[Resolvido!] Computador muito lento

Boa tarde....

1.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle L > [ENTER]

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Reinicie o PC

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta mais o relatório criado em C:\Ad-Report-CLEAN.log

Boa tarde!

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3725

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/2/2010 18:03:56

mbam-log-2010-02-11 (18-03-56).txt

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 157369

Tempo decorrido: 53 minute(s), 3 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 20

Valores do Registro infectados: 1

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 5

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{67406c94-40ea-093f-a925-1aa3ef4183f2} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{047a9a40-657e-11d3-8d5b-00104b35e7ef} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0d17a350-6585-4f3d-b008-6827ebde5d85} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1d2680c9-0e2a-469d-b787-065558bc7d43} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1ec2de53-75cc-11d2-9775-00a0c9b4d50c} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{24800cd0-0f4e-4df7-9f69-3c6903c89224} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3f281000-e95a-11d2-886b-00c04f869f04} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6619a740-8154-43be-a186-0319578e02db} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6fef44d0-39e7-4c77-be8e-c9f8cf988630} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{90f1a06e-7712-4762-86b5-7a5eba6bdb01} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{90f1a06e-7712-4762-86b5-7a5eba6bdb02} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{99749841-0d55-4cf4-8d0d-f212ece9409a} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a138cf39-2cae-42c2-adb3-022658d79f2f} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a8f03be3-edb7-4972-821f-af6f8ea34884} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b81ff171-20f3-11d2-8dcc-00a0c9b00525} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ca35cb3d-0357-11d3-8729-00c04f79ed0d} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cb2f6723-ab3a-11d2-9c40-00c04fa30a3e} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d2eaa715-dac7-4771-af5c-931611a1853c} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e5cb7a31-7512-11d2-89ce-0080c792e5d8} (Trojan.ATRAPS) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\mscoree.dll (Trojan.ATRAPS) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\WINDOWS\system32\mscoree.dll (Trojan.ATRAPS) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Programas RFB\IRPF2008windows\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\didulist (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\wbtemp2.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\ocxlist\version.txt (Malware.Trace) -> Quarantined and deleted successfully.

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 05.02.2010 at 17:34

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 16:23:22, qui 11/02/2010 | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: CASA | Current user: Rafael 01

.

============== NEUTRALIZED ELEMENT(S) ==============

.

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

C:\DOCUME~1\RAFAEL~1\MENUIN~1\PROGRA~1\Ask Search Assistant

C:\Arquivos de programas\Ask Search Assistant

C:\Arquivos de programas\Ask.com

C:\Arquivos de programas\DoubleD

C:\Arquivos de programas\Internet Saving Optimizer

C:\Arquivos de programas\System Search Dispatcher

(!) -- Temp files deleted.

.

HKCU\software\appdatalow\AskBarDis

HKCU\software\appdatalow\AskHomepage

HKCU\software\appdatalow\AskToolbarInfo

HKCU\software\Ask.com

HKCU\software\AskToolbar

HKCU\software\Internet Saving Optimizer

HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

HKCU\software\microsoft\internet explorer\searchscopes\{CDBFB47B-58A8-4111-BF95-06178DCE326D}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{00000000-6E41-4FD3-8538-502F5495E5FC}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CDBFB47B-58A8-4111-BF95-06178DCE326D}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D}

HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\Software\Classes\AppID\{E97BE7A8-7FBA-49FA-A742-BCFB5DAA0ED5}

HKLM\software\classes\appid\AxGifAnimator.DLL

HKLM\software\classes\appid\GenericAskToolbar.DLL

HKLM\software\classes\AxGifAnimator.GifAnimator

HKLM\software\classes\AxGifAnimator.GifAnimator.1

HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

HKLM\Software\Classes\CLSID\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}

HKLM\Software\Classes\CLSID\{CDBFB47B-58A8-4111-BF95-06178DCE326D}

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\software\classes\ExplorerBar.FunExplorer

HKLM\software\classes\ExplorerBar.FunExplorer.1

HKLM\software\classes\ExplorerBar.FunRedirector

HKLM\software\classes\ExplorerBar.FunRedirector.1

HKLM\software\classes\GenericAskToolbar.ToolbarWnd

HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1

HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}

HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

HKLM\Software\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}

HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

HKLM\Software\Classes\TypeLib\{22C12739-C111-44C6-9BB7-F335C2A9BE2A}

HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

HKLM\Software\Classes\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F}

HKLM\Software\Classes\TypeLib\{C28A0312-C403-417B-A425-A915BC0519CD}

HKLM\software\DoubleD

HKLM\software\Internet Saving Optimizer

HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\software\microsoft\windows\currentversion\uninstall\{C5096216-7703-409E-B85A-8A6EE7395128}}_is1

HKLM\software\microsoft\windows\currentversion\uninstall\Ask.com Search Assistant

HKU\s-1-5-21-1220945662-920026266-725345543-1004\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}

.

============== Added scan ==============

.

.

Internet Explorer Version 8.0.6001.18702

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Enable Browser Extensions: yes

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

===================================

.

6985 Byte(s) - C:\Ad-Report-CLEAN[1].log

.

82 File(s) - C:\DOCUME~1\RAFAEL~1\CONFIG~1\Temp

0 File(s) - C:\WINDOWS\Temp

9 File(s) - C:\WINDOWS\Prefetch

.

17 File(s) - C:\Ad-Remover\BACKUP

31 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 16:28:21 | qui 11/02/2010 - CLEAN[1]

.

============== E.O.F ==============

.

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

2.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

3.

*Desative temporariamente seu antivírus

Iniciar > Programas > AVG Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0741/recovery-console-prompt.jpg&key=e82a02a7669077650b575129b2877919986cc4825b1687eb2ffdb0009aaf6732" alt="recovery-console-prompt.jpg" />

*Após a instalação, clique em [sIM] para continuar.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0744/recovery-console-installed.jpg&key=ea128ab96f17dd81ce75cb7ce84d8f5e2e8b2b0e5321caf560d0276a9f2199c4" alt="recovery-console-installed.jpg" />

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

Bm dia!

ComboFix 10-02-11.04 - Rafael 01 12/02/2010 0:22.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.511.230 [GMT -2:00]

Executando de: c:\documents and settings\Rafael 01\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 304 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\arquivos de programas\Cheat Engine\dbk32.sys

C:\driver.bat

c:\windows\ocxlist

c:\windows\ocxlist\outlook.exe

C:\winlog.txt

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-12 to 2010-02-12 ))))))))))))))))))))))))))))

.

2010-02-11 18:20 . 2010-02-12 01:42 -------- d-----w- C:\Ad-Remover

2010-02-09 17:27 . 2010-02-09 17:27 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\Windows Live Writer

2010-02-04 17:08 . 2010-02-11 13:30 437248 ----a-w- c:\windows\system32\KingBotPro.exe

2010-02-04 17:03 . 2010-02-04 17:03 -------- d--h--w- c:\windows\PIF

2010-02-01 22:22 . 2010-02-01 22:22 -------- d-----w- C:\Recnet

2010-02-01 22:22 . 2009-06-25 12:55 128000 ----a-w- c:\windows\DesinstWRecnet.EXE

2010-02-01 22:22 . 2009-06-25 12:55 122880 ----a-w- c:\windows\DesinstRecnet.exe

2010-02-01 22:17 . 2010-02-01 22:17 -------- d-----w- C:\Arquivos de Programas RFB

2010-02-01 22:15 . 2010-02-01 22:15 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-01-27 20:57 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-01-27 20:57 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-01-27 20:48 . 2010-01-27 20:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\EPSON

2010-01-27 20:48 . 2006-12-08 04:04 76800 ----a-w- c:\windows\system32\E_FLBCAL.DLL

2010-01-27 20:48 . 2006-04-19 04:00 62976 ----a-w- c:\windows\system32\E_FD4BCAL.DLL

2010-01-27 20:47 . 2010-01-27 20:47 -------- d-----w- C:\CI_CX5600

2010-01-27 20:46 . 2010-01-27 20:47 -------- d-----w- c:\arquivos de programas\epson

2010-01-27 20:46 . 2006-12-28 02:00 208896 ----a-w- c:\windows\system32\esint7e.dll

2010-01-27 20:46 . 2006-12-28 02:00 66560 ----a-w- c:\windows\system32\eswia7e.dll

2010-01-27 20:46 . 2006-03-10 02:00 3584 ----a-w- c:\windows\system32\eswiaml.dll

2010-01-27 20:45 . 2010-01-27 20:45 -------- d-----w- C:\CD_CX5600

2010-01-22 18:26 . 2010-01-22 18:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-01-15 16:38 . 2010-01-15 16:38 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\Leadertech

2010-01-13 12:20 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2010-01-13 12:20 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-12 02:30 . 2009-07-20 13:59 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-02-12 02:27 . 2009-07-19 15:02 -------- d-----w- c:\arquivos de programas\Cheat Engine

2010-02-12 01:37 . 2009-07-20 13:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2010-02-11 18:34 . 2009-04-15 16:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-11 13:36 . 2010-02-04 17:08 1254912 ----a-w- c:\arquivos de programas\backgroung.bmp

2010-02-04 11:24 . 2009-04-16 23:32 -------- d-----w- c:\arquivos de programas\Google

2010-01-29 22:10 . 2009-04-16 20:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2010-01-29 22:09 . 2009-04-16 19:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-25 21:09 . 2010-01-08 13:43 -------- d-----w- c:\arquivos de programas\Project64 1.6

2010-01-25 01:32 . 2009-04-07 22:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-24 10:26 . 2009-06-18 23:41 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\Skype

2010-01-24 10:26 . 2009-06-18 23:45 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\skypePM

2010-01-22 18:26 . 2009-06-18 23:32 -------- d-----r- c:\arquivos de programas\Skype

2010-01-22 18:26 . 2009-06-18 23:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Skype

2010-01-22 12:09 . 2009-11-10 17:43 -------- d-----w- c:\arquivos de programas\MediaInfo

2010-01-21 19:10 . 2009-04-20 23:34 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2010-01-21 01:19 . 2009-10-01 00:27 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-01-18 15:06 . 2010-01-27 10:55	1260800	----a-w-	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\avg9\update\backup\avgfrw.exe

2010-01-18 15:06 . 2010-01-27 10:55	3777280	----a-w-	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\avg9\update\backup\setup.exe

2010-01-11 13:51 . 2009-07-24 00:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-09 19:23 . 2004-08-04 12:00 81204 ----a-w- c:\windows\system32\perfc016.dat

2010-01-09 19:23 . 2004-08-04 12:00 476232 ----a-w- c:\windows\system32\perfh016.dat

2010-01-08 13:43 . 2010-01-08 13:43 8854 ----a-r- c:\documents and settings\Rafael 01\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

2010-01-08 13:43 . 2010-01-08 13:43 40960 ----a-r- c:\documents and settings\Rafael 01\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2010-01-08 13:43 . 2010-01-08 13:43 40960 ----a-r- c:\documents and settings\Rafael 01\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2010-01-07 18:07 . 2009-04-15 16:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 18:07 . 2009-04-15 16:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-01-06 11:55 . 2010-01-06 11:55 -------- d-----w- c:\arquivos de programas\OnGame

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 12:59 . 2009-07-20 13:59 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-12-21 19:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2009-07-01 22:43 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-16 19:30 . 2009-12-16 19:30 -------- d-----w- c:\arquivos de programas\GPLGS

2009-12-16 19:20 . 2009-09-19 03:28 -------- d-----w- c:\arquivos de programas\Acro Software

2009-12-14 07:09 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-04 12:00 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:09 . 2004-08-04 00:40 2070272 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-27 17:13 . 2004-08-04 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 17:13 . 2004-08-04 00:45 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:08 . 2001-09-05 23:50 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:08 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:08 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:08 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:08 . 2004-08-04 00:45 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-21 15:58 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2005-04-01 00:17 . 2009-11-10 18:27 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 15:01 1230080 ----a-w- c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-05-24 413696]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58 318240 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-31 01:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

c:\arquivos de programas\VIA\RAID\raid_t [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2004-06-29 12:06 88363 -c--a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-04-02 03:57 203928 -c--a-w- c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:20 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-24 19:29 413696 ----a-w- c:\arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 15:11 25623336 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-05-17 10:48 77824 -c--a-r- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"56635:TCP"= 56635:TCP:Pando Media Booster

"56635:UDP"= 56635:UDP:Pando Media Booster

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [20/7/2009 11:59 30752]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/4/2009 20:54 717296]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/10/2009 13:15 333192]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/10/2009 13:15 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [30/10/2009 23:07 285392]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [5/9/2009 20:09 54048]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [6/1/2010 18:07 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-06 20:06]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-06 20:06]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = 127.0.0.1

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

.

• - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-Spooler de Impressão - c:\windows\ocxlist\winsys.dll

HKCU-Run-Serviço de Indexação Windows - c:\windows\ocxlist\GbPlugin.exe

HKCU-Run-NitroPC - c:\arquivos de programas\NitroPC\NitroPC.exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\arquiv~1\GbPlugin\gbiehUni.dll

Notify- GbPluginUni - c:\arquiv~1\GbPlugin\gbiehUni.dll

MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-12 00:37

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(668)

c:\arquivos de programas\GbPlugin\gbieh.dll

• - - - - - - > 'explorer.exe'(3188)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-12 00:38:18 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-12 02:37

Pré-execução: 12 pasta(s) 16.669.380.608 bytes disponíveis

Pós execução: 15 pasta(s) 16.705.581.056 bytes disponíveis

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

• - End Of File - - 2F5CA8A4786E72C9762072A319B2D58F

Bom dia....

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

DeQuarantine::C:\Qoobox\Quarantine\c:\arquiv~1\GbPlugin\gbiehUni.dll.vir

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://e.imagehost.org/0616/CFScript.gif&key=995821588d89147a56f11f5fac3fa9589d8f9b036ce5e2e1e08b37718477c6a9" alt="CFScript.gif" />

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

Boa tarde!

ComboFix 10-02-11.04 - Rafael 01 12/02/2010 0:22.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.511.230 [GMT -2:00]

Executando de: c:\documents and settings\Rafael 01\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 304 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\arquivos de programas\Cheat Engine\dbk32.sys

C:\driver.bat

c:\windows\ocxlist

c:\windows\ocxlist\outlook.exe

C:\winlog.txt

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-12 to 2010-02-12 ))))))))))))))))))))))))))))

.

2010-02-11 18:20 . 2010-02-12 01:42 -------- d-----w- C:\Ad-Remover

2010-02-09 17:27 . 2010-02-09 17:27 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\Windows Live Writer

2010-02-04 17:08 . 2010-02-11 13:30 437248 ----a-w- c:\windows\system32\KingBotPro.exe

2010-02-04 17:03 . 2010-02-04 17:03 -------- d--h--w- c:\windows\PIF

2010-02-01 22:22 . 2010-02-01 22:22 -------- d-----w- C:\Recnet

2010-02-01 22:22 . 2009-06-25 12:55 128000 ----a-w- c:\windows\DesinstWRecnet.EXE

2010-02-01 22:22 . 2009-06-25 12:55 122880 ----a-w- c:\windows\DesinstRecnet.exe

2010-02-01 22:17 . 2010-02-01 22:17 -------- d-----w- C:\Arquivos de Programas RFB

2010-02-01 22:15 . 2010-02-01 22:15 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-01-27 20:57 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-01-27 20:57 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-01-27 20:48 . 2010-01-27 20:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\EPSON

2010-01-27 20:48 . 2006-12-08 04:04 76800 ----a-w- c:\windows\system32\E_FLBCAL.DLL

2010-01-27 20:48 . 2006-04-19 04:00 62976 ----a-w- c:\windows\system32\E_FD4BCAL.DLL

2010-01-27 20:47 . 2010-01-27 20:47 -------- d-----w- C:\CI_CX5600

2010-01-27 20:46 . 2010-01-27 20:47 -------- d-----w- c:\arquivos de programas\epson

2010-01-27 20:46 . 2006-12-28 02:00 208896 ----a-w- c:\windows\system32\esint7e.dll

2010-01-27 20:46 . 2006-12-28 02:00 66560 ----a-w- c:\windows\system32\eswia7e.dll

2010-01-27 20:46 . 2006-03-10 02:00 3584 ----a-w- c:\windows\system32\eswiaml.dll

2010-01-27 20:45 . 2010-01-27 20:45 -------- d-----w- C:\CD_CX5600

2010-01-22 18:26 . 2010-01-22 18:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-01-15 16:38 . 2010-01-15 16:38 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\Leadertech

2010-01-13 12:20 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2010-01-13 12:20 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-12 02:30 . 2009-07-20 13:59 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-02-12 02:27 . 2009-07-19 15:02 -------- d-----w- c:\arquivos de programas\Cheat Engine

2010-02-12 01:37 . 2009-07-20 13:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2010-02-11 18:34 . 2009-04-15 16:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-11 13:36 . 2010-02-04 17:08 1254912 ----a-w- c:\arquivos de programas\backgroung.bmp

2010-02-04 11:24 . 2009-04-16 23:32 -------- d-----w- c:\arquivos de programas\Google

2010-01-29 22:10 . 2009-04-16 20:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2010-01-29 22:09 . 2009-04-16 19:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-25 21:09 . 2010-01-08 13:43 -------- d-----w- c:\arquivos de programas\Project64 1.6

2010-01-25 01:32 . 2009-04-07 22:10 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-24 10:26 . 2009-06-18 23:41 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\Skype

2010-01-24 10:26 . 2009-06-18 23:45 -------- d-----w- c:\documents and settings\Rafael 01\Dados de aplicativos\skypePM

2010-01-22 18:26 . 2009-06-18 23:32 -------- d-----r- c:\arquivos de programas\Skype

2010-01-22 18:26 . 2009-06-18 23:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Skype

2010-01-22 12:09 . 2009-11-10 17:43 -------- d-----w- c:\arquivos de programas\MediaInfo

2010-01-21 19:10 . 2009-04-20 23:34 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2010-01-21 01:19 . 2009-10-01 00:27 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-01-18 15:06 . 2010-01-27 10:55	1260800	----a-w-	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\avg9\update\backup\avgfrw.exe

2010-01-18 15:06 . 2010-01-27 10:55	3777280	----a-w-	c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\avg9\update\backup\setup.exe

2010-01-11 13:51 . 2009-07-24 00:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-01-09 19:23 . 2004-08-04 12:00 81204 ----a-w- c:\windows\system32\perfc016.dat

2010-01-09 19:23 . 2004-08-04 12:00 476232 ----a-w- c:\windows\system32\perfh016.dat

2010-01-08 13:43 . 2010-01-08 13:43 8854 ----a-r- c:\documents and settings\Rafael 01\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe

2010-01-08 13:43 . 2010-01-08 13:43 40960 ----a-r- c:\documents and settings\Rafael 01\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2010-01-08 13:43 . 2010-01-08 13:43 40960 ----a-r- c:\documents and settings\Rafael 01\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2010-01-07 18:07 . 2009-04-15 16:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 18:07 . 2009-04-15 16:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-01-06 11:55 . 2010-01-06 11:55 -------- d-----w- c:\arquivos de programas\OnGame

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 12:59 . 2009-07-20 13:59 30752 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-12-21 19:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-17 07:41 . 2009-07-01 22:43 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-16 19:30 . 2009-12-16 19:30 -------- d-----w- c:\arquivos de programas\GPLGS

2009-12-16 19:20 . 2009-09-19 03:28 -------- d-----w- c:\arquivos de programas\Acro Software

2009-12-14 07:09 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:09 . 2004-08-04 12:00 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:09 . 2004-08-04 00:40 2070272 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-27 17:13 . 2004-08-04 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 17:13 . 2004-08-04 00:45 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:08 . 2001-09-05 23:50 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:08 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:08 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:08 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:08 . 2004-08-04 00:45 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-21 15:58 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2005-04-01 00:17 . 2009-11-10 18:27 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 15:01 1230080 ----a-w- c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-05-24 413696]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2005-06-10 1397760]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58 318240 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-31 01:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

c:\arquivos de programas\VIA\RAID\raid_t [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2004-06-29 12:06 88363 -c--a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-04-02 03:57 203928 -c--a-w- c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:20 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-24 19:29 413696 ----a-w- c:\arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 15:11 25623336 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-05-17 10:48 77824 -c--a-r- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"56635:TCP"= 56635:TCP:Pando Media Booster

"56635:UDP"= 56635:UDP:Pando Media Booster

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [20/7/2009 11:59 30752]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/4/2009 20:54 717296]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/10/2009 13:15 333192]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/10/2009 13:15 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [30/10/2009 23:07 285392]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [5/9/2009 20:09 54048]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [6/1/2010 18:07 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

• c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-06 20:06]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-06 20:06]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = 127.0.0.1

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

.

• - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-Spooler de Impressão - c:\windows\ocxlist\winsys.dll

HKCU-Run-Serviço de Indexação Windows - c:\windows\ocxlist\GbPlugin.exe

HKCU-Run-NitroPC - c:\arquivos de programas\NitroPC\NitroPC.exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\arquiv~1\GbPlugin\gbiehUni.dll

Notify- GbPluginUni - c:\arquiv~1\GbPlugin\gbiehUni.dll

MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-12 00:37

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(668)

c:\arquivos de programas\GbPlugin\gbieh.dll

• - - - - - - > 'explorer.exe'(3188)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-12 00:38:18 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-12 02:37

Pré-execução: 12 pasta(s) 16.669.380.608 bytes disponíveis

Pós execução: 15 pasta(s) 16.705.581.056 bytes disponíveis

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

• - End Of File - - 2F5CA8A4786E72C9762072A319B2D58F

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:14:39, on 12/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\RAFAEL~1\CONFIG~1\Temp\GamerzBot.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Rafael 01\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239214366012](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239214366012)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239218509043](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239218509043)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 8643 bytes

1.

*Acesse o arquivo gbiehUni.dll.vir localizado na pasta C:\Qoobox\Quarantine\c\arquivos de programas\GbPlugin

*Retire a extensão .vir

*Copie o arquivo e cole-o na pasta C:\arquivos de programas\GbPlugin

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

/applications/core/interface/imageproxy/imageproxy.php?img=http://h.imagehost.org/0248/92674490.jpg&key=d7625160bdb4f34fddfbe12b72891b63b90fddb13f504a329efcb0a689cdc439" alt="92674490.jpg" />

*Clique em [Executar]

*Surgirá a mensagem: "ComboFix está desinstalado"

*Clique [OK]

3.

*Baixe o ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner.exe

	*Em Main selecione [select all]

	*Clique em [Empty Selected]

	=>Caso use Firefox ou Opera, também, siga os procedimentos abaixo:

	*Em "Firefox" ou em "Opera" clique em [select all] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

	*Clique [Empty Selected] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

	*Clique em [Exit] ou no [X] para sair do programa

4.

*Faça o download e instale o CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

Use regularmente os programas ATF-Cleaner e CCleaner para manter o PC em ordem.

Seu log está limpo.

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.