browser Search\IE\basis_de.xml

c:\program files\Fast Browser Search\IE\basis_en.xml

c:\program files\Fast Browser Search\IE\basis_es.xml

c:\program files\Fast Browser Search\IE\basis_fr.xml

c:\program files\Fast Browser Search\IE\basis_it.xml

c:\program files\Fast Browser Search\IE\basis_nr.xml

c:\program files\Fast Browser Search\IE\basis_pt.xml

c:\program files\Fast Browser Search\IE\basis_ru.xml

c:\program files\Fast Browser Search\IE\basis_tr.xml

c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe

c:\program files\Fast Browser Search\IE\error.html

c:\program files\Fast Browser Search\IE\fbsProtection.xml

c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml

c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe

c:\program files\Fast Browser Search\IE\FBStoolbar.dll

c:\program files\Fast Browser Search\IE\fbstoolbar.jar

c:\program files\Fast Browser Search\IE\fbstoolbar.manifest

c:\program files\Fast Browser Search\IE\icons.bmp

c:\program files\Fast Browser Search\IE\ie3sh.exe

c:\program files\Fast Browser Search\IE\info.txt

c:\program files\Fast Browser Search\IE\local.xml

c:\program files\Fast Browser Search\IE\logobg.bmp

c:\program files\Fast Browser Search\IE\MTWB3SH.dll

c:\program files\Fast Browser Search\IE\MTWBtoolbar.html

c:\program files\Fast Browser Search\IE\search.bmp

c:\program files\Fast Browser Search\IE\search_br.bmp

c:\program files\Fast Browser Search\IE\search_de.bmp

c:\program files\Fast Browser Search\IE\search_es.bmp

c:\program files\Fast Browser Search\IE\search_fr.bmp

c:\program files\Fast Browser Search\IE\search_it.bmp

c:\program files\Fast Browser Search\IE\search_pt.bmp

c:\program files\Fast Browser Search\IE\search_ru.bmp

c:\program files\Fast Browser Search\IE\SearchAssistant.dll

c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe

c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico

c:\program files\Fast Browser Search\IE\SGPU.ico

c:\program files\Fast Browser Search\IE\sgpUpdater.exe

c:\program files\Fast Browser Search\IE\sgpUpdater.xml

c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe

c:\program files\Fast Browser Search\IE\tbhelper.dll

c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js

c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js

c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js

c:\program files\Fast Browser Search\IE\Toolbar Help.htm

c:\program files\Fast Browser Search\IE\uninstall.exe

c:\program files\Fast Browser Search\IE\uninstalSGP.exe

c:\program files\Fast Browser Search\IE\uninstalSGPU.exe

c:\program files\Fast Browser Search\IE\update.exe

c:\program files\Fast Browser Search\IE\version.txt

c:\program files\FunWebProducts

c:\program files\RelevantKnowledge

c:\program files\RelevantKnowledge\components\rlxg.dll

c:\program files\RelevantKnowledge\install.rdf

c:\program files\RelevantKnowledge\msvcp71.dll

c:\program files\RelevantKnowledge\msvcr71.dll

c:\program files\RelevantKnowledge\rlls.dll

c:\program files\RelevantKnowledge\rlls64.dll

c:\program files\RelevantKnowledge\rloci.bin

c:\program files\RelevantKnowledge\rlph.dll

c:\program files\Search Guard Plus

c:\program files\Search Guard Plus\fbsProtection.xml

c:\program files\Search Guard Plus\fbsProtectionI.xml

c:\program files\Search Guard Plus\fbsSearchProvider.xml

c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe

c:\program files\Search Guard Plus\SearchGuardPlus.exe

c:\program files\Search Guard Plus\SearchGuardPlus.ico

c:\program files\Search Guard Plus\uninstalSGP.exe

c:\program files\Search Guard PlusU

c:\program files\Search Guard PlusU\SGPU.ico

c:\program files\Search Guard PlusU\sgpUpdater.exe

c:\program files\Search Guard PlusU\sgpUpdater.xml

c:\program files\Search Guard PlusU\sgpUpdaters.exe

c:\program files\Search Guard PlusU\uninstalSGPU.exe

c:\program files\Search Settings

c:\program files\Search Settings\FF\chrome.manifest

c:\program files\Search Settings\FF\chrome\content\plugin.js

c:\program files\Search Settings\FF\chrome\content\plugin.xul

c:\program files\Search Settings\FF\chrome\content\protection.js

c:\program files\Search Settings\FF\chrome\content\utils.js

c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd

c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties

c:\program files\Search Settings\FF\components\IFBHOSearch.xpt

c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt

c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt

c:\program files\Search Settings\FF\components\SearchSettingsFF.dll

c:\program files\Search Settings\FF\install.rdf

c:\program files\Search Settings\SeARchsettings.dll

c:\program files\Search Settings\SearchSettings.exe

c:\program files\Search Settings\SearchSettingsRes409.dll

c:\program files\SGPSA

c:\program files\SGPSA\ie3sh.exe

c:\program files\SGPSA\mtWB3sh.dll

c:\program files\SGPSA\SeARchassistant.dll

c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll

C:\UNWISE.EXE

c:\users\usuario\AppData\Roaming\Desktopicon

c:\users\usuario\AppData\Roaming\Desktopicon\eBay.ico

c:\users\usuario\AppData\Roaming\Desktopicon\mc.ico

c:\users\usuario\AppData\Roaming\Desktopicon\uninst.exe

c:\windows\system32\Thumbs.db

c:\windows\system32\vb6ko.dll

c:\windows\system32\vbzlib1.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_.norton2009Reset

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-01 to 2010-08-01 ))))))))))))))))))))))))))))

.

 

2010-08-01 19:22 . 2010-08-01 19:25 -------- d-----w- c:\users\usuario\AppData\Local\temp

2010-08-01 19:22 . 2010-08-01 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-07-30 17:38 . 2010-07-30 17:38 -------- d-----w- c:\users\usuario\AppData\Local\CutePDF Writer

2010-07-25 22:53 . 2010-07-25 22:53 -------- d-----w- c:\users\usuario\AppData\Local\AVG Security Toolbar

2010-07-25 22:43 . 2010-07-25 22:43 -------- d-----w- C:\$AVG

2010-07-25 22:38 . 2010-07-25 22:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-25 22:38 . 2010-07-25 22:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-25 22:37 . 2010-07-25 22:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-25 22:37 . 2010-07-25 22:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-07-25 22:37 . 2010-08-01 17:41 -------- d-----w- c:\windows\system32\drivers\Avg

2010-07-25 22:37 . 2010-07-25 22:42 -------- d-----w- c:\programdata\AVG Security Toolbar

2010-07-25 22:37 . 2010-07-25 22:37 -------- d-----w- c:\program files\AVG

2010-07-25 22:37 . 2010-07-26 12:56 -------- d-----w- c:\programdata\avg9

2010-07-15 14:05 . 2010-07-15 14:05 -------- d-----w- c:\program files\Free PDF to Word Doc Converter

2010-07-15 14:03 . 2010-07-15 14:03 -------- d-----w- c:\program files\GPLGS

2010-07-15 14:01 . 2009-11-05 11:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-07-15 14:01 . 2010-07-15 14:01 -------- d-----w- c:\program files\Acro Software

2010-07-15 13:55 . 2010-07-15 13:55 -------- d-----w- c:\program files\MSECache

2010-07-11 13:35 . 2010-07-11 13:35 -------- d-----w- c:\programdata\Symantec

2010-07-09 19:27 . 2010-07-25 22:31 -------- d-----w- c:\programdata\Norton

2010-07-09 19:27 . 2010-07-09 19:27 -------- d-----w- c:\programdata\NortonInstaller

2010-07-09 02:38 . 2010-07-09 02:38 -------- d-----w- c:\users\usuario\AppData\Local\Apple Computer

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-01 19:03 . 2010-05-20 02:24 -------- d-----w- c:\programdata\Babylon

2010-08-01 18:09 . 2009-08-28 04:08 -------- d-----w- c:\users\usuario\AppData\Roaming\LimeWire

2010-08-01 13:37 . 2008-01-21 06:32 634024 ----a-w- c:\windows\system32\prfh0416.dat

2010-08-01 13:37 . 2008-01-21 06:32 121690 ----a-w- c:\windows\system32\prfc0416.dat

2010-07-21 01:02 . 2009-11-08 15:12 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-07-20 22:01 . 2009-08-28 01:52 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2010-07-15 04:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-07-15 01:57 . 2009-12-17 03:45 -------- d-----w- c:\users\usuario\AppData\Roaming\Audacity

2010-07-09 20:30 . 2010-05-20 02:24 -------- d-----w- c:\users\usuario\AppData\Roaming\Babylon

2010-07-09 19:41 . 2009-08-27 18:20 -------- d-----w- c:\programdata\Kaspersky Lab

2010-07-09 19:39 . 2009-08-27 18:20 -------- d-----w- c:\program files\Kaspersky Lab

2010-06-30 17:22 . 2010-07-25 22:42 2102600 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll

2010-06-16 21:18 . 2009-09-06 14:21 -------- d-----w- c:\program files\DsNET Corp

2010-06-16 19:03 . 2010-06-16 19:03 -------- d-----w- c:\program files\WinPcap

2010-06-09 22:20 . 2010-06-09 22:20 307200 ----a-w- c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe

2010-06-09 22:20 . 2010-06-09 22:20 172032 ----a-w- c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe

2010-06-05 16:33 . 2009-08-28 01:41 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-26 17:06 . 2010-06-10 12:30 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-10 12:30 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-23 20:50 . 2010-06-09 22:20 73216 ----a-w- c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

2010-05-21 17:14 . 2009-10-02 17:45 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-20 02:25 . 2010-05-20 02:25 114717 ----a-w- c:\windows\system32\3kB_7682Q.exe

2010-05-04 05:59 . 2010-06-10 12:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55 . 2010-06-10 12:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55 . 2010-06-10 12:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31 . 2010-06-10 12:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-28 21:57 . 2009-08-28 21:54 848 --sha-w- c:\windows\System32\KGyGaAvL.sys

2008-06-20 20:49 . 2008-06-20 20:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

2010-05-31 17:44 2515552 ----a-w- c:\program files\4shared.com\tb4sh1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a7d1aed-2150-410e-a094-14d834aaf430}]

2010-05-29 15:50 2393184 ----a-w- c:\program files\Games_Bar_Brazil\tbGam1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]

2009-12-28 17:50 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-06-30 17:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-05-06 20:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2009-10-19 18:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

"{1a7d1aed-2150-410e-a094-14d834aaf430}"= "c:\program files\Games_Bar_Brazil\tbGam1.dll" [2010-05-29 2393184]

"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\tb4sh1.dll" [2010-05-31 2515552]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CLASSES_ROOT\clsid\{1a7d1aed-2150-410e-a094-14d834aaf430}]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

"{1A7D1AED-2150-410E-A094-14D834AAF430}"= "c:\program files\Games_Bar_Brazil\tbGam1.dll" [2010-05-29 2393184]

"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\tb4sh1.dll" [2010-05-31 2515552]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CLASSES_ROOT\clsid\{1a7d1aed-2150-410e-a094-14d834aaf430}]

 

[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-26 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-12 4702208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]

"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2002-01-31 258116]

"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 1373480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"desp2k"="c:\program files\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Skytel"="Skytel.exe" [2007-10-12 1826816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-05-20 3740088]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-25 2065760]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-1 113664]

AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2008-11-28 163840]

Monitor.lnk - c:\sw_cadastro\Monitor.exe [2008-11-28 3671427]

PCTV Quick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-11-28 598016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex( B ) :a5,dd,02,c3,c2,6e,ca,01

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 135664]

R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-08-29 1183744]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]

R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-08 691696]

S0 Shield;Shield; [x]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-25 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-25 243024]

S1 cloverm;cloverm; [x]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-04-14 348160]

S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-04-11 393216]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-25 308136]

S2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-02-26 61440]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]

S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:54]

 

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:54]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

Trusted Zone: com.br\www.pcdafamilia

Trusted Zone: realsecureweb.com.br\www

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll

FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll

FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\sld7ts7d.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe

HKLM-Run-PCFChecker - pcfchck.exe

HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

AddRemove-eBay Icon - c:\users\usuario\AppData\Roaming\Desktopicon\uninst.exe

AddRemove-Fruity Loops Studio Producer Edition XXL v6.04 Patcher - C:\UNWISE.EXE

AddRemove-GDIC - c:\dts\GDIC\instal32.exe

AddRemove-{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1 - c:\program files\DsNET Corp\aTube Catcher 1.0\unins000.exe

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-01 16:25

Windows 6.0.6002 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

FBSSA = c:\program files\SGPSA\ie3sh.exe???????????????????????????????????????????????????????????????????

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-2554772655-2881659568-2422397633-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6AF87E5F-5AFD-0BDC-5AA7-D83AF7E71150}*]

"oadckcmkpbodpkacemacgheljmpmdl"=hex:6b,61,61,70,65,61,6d,63,64,6f,64,66,70,6f,

6a,68,61,68,6c,69,6a,69,00,00

"nafdmdhfkmklkkegpjjnloiacmmd"=hex:6b,61,61,70,62,61,62,64,67,65,6a,68,64,62,

63,67,6d,69,62,65,6e,66,00,00

"oapailoldoakepjhblajjipoiajeao"=hex:64,61,61,70,67,61,70,66,00,64

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-08-01 16:33:38 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-08-01 19:33

 

Pré-execução: 126.620.663.808 bytes disponíveis

Pós execução: 131.850.518.528 bytes disponíveis

 

- - End Of File - - 58AA37720030F56B93FB5B21A1A7B0CE

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:43:44, on 31/07/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Oi Velox\Manager\desp2k.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\SW_Cadastro\Monitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (file missing)

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [PCFChecker] pcfchck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe

O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O15 - Trusted Zone: http://www.pcdafamilia.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: .norton2009Reset - - (no file)

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 15119 bytes

[Power Max 54]

:) Vários problemas foram removidos pelo Combofix.

__________________________

 

:!: Mas o seu log do Hijackthis é o mesmo daquele que você postou ontem. Poste um novo log do Hijackthis, por gentileza, para podermos analisar como o seu PC está melhorando.

[darlas 0]

:) Vários problemas foram removidos pelo Combofix.

__________________________

 

:!: Mas o seu log do Hijackthis é o mesmo daquele que você postou ontem. Poste um novo log do Hijackthis, por gentileza, para podermos analisar como o seu PC está melhorando.

Bem eu acabei de gerar um log do Hijackthis até marquei o horário que o gerei está na segunda linha do log...bem como não entendo nada do que está querendo dizer este "log" espero que possa me informar assim se possível se houve uma ação eficiente para deixar o meu pc arrumado...

 

Desde já agradeço a sua gentileza e atenção... ^_^

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:43:19, on 02/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Oi Velox\Manager\desp2k.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\SW_Cadastro\Monitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HijackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe

O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O15 - Trusted Zone: http://www.pcdafamilia.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 13504 bytes

[Power Max 54]

:) Seu log já melhorou, mas ainda existem outros problemas.

_______________________________

 

:seta: Baixe e execute este programa do link abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

_______________________________

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

____________________________

 

:seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis, o log que estará em C:\Ad-Report-CLEAN[1].log e o log que estará em C:\ToolBar SD\TB_1.txt e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[darlas 0]

:) Seu log já melhorou, mas ainda existem outros problemas.

_______________________________

 

:seta: Baixe e execute este programa do link abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

_______________________________

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-toolbar-sd.html"]Tutorial do Toolbar S&D

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

____________________________

 

:seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis, o log que estará em C:\Ad-Report-CLEAN[1].log e o log que estará em C:\ToolBar SD\TB_1.txt e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

 

Estou enviando os logs que pediu e gostaria de saber quanto tempo até eu poder excluir os arquivos queestão de quarentena por causa do Malwarebytes.

 

Durane a execução dos programas que me indicou um deles apresentou, ao me ver um comportamento estranho, :huh: ad-r ele começou a scaniar e logo deu a seguinte mensagem:

 

Line9356 (File "C:\Program Files\Ad-Remover|main.exe");

Error: Incorrect number of parameters in function call.

 

Ma mesmo assim no C tinha este arquivo, poderia me informar se algo está errado ou se é realmente assim que este programa trabalha

 

 

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 13/06/10 at 20:40

Contact: AdRemover.contact@gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 10:58:48 on 03/08/2010, Normal boot

 

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

usuario, USUARIO-PC (Positivo Informatica S/A POS-MIG31AG)

 

============== ACTION(S) ==============

 

Service: "Application Updater" Service stopped and deleted

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4386

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

 

03/08/2010 18:07:48

mbam-log-2010-08-03 (18-07-48).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 198723

Tempo decorrido: 56 minuto(s), 21 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 2

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 3

Arquivos Infectados: 6

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\FlashVideo.clsFlashVideo (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

C:\ProgramData\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.

C:\Program Files\SeekService (Adware.SeekService) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

C:\Program Files\Adobe\Reader 8.0\Reader\AIR\nppdf32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

 

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft® Windows Vista™ Home Basic ( v6.0.6002 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2200 @ 2.20GHz )

BIOS : Default System BIOS

USER : usuario ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:232 Go (Free:112 Go)

D:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [1] ( 03/08/2010|16:13 )

 

[ UAC => 1 ]

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

C:\Program Files\Mozilla Firefox\extensions\dealio@mybrowserbar.com

C:\Program Files\DAEMON Tools Toolbar

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak0

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak1

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak2

C:\Program Files\DAEMON Tools Toolbar\Resources

C:\Program Files\DAEMON Tools Toolbar\uninst.exe

C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\accept.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\as.png

C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astroburn_site.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astroLite_16.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astro_buy.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astro_download.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astro_feedback.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astro_forum.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astro_home.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\astro_lite.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png

C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\burn_files.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\burn_image.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\burn_imgs.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\download.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt-home.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dtt16.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dtt32.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_about.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_buy.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_download.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_faq.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_feedback.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_forum.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_line.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_lite.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_manual.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\dt_pro.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\faq.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\favicon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\feedback.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\forum.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GameS.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GameSA.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\games_search.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\games_search_SA.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\gct16.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\hide.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\home.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ImageS.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ImageSA.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\image_search.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\image_search_SA.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\manual.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\map.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\mount.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif

C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioM.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\rbcheck.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rbtxt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RssA.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RssA1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\RssRefresh.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\s2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\show.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\size_lr.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\size_rl.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\soft24.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\soft24_SA.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\timer.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml

C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\unmount-all.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp

C:\Program Files\DAEMON Tools Toolbar\Resources\WebS.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\WebSa.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\web_resources.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\web_search.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\web_search_SA.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi14.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico

C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.google.com.br/"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\Windows\\System32\\blank.htm"

"Search Bar"="http://search.msn.com/spbasic.htm"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 03/08/2010|16:14 - Option : [1]

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:30:05, on 03/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Oi Velox\Manager\desp2k.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\SW_Cadastro\Monitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\HiJackThis\HiJackThis.exe

C:\Windows\system32\NOTEPAD.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe

O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O15 - Trusted Zone: http://www.pcdafamilia.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 13142 bytes

 

 

Desde já agradeço a ajuda... :D

[Power Max 54]

Estou enviando os logs que pediu e gostaria de saber quanto tempo até eu poder excluir os arquivos queestão de quarentena por causa do Malwarebytes.

:seta: Depois de uma semana você já pode removê-los definitivamente.

_______________________________

 

:seta: Vários problemas foram encontrados pelo Toolbar S&D, mas consta que ainda não foram removidos. Dê um duplo clique no ícone do Toolbar S&D e surgirá uma tela onde você irá teclar P e pressione a tecla Enter

 

Aparecerá uma outra tela, na qual você clicará no botão OK

 

Surgirá então outra tela, onde você teclará 2 e pressionará a tecla Enter

 

Será iniciada a busca pelas toolbars maliciosas e a remoção delas, aguarde a conclusão da limpeza.

 

Aguarde até que o escaneamento seja concluído. Assim que ele terminar, surgirá uma tela como esta abaixo:

 

 

Surgirá também um arquivo do Bloco de Notas contendo o relatório (log) mostrando todos os problemas que possam ter sido encontrados e removidos.

 

O log (relatório) do escaneamento estará também em C:\ToolBar SD\TB_1.txt (ou então em TB_2.txt)

______________________________

 

Durante a execução dos programas que me indicou um deles apresentou, ao me ver um comportamento estranho, ad-r ele começou a scaniar e logo deu a seguinte mensagem:

 

Line9356 (File "C:\Program Files\Ad-Remover|main.exe");

Error: Incorrect number of parameters in function call.

 

Ma mesmo assim no C tinha este arquivo, poderia me informar se algo está errado ou se é realmente assim que este programa trabalha

Realmente houve um problema na execução dele, tente executá-lo novamente seguindo as dicas daquele tutorial dele que te passei e veja se desta vez ele consegue concluir a limpeza. Caso desta vez ele consiga, você posta o log dele também em sua próxima resposta, juntamente com um novo log do Hijackthis, o log do Toolbar S&D e nos diz como está seu PC depois destes procedimentos.

 

Ficamos na espera.

[darlas 0]

Estou enviando os logs que pediu e gostaria de saber quanto tempo até eu poder excluir os arquivos queestão de quarentena por causa do Malwarebytes.

:seta: Depois de uma semana você já pode removê-los definitivamente.

_______________________________

 

:seta: Vários problemas foram encontrados pelo Toolbar S&D, mas consta que ainda não foram removidos. Dê um duplo clique no ícone do Toolbar S&D e surgirá uma tela onde você irá teclar P e pressione a tecla Enter

 

Aparecerá uma outra tela, na qual você clicará no botão OK

 

Surgirá então outra tela, onde você teclará 2 e pressionará a tecla Enter

 

Será iniciada a busca pelas toolbars maliciosas e a remoção delas, aguarde a conclusão da limpeza.

 

Aguarde até que o escaneamento seja concluído. Assim que ele terminar, surgirá uma tela como esta abaixo:

 

 

Surgirá também um arquivo do Bloco de Notas contendo o relatório (log) mostrando todos os problemas que possam ter sido encontrados e removidos.

 

O log (relatório) do escaneamento estará também em C:\ToolBar SD\TB_1.txt (ou então em TB_2.txt)

______________________________

 

Durante a execução dos programas que me indicou um deles apresentou, ao me ver um comportamento estranho, ad-r ele começou a scaniar e logo deu a seguinte mensagem:

 

Line9356 (File "C:\Program Files\Ad-Remover|main.exe");

Error: Incorrect number of parameters in function call.

 

Ma mesmo assim no C tinha este arquivo, poderia me informar se algo está errado ou se é realmente assim que este programa trabalha

Realmente houve um problema na execução dele, tente executá-lo novamente seguindo as dicas daquele tutorial dele que te passei e veja se desta vez ele consegue concluir a limpeza. Caso desta vez ele consiga, você posta o log dele também em sua próxima resposta, juntamente com um novo log do Hijackthis, o log do Toolbar S&D e nos diz como está seu PC depois destes procedimentos.

 

Ficamos na espera.

 

 

tive que baixar o ad-remver de ouro site para que conseguir que ele executasse

 

 

======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 =======

 

Updated by C_XX on 26/07/10 at 12:00

Contact: AdRemover.contact[AT]gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

 

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 12:02:09 on 04/08/2010, Normal boot

 

Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)

usuario@USUARIO-PC (Positivo Informatica S/A POS-MIG31AG)

 

============== ACTION(S) ==============

 

 

3,File deleted: C:\Windows\system32\3kB_7682Q.exe

0,Folder deleted: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File deleted: C:\Users\Public\MyWebTattoo.exe

0,File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar

0,Folder deleted: C:\Program Files\Application Updater

0,Folder deleted: C:\Program Files\Ask.com

0,Folder deleted: C:\Users\usuario\AppData\LocalLow\Conduit

0,Folder deleted: C:\Program Files\Conduit

0,Folder deleted: C:\Users\usuario\AppData\LocalLow\Dealio

0,Folder deleted: C:\Users\usuario\AppData\LocalLow\PriceGong

0,Folder deleted: C:\Users\usuario\AppData\LocalLow\Search Settings

3,File deleted: C:\Windows\Installer\165d250.msi

3,File deleted: C:\Windows\Installer\27ce638.msi

3,File deleted: C:\Windows\Installer\27ce63e.msi

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Users\usuario\AppData\Roaming\Mozilla\FireFox\Profiles\sld7ts7d.default\Prefs.js --

Line deleted: user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Line deleted: user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223...

Line deleted: user_pref("browser.search.defaultthis.engineName", "4shared Web Search");

Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&Sea...

-- File closed --

 

 

1,Key deleted: HKLM\Software\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

1,Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

1,Key deleted: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

1,Key deleted: HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

1,Key deleted: HKLM\Software\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

1,Key deleted: HKLM\Software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key deleted: HKLM\Software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}

1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key deleted: HKLM\Software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}

1,Key deleted: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}

1,Key deleted: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}

1,Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

1,Key deleted: HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}

3,Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3kB_7682Q

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key deleted: HKLM\Software\Classes\Toolbar.CT2233703

0,Key deleted: HKLM\Software\Classes\Toolbar.CT2444516

0,Key deleted: HKLM\Software\Classes\URLSearchHook.UOLSearchHook

0,Key deleted: HKLM\Software\Classes\URLSearchHook.UOLSearchHook.1

0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key deleted: HKLM\Software\Application Updater

0,Key deleted: HKLM\Software\Conduit

0,Key deleted: HKCU\Software\Ask.com

0,Key deleted: HKCU\Software\Conduit

0,Key deleted: HKCU\Software\AppDataLow\AskBarDis

0,Key deleted: HKCU\Software\AppDataLow\AskHomePage

0,Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar

0,Key deleted: HKCU\Software\AppDataLow\Software\Conduit

0,Key deleted: HKCU\Software\AppDataLow\Software\Dealio

0,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\RelevantKnowledge

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{12B1D6FA-C6EF-4275-B0EA-5BBEA6551E44}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04DC431D-A404-4c51-AC7E-3C316CCEEFB6}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}

0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

0,Key deleting error: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar (Error code: 1)

 

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{1BB22D38-A411-4B13-A746-C2A4F4EC7344}

 

 

============== ADDITIONNAL SCAN ==============

 

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

 

-- C:\Users\usuario\AppData\Roaming\Mozilla\FireFox\Profiles\sld7ts7d.default\Prefs.js --

browser.download.lastDir, C:\\Users\\usuario\\Desktop

browser.search.defaultenginename, Yahoo

browser.search.selectedEngine, Yahoo

browser.startup.homepage, hxxp://www.google.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

keyword.URL, hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=

 

========================================

 

** Internet Explorer Version [8.0.6001.18928] **

 

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

Use Search Asst: no

 

[HKLM\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\Windows\System32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

 

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

 

========================================

 

C:\Program Files\Ad-Remover\Quarantine: 58 File(s)

C:\Program Files\Ad-Remover\Backup: 15 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 04/08/2010 (8946 Byte(s))

 

End at: 12:08:13, 04/08/2010

 

============== E.O.F ==============

 

 

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft® Windows Vista™ Home Basic ( v6.0.6002 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2200 @ 2.20GHz )

BIOS : Default System BIOS

USER : usuario ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:232 Go (Free:110 Go)

D:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( 04/08/2010|12:19 )

 

[ UAC => 1 ]

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Start Page"="http://fr.msn.com/"

"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Local Page"="C:\\Windows\\System32\\blank.htm"

"Search Bar"="http://search.msn.com/spbasic.htm"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 03/08/2010|16:14 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 03/08/2010|16:17 - Option : [1]

3 - "C:\ToolBar SD\TB_3.txt" - 03/08/2010|16:27 - Option : [2]

4 - "C:\ToolBar SD\TB_4.txt" - 04/08/2010|11:16 - Option : [2]

5 - "C:\ToolBar SD\TB_5.txt" - 04/08/2010|12:20 - Option : [2]

 

-----------\\ Verificação completa em 12:20:31,18

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:21:27, on 04/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Oi Velox\Manager\desp2k.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\SW_Cadastro\Monitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\usuario\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe

O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O15 - Trusted Zone: http://www.pcdafamilia.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 12644 bytes

[Power Max 54]

:) Vários problemas foram removidos.

_________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

__________________________

 

:seta: Desinstale estas toolbars que costumam deixar a navegação mais lenta:

 

CUOLSearchHook Object

 

SweetIM Toolbar

 

SuggestMeYesBHO

 

AutocompletePro

 

Oryte Games Brazil Toolbar

__________________________

 

:seta: Acesse o site http://virscan.org/ e envie o arquivo C:\SW_Cadastro\Monitor.exe para análise. Aguarde até que a análise seja concluida > copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta > caso o site acima esteja com algum problema envie o arquivo para análise nestes sites abaixo e nos diga o resultado da análise:

 

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.viruschief.com/

 

Nestes sites acima o arquivo será escaneado por vários antivírus ao mesmo tempo, o que dará uma certeza muito maior de que o arquivo seja seguro ou não.

____________________________

 

:seta: Siga também estas dicas:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

__________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner, o link com o resultado do escaneamento do arquivo C:\SW_Cadastro\Monitor.exe e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

[darlas 0]

:) Vários problemas foram removidos.

_________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

__________________________

 

:seta: Desinstale estas toolbars que costumam deixar a navegação mais lenta:

 

CUOLSearchHook Object

 

SweetIM Toolbar

 

SuggestMeYesBHO

 

AutocompletePro

 

Oryte Games Brazil Toolbar

__________________________

 

:seta: Acesse o site http://virscan.org/ e envie o arquivo C:\SW_Cadastro\Monitor.exe para análise. Aguarde até que a análise seja concluida > copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta > caso o site acima esteja com algum problema envie o arquivo para análise nestes sites abaixo e nos diga o resultado da análise:

 

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.viruschief.com/

 

Nestes sites acima o arquivo será escaneado por vários antivírus ao mesmo tempo, o que dará uma certeza muito maior de que o arquivo seja seguro ou não.

____________________________

 

:seta: Siga também estas dicas:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/11/tutorial-do-norman-malware-cleaner.html"]Tutorial do Norman Malware Cleaner

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

__________________________

 

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner, o link com o resultado do escaneamento do arquivo C:\SW_Cadastro\Monitor.exe e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

 

Desculpe a demora,

 

bem... aqui está o que pediu

 

http://virscan.org/report/000d8af89581cc6b3c70ee07768be460.html'>http://virscan.org/report/000d8af89581cc6b3c70ee07768be460.html"]http://virscan.org/report/000d8af89581cc6b3c70ee07768be460.html

 

 

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/08/06 21:28:46

 

Norman Scanner Engine Version: 6.05.11

Nvcbin.def Version: 6.05.00, Date: 2010/08/06 21:28:46, Variants: 6459110

 

Scan started: 07/08/2010 11:36:54

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2

Logged on user: usuario-PC\usuario

 

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

Scanning bootsectors...

 

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

 

 

Scanning running processes and process memory...

 

C:\Windows\system32\cmpe.exe (Infected with W32/Suspicious_Gen2.TUSB)

Terminated process

Removed service: cmpe

Deleted file

 

Number of processes/threads found: 7355

Number of processes/threads scanned: 7355

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 1

Total scanning time: 6m 39s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\FbsSearchProviderIE8.exe.vir (Infected with W32/Suspicious_Gen3.EJJQ)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\sgpUpdater.exe.vir (Infected with W32/SearchGuardPlus.A)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\SGPUpdaterS.exe.vir (Infected with W32/SearchGuardPlus.A)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\components\rlxg.dll.vir (Infected with W32/Adware.A!genr)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir (Infected with W32/Adware.A!genr)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir (Infected with AdSpy.U)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlph.dll.vir (Infected with W32/Adware.A!genr)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\Search Guard Plus\FbsSearchProviderIE8.exe.vir (Infected with W32/Suspicious_Gen3.EJJQ)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\Search Guard PlusU\sgpUpdater.exe.vir (Infected with W32/SearchGuardPlus.A)

Deleted file

 

C:\Qoobox\Quarantine\C\Program Files\Search Guard PlusU\sgpUpdaters.exe.vir (Infected with W32/SearchGuardPlus.A)

Deleted file

 

C:\System Volume Information\{1ccfe11b-9fca-11df-8702-c460a5c7f0a7}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{209cf42b-9ca8-11df-ac18-8ea76b9c5ccb}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{414a5941-a0a5-11df-9f2f-ac23f6e4aaa6}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{5ba48a9a-a0e1-11df-bda6-bbc41ab9a3c9}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{94cc11a4-a158-11df-863a-cd3ebc707096}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{a8fbd01b-9e33-11df-bda7-b6a18448ffcf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{adc5731f-9da4-11df-ba4c-a60d4c520b9b}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{cf2f77a4-9ee8-11df-98ce-9f946ee6f8b3}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{cf2f77d2-9ee8-11df-98ce-e9d863cf8655}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\Users\usuario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3a8bbaf1-18b8d4c5/Main.class (Infected with JAVA/DLoader. B )

Deleted file

 

C:\Users\usuario\Documents\eryk\programas\Fruity Loops Studio Producer Edition XXL v6.04 [WwW.LiMiTeDiVx.CoM][LMD-T34M Flint].zip/Fruity Loops Studio Producer Edition XXL v6.04 [WwW.LiMiTeDiVx.CoM][LMD-T34M Flint]/PATCHER.EXE (Infected with Suspicious_Gen2.AAOTW)

Deleted file

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

Set TCP/IP autotuning to "normal" (or it was already "normal")

 

Number of files found: 512026

Number of archives unpacked: 3702

Number of files scanned: 511971

Number of files not scanned: 55

Number of files skipped due to exclude list: 0

Number of infected files found: 12

Number of infected files repaired/deleted: 12

Number of infections removed: 12

Total scanning time: 4h 6m 56s

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:22:30, on 08/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Oi Velox\Manager\desp2k.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\SW_Cadastro\Monitor.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\conime.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Users\usuario\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcdafamilia.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Program Files\Common Files\uol\urlsearch\UOLSearchHook.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra UOL - {5BBFC00A-312C-4777-A5DF-DDA65C67120C} - C:\Program Files\UOL\Barra UOL\ubp.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Oryte Games Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGam1.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [desp2k] C:\Program Files\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: Monitor.lnk = C:\SW_Cadastro\Monitor.exe

O4 - Global Startup: PCTV Quick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O15 - Trusted Zone: http://www.pcdafamilia.com.br

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A88796-44AE-4312-A83E-A99E0CC4B650}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 12230 bytes

 

 

 

 

bem estou em dúvida a respeito do eset online, o executei um vez ele listou 7 arquivos infectados, e no log só se encontrava esta mensagem:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

 

no tutorial não explica se devo selecionar ou não a opção delete quarantined files antes de clicar em finish

 

então resolvi executar o programa novamente só que desta vez não foi encontrado nenhum arquivo infectado, mas na lista de quarentena se encontravam os memos 7 arquivos... e no log estava escrito assim:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

 

o que estou questionando se devo ou não deletar estes arquivos que ficaram de quarentena e quando devo fazer isto...

 

desde já agradeço

[wings 22]

Antonio Vieira está ocupado com monografia na faculdade e solicitou-me, via MP, para dar continuidade nos seus casos.

 

O PC está limpo. :)

 

1.

*Execute novamente o AD-Remover

*Clique em [uninstall]

 

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

3.

*Vá em Adicionar/Remover programas e desinstale o Norman Malware Cleaner

 

4.

*Execute o arquivo abaixo:

c:\arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

 

Um abraço.

[darlas 0]

obrigada aos dois por ter me auxiliado de maneira tão gentil. :clap:

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.