Antes de algum Analista se dispor a efetuar toda análise e possível limpeza, que toma certo tempo de ambas as partes, por acaso você notou algum aumento de temperatura?

Esse é um dos sinais indicando que o PC tá "com febre". Falo por experiência. :thumbsup:

Ja verifiquei isso amigo, ta normal a temperatura dele..

sendo q os hardwares sao bem antigos e tals, tais como placa de video, memoria, processador =/

gostaria que alguem analise meu log, por favor =)

>
Ja verifiquei isso amigo, ta normal a temperatura dele..

sendo q os hardwares sao bem antigos e tals, tais como placa de video, memoria, processador =/

gostaria que alguem analise meu log, por favor =)

:) Olá Danmex!

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.3.cab

_________________________

:seta: Siga, por gentileza, estas dicas:

Tutorial do Ad-Remover

Tutorial do Malwarebytes Anti-Malware

_______________________

O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading siteO1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

O1 - Hosts: easyanticheat.net easyanticheat.com # misleading site

O1 - Hosts: www.easyanticheat.net www.easyanticheat.com # misleading site

O1 - Hosts: easyanticheat.net easyanticheat.org # misleading site

O1 - Hosts: www.easyanticheat.net www.easyanticheat.org # misleading site

Estas alterações no hosts são de acordo com a sua vontade? Você quer deixar assim mesmo ou quer deixar o hosts original? Se quiser deixá-lo original, faça o download do HostsXpert.zip:

http://www.funkytoad.com/download/HostsXpert.zip

• Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert)

• Duplo clique em HostsXpert.exe para executar o programa.

• Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito).

• Clique em "Restore Microsoft's Hosts file" e depois clique em "OK".

• Clique no X para sair do programa.

_____________________

:seta: Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log e nos diga como está o seu PC após estes procedimentos.

Ficamos no aguardo.

Boa Noite Antonio Vieira

obrigado por me ajudar, bom e o seguinte, descobri que o pc tava reiniciando sozinho quando acessava a internet devido a minha placa de video ( GE FORCE FX 5500 AGP). Retirei ela, e o pc ta normal.Não sei dizer se o problema e na placa de video ou no driver que instalei pra ela, se souberes algum driver bom pra essa placa, se poder me indicar eu ficaria grato..

Sobre aquele HOST foi devido um programa que instalei anticheater pra poder jogar CS na steam.. ai mudou lá, ja deixei original

Aqui vai os logs

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versão da Base de Dados: 6533

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/5/2011 20:48:06

mbam-log-2011-05-08 (20-48-02).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 293970

Tempo decorrido: 47 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 3

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

d:\dan arquivos\SOFTWARE\JOGOS\GTA SA\tradgtasa_1.0.exe (Trojan.Dropper) -> No action taken.

d:\wagner\corel e photoshop e office 2007\COREL 13\SERIAL\keygencorel13.exe (RiskWare.Tool.CK) -> No action taken.

d:\anderson arquivos\HD 2\programas\dvd anderson\sonic foundry sound forge 7.0\mp3-plugin keygen.exe (Trojan.Agent.CK) -> No action taken.

----------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:02:10, on 8/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 6740 bytes

---------------------------------------------------------------------------------------------------

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 19:13:19 on 08/05/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)

ANDKNUST@PC-HOMEKSA ( )

============== ACTION(S) ==============

File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

Folder deleted: C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default\extensions\toolbar@ask.com

File deleted: C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default\searchplugins\askcom.xml

Folder deleted: C:\Arquivos de programas\Ask.com

Folder deleted: C:\Documents and Settings\ANDKNUST\Configurações locais\Dados de aplicativos\AskToolbar

(!) -- Temporary files deleted.

-- File opened: C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default\Prefs.js --

Line deleted: user_pref("browser.search.defaultengine", "Ask.com");

Line deleted: user_pref("browser.search.defaultenginename", "Ask.com");

Line deleted: user_pref("browser.search.order.1", "Ask.com");

Line deleted: user_pref("extensions.asktb.cbid", "FV");

Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...

Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYBR");

Line deleted: user_pref("extensions.asktb.enable-kw-search", true);

Line deleted: user_pref("extensions.asktb.l", "dis");

Line deleted: user_pref("extensions.asktb.locale", "en_BR");

Line deleted: user_pref("extensions.asktb.o", "14594");

Line deleted: user_pref("extensions.asktb.qsrc", "2871");

Line deleted: user_pref("extensions.asktb.save-searches", false);

Line deleted: user_pref("extensions.asktb.show-labels", false);

Line deleted: user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-...

Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-...

Line deleted: user_pref("keyword.URL", "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale...

-- File closed --

Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

Key deleted: HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKCU\Software\Ask.com

Key deleted: HKCU\Software\AskToolbar

Key deleted: HKCU\Software\AppDataLow\AskBarDis

Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key deleted: HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [4.0.1 (pt-BR)] **

HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\FireFox\Profiles\drtuses0.default --

Extensions\LogMeInClient@logmein.com (LogMeIn, Inc. Remote Access Plugin)

Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Módulo de Segurança - Banco do Brasil)

Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (Adobe DLM (powered by getPlus®))

Prefs.js - browser.download.lastDir, D:\\wagner

Prefs.js - browser.search.selectedEngine, Google

Prefs.js - browser.startup.homepage, www.google.com

Prefs.js - browser.startup.homepage_override.buildID, 20110413222027

Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1

========================================

** Internet Explorer Version [8.0.6001.18702] **

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\Arquivos de programas\GbPlugin\gbieh.dll)

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 48 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 08/05/2011 19:15:40 (7673 Byte(s))

End at: 19:16:48, 08/05/2011

============== E.O.F ==============

------------------------------------------------------------------------------------------------

Agora normalmente o pc está otimo..

Obrigado, aguardando a resposta!

:) Vários problemas foram removidos pelo Ad-Remover.

___________________

No action taken

Mas no log do Malwarebytes está constando que você ainda não removeu os problemas encontrados por ele. Veja que aparece a frase "No action taken" na frente dos problemas, isto é: nenhuma ação foi tomada. Também foram detectados programas pirateados e/ou crackeados no seu PC, seria muito importante desinstalá-los, pois a enorme maioria deles vem infectados com virus e malwares, além de poderem conter brechas de segurança que facilitam a invasão de seu computador.

Faça uma nova verificação completa com o Malwarebytes e remova todos os problemas que ele encontrar, como é mostrado no tutorial dele que te passei.

__________________

:seta: Siga também estas dicas:

Tutorial do USBFix

Tutorial do antivirus Nod32 Online

_________________

:seta: Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um novo log do Hijackthis, o novo log do Malwarebytes e o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt e nos diga como está o PC após estes procedimentos.

Ficamos no aguardo.

Bom dia..

Aqui vão os logs

############################## | UsbFix 7.044 | [Pesquisa]

Usuário: ANDKNUST (Administrador) # PC-HOMEKSA [ ]

Atualizado em 25/04/2011 por TeamXscript

Começou em 00:15:02 | 09/05/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel® Pentium® 4 CPU 3.00GHz

CPU 2: Intel® Pentium® 4 CPU 3.00GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall: Habilitado

Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | Updated]

RAM -> 990 Mb

C:\ (%systemdrive%) -> Disco fixo # 24 Gb (12 Mb livre - 51%) [] # NTFS

D:\ -> Disco fixo # 125 Gb (50 Mb livre - 40%) [documentos] # NTFS

E:\ -> CD-ROM

################## | Ficheiros # pastas infeciosos |

################## | Registro |

Presente ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{d64ef8f6-d889-11de-bb41-0016ec4b124b}

Shell\AutoRun\Command = ACC1\F1C1\acc1.exe

Shell\open\Command = ACC1\F1C1\acc1.exe

################## | Vaccin |

(!) Este computador não é vacinada!

################## | E.O.F |

-------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 05:43:02, on 9/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 6901 bytes

---------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Versão da Base de Dados: 6533

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/5/2011 00:07:33

mbam-log-2011-05-09 (00-07-33).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 294089

Tempo decorrido: 48 minuto(s), 11 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

----------------------------------------------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

version=7

iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

OnlineScanner.ocx=1.0.0.6427

api_version=3.0.2

EOSSerial=03d31f4c97d3ff45bf26ac3c387eda0f

end=finished

remove_checked=true

archives_checked=true

unwanted_checked=true

unsafe_checked=true

antistealth_checked=true

utc_time=2011-05-09 05:35:30

local_time=2011-05-09 02:35:30 (-0300, Hora oficial do Brasil)

country="Brazil"

lang=1033

osver=5.1.2600 NT Service Pack 3

compatibility_mode=512 16777215 100 0 0 0 0 0

compatibility_mode=1797 16775141 100 94 0 76627861 0 0

compatibility_mode=8192 67108863 100 0 0 0 0 0

scanned=75797

found=12

cleaned=12

scan_time=6406

C:\Documents and Settings\Administrador\7zS800.tmp\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\and\7zS800.tmp\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Default User\7zS800.tmp\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\anderson arquivos\HD 2\Programas\DVD Anderson\Software\agsetup183se.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

D:\anderson arquivos\HD 2\Programas\DVD Anderson\Software\MsgPlusLive-450.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\anderson arquivos\HD 2\Programas\DVD Anderson\Software\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DAN ARQUIVOS\N73\Phoenix_2009.34.7.exe probably a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DAN ARQUIVOS\SOFTWARE\aTube_Catcher.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DAN ARQUIVOS\SOFTWARE\FFSetup220.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DAN ARQUIVOS\SOFTWARE\FFSetup220.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DAN ARQUIVOS\SOFTWARE\MsgPlusLive-450.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\DAN ARQUIVOS\SOFTWARE\PROGRAMAS DE LIMPEZA DO PC\PenClean.exe probably a variant of Win32/Spy.Agent.LSEPXML trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

----------------------------------------------------------------------------------------------------

Abraços..

:) Mais 12 problemas foram removidos pelo Nod32 Online.

___________________

############################## | UsbFix 7.044 | [Pesquisa]

:!: No log do Usbfix está constando que foi usada a função de pesquisa somente. Abra novamente o Usbfix > clique no botão Supressão > Insira o(s) pendrive(s) ou outra(s) mídia(s) removível que você suspeite que possa(m) estar infectada(s) na porta USB do PC (caso você tenha alguma mídia) e deixe esta(s) mídia(s) e/ou pendrive(s) conectado(s) até o final dos procedimentos abaixo. Depois disto no botão OK > Aguarde enquanto o procedimento de limpeza das infecções está sendo efetuado > Será então aberto o Bloco de Notas contendo o log (relatório) da limpeza efetuada, este log estará também em C:\Usbfix.txt

__________________

:seta: Siga também esta dica:

Tutorial do Norman Malware Cleaner

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis e o novo log do Usbfix e nos diga como está o seu PC depois disto.

Ficamos na espera.

Boa Noite

Aqui vão os logs

Norman Malware Cleaner v2.00.05

Copyright © 1990 - 2011, Norman ASA.

Norman Scanner Engine Version: 6.07.07

nvcbin.def: Version: 6.07.00, Date: 2011/05/08 22:22:08, Variants: 11896449

nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 12:21:31, Variants: 20465

Operating System: Windows XP Service Pack 3

Switches: /iagree

Scan started: 2011/05/09 13:16:30

Running pre-scan cleanup routine...

Scanning time: 0s

Scanning system for active rootkit activity...

Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1227

Number of objects scanned: 1227

Number of objects not scanned: 0

Number of malicious memory objects found: 0

Scanning time: 37s

Running custom scan...

C:\Arquivos de programas\Avira\AntiVir Desktop\avwin.chm: Error opening file for read: 0x00000005

C:\Arquivos de programas\Avira\AntiVir Desktop\sweb.zip: Error opening file for read: 0x00000005

C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\MVREGCLEAN.EXE: File infected with W32/Scar.AV

Deleted file: C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\MVREGCLEAN.EXE

C:\Arquivos de programas\Valve\Steam.dll: File infected with W32/Malware.EZUM

Deleted file: C:\Arquivos de programas\Valve\Steam.dll

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avira\AntiVir Desktop\TEMP\avguard.tmp: Error opening file for read: 0x00000020

C:\Documents and Settings\ANDKNUST\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\ANDKNUST\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\ANDKNUST\Dados de aplicativos\Mozilla\Firefox\Profiles\drtuses0.default\parent.lock: Error opening file for read: 0x00000020

C:\Documents and Settings\ANDKNUST\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\ANDKNUST\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService.AUTORIDADE NT\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\LocalService.AUTORIDADE NT\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService.AUTORIDADE NT\NTUSER.DAT: Error opening file for read: 0x00000020

C:\Documents and Settings\NetworkService.AUTORIDADE NT\ntuser.dat.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\APEX.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\APEX.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ASPECT.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ASPECT.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CIVIC.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CIVIC.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONCOURSE.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONCOURSE.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EQUITY.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EQUITY.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FLOW.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FLOW.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FOUNDRY.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FOUNDRY.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDIAN.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDIAN.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METRO.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METRO.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODULE.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODULE.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPULENT.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPULENT.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIEL.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIEL.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIGIN.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORIGIN.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PAPER.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PAPER.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOLSTICE.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOLSTICE.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TECHNIC.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TECHNIC.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TREK.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TREK.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\URBAN.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\URBAN.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VERVE.EFTX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VERVE.THMX: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109E60061400000000000F01FEC\12.0.4518\XLATE_COMPLETE.XSN_1046: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\1346c90.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\1346ca6.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\13c655.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\13c66c.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\13c683.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\203041.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\203057.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\20306d.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\203084.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\22bdd.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\22bf3.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\22f78f.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\22f81d.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\254e73.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\254e7b.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\25fffc.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\260012.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\260022.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\299086.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\29909d.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2990b4.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a4512.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a4528.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a453f.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a4556.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a456c.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a4584.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a459d.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a45b3.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\2a45c9.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\34c8f.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\34ca6.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\34caf.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\34cb0.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cac.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cad.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cae.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43caf.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cb0.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cb1.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cb2.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cb3.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\43cb4.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\4c10fa5.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\4f8cca1.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\4f8ccb9.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\4f8cccf.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\4f8cce6.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\4f8ccfd.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\5b650.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\5cf263.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\5cf27a.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\759da4.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\759dba.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\759dc5.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\759ddc.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\7748d.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\77499.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\7749a.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\774a9.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\774c4.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\774d1.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\774db.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\7902f.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79030.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79031.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79032.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79033.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79034.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79035.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79036.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79037.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\79038.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\8830bb5.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\8830bcc.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a392c.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a3943.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a395a.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a3971.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a397d.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a3995.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a39ac.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\88a39c3.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\8b26a1.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\8b26a8.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\8b26af.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\8b26b6.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\8b26cc.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\90f2d.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\90f38.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\90f44.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\924055.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\92406c.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\924082.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6fa2f.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6fa47.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6fa5e.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6fa74.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6fa8b.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6faa3.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6faa4.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6fabb.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\b6fad2.msp: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}\1046.MST: Error opening file for read: 0x00000005

C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\ShellUI.MST: Error opening file for read: 0x00000005

C:\WINDOWS\system32\CatRoot2\edb.log: Error opening file for read: 0x00000020

C:\WINDOWS\system32\CatRoot2\tmp.edb: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\default: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\DEFAULT.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SAM: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SAM.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SECURITY: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SECURITY.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\software: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SOFTWARE.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\system: Error opening file for read: 0x00000020

C:\WINDOWS\system32\config\SYSTEM.LOG: Error opening file for read: 0x00000020

C:\WINDOWS\system32\drivers\sptd.sys: Error opening file for read: 0x00000020

--------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:06:35, on 9/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7016 bytes

-------------------------------------------------------------------------------------------------------------

############################## | UsbFix 7.044 | [supressão]

Usuário: ANDKNUST (Administrador) # PC-HOMEKSA [ ]

Atualizado em 25/04/2011 por TeamXscript

Começou em 12:03:43 | 09/05/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel® Pentium® 4 CPU 3.00GHz

CPU 2: Intel® Pentium® 4 CPU 3.00GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall: Habilitado

Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | Updated]

RAM -> 990 Mb

C:\ (%systemdrive%) -> Disco fixo # 24 Gb (12 Mb livre - 50%) [] # NTFS

D:\ -> Disco fixo # 125 Gb (50 Mb livre - 40%) [documentos] # NTFS

E:\ -> CD-ROM

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Recycler\S-1-5-21-1409082233-1637723038-1177238915-1001

Supprimido ! C:\Recycler\S-1-5-21-2052111302-682003330-839522115-1003

Supprimido ! D:\Recycler\S-1-5-21-1409082233-1637723038-1177238915-1001

Supprimido ! D:\Recycler\S-1-5-21-2052111302-682003330-839522115-1003

################## | Registro |

Supprimido ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

################## | Mountpoints2 |

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{d64ef8f6-d889-11de-bb41-0016ec4b124b}

################## | Listing |

[08/05/2011 - 19:16:49 | C | 8263] C:\Ad-Report-CLEAN[1].txt

[18/02/2011 - 21:04:58 | DC ] C:\Adobe

[09/05/2011 - 00:28:19 | DC ] C:\Arquivos de programas

[14/09/2009 - 22:34:44 | C | 0] C:\AUTOEXEC.BAT

[24/09/2009 - 12:44:33 | DC ] C:\autorun.inf

[08/05/2011 - 19:11:31 | DC ] C:\backups

[27/11/2009 - 03:12:35 | SHC | 211] C:\boot.ini

[28/10/2001 - 15:06:10 | C | 4952] C:\Bootfont.bin

[12/02/2010 - 12:36:13 | DC ] C:\CanoScan

[17/09/2009 - 22:14:11 | D ] C:\cmdcons

[14/09/2009 - 22:34:44 | C | 0] C:\CONFIG.SYS

[15/01/2011 - 13:40:40 | C | 256] C:\dk2.mem

[31/12/2002 - 23:22:47 | DC ] C:\Documents and Settings

[20/02/2011 - 12:48:38 | DC ] C:\DriveKey

[29/04/2011 - 21:30:47 | C | 388608] C:\HiJackThis.exe

[09/05/2011 - 05:43:02 | C | 6902] C:\hijackthis.log

[08/05/2011 - 20:54:30 | D ] C:\HostsXpert

[26/03/2011 - 22:02:54 | C | 68792] C:\hpfr3840.log

[25/01/2010 - 23:35:38 | DC ] C:\Inetpub

[31/12/2002 - 23:13:47 | C | 0] C:\IO.SYS

[31/12/2002 - 23:13:47 | C | 0] C:\MSDOS.SYS

[18/03/2010 - 13:20:11 | RHDC ] C:\MSOCache

[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM

[22/11/2009 - 19:21:36 | N | 251696] C:\ntldr

[15/01/2011 - 23:36:03 | DC ] C:\NVIDIA

[09/05/2011 - 07:15:18 | ASH | 1610612736] C:\pagefile.sys

[11/02/2011 - 20:50:10 | DC ] C:\PenClean

[09/05/2011 - 12:05:07 | SHD ] C:\RECYCLER

[01/07/2010 - 19:20:16 | SHD ] C:\System Volume Information

[28/01/2010 - 08:48:19 | D ] C:\temp

[09/05/2011 - 12:05:07 | DC ] C:\UsbFix

[09/05/2011 - 12:06:00 | AC | 1248] C:\UsbFix.txt

[09/05/2011 - 07:15:56 | D ] C:\WINDOWS

[07/03/2011 - 23:09:11 | D ] D:\anderson arquivos

[09/12/2009 - 19:48:04 | DC ] D:\bruce 10 junho 09

[09/05/2011 - 10:46:20 | D ] D:\DAN ARQUIVOS

[14/11/2010 - 19:28:32 | D ] D:\fotos aniver carolina

[04/01/2011 - 14:56:20 | DC ] D:\Meus documentos

[22/12/2010 - 08:23:05 | DC ] D:\minhas musics

[09/05/2011 - 12:05:07 | SHDC ] D:\RECYCLER

[01/07/2010 - 19:20:16 | SHD ] D:\System Volume Information

[03/05/2010 - 15:56:21 | ASH | 120832] D:\Thumbs.db

[09/05/2011 - 07:34:51 | DC ] D:\wagner

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

D:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

################## | Upload |

Favor enviar o arquivo: C:\UsbFix_Upload_Me_PC-HOMEKSA.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

################## | E.O.F |

aguardando respostas!

:) Outros problemas foram removidos do seu PC.

____________________

:seta: Favor enviar o arquivo: C:\UsbFix_Upload_Me_PC-HOMEKSA.zip para o site abaixo para que o Usbfix possa ser aperfeiçoado:

http://www.teamxscript.org/Upload.php

A equipe desenvolvedora do Usbfix agradece pela sua contribuição.

___________________

:seta: Siga também esta dica:

Tutorial do Kaspersky Virus Removal Tool

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.

Boa Noiteee..

ja enviei o arquivo como pedido =)

aqui vão os logs

Verificação automática: concluído 3 minutos atrás (eventos: 2, objetos: 497993, hora: 02:35:50)

10/5/2011 16:09:13 Tarefa iniciada Ação padrão selecionada

10/5/2011 18:45:04 Tarefa concluída Ação padrão selecionada

---------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:51:05, on 10/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{52B03A6C-DA2A-45EB-A2D0-77CD73BEE6A1}: NameServer = 200.165.132.154,200.165.132.147

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 6953 bytes

------------------------------------------------------------------------------------------------------------

Normalmente o pc ta OK..

desde q tirei a placa de video do PC ele nao teve mais nenhum problema.. O que eu faço agora? tento instalar de novo? mas nao tenhu o driver correto :/ a placa e ( GE FORCE FX 5500 AGP )

Abraços

:) Seus logs estão limpos.

___________________

:seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:

Tutorial do ToolsCleaner

__________________

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

Ccleaner

Auslogics Disk Defrag

SpywareBlaster

Siga também as dicas deste tutorial:

Dicas para deixar seu computador mais rápido e eficiente

_____________________

:seta: Para evitar que os malwares voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

_____________________

:seta: Fazendo isto, seu PC já estará livre dos virus e malwares que haviam nele.

_____________________

Normalmente o pc ta OK..desde q tirei a placa de video do PC ele nao teve mais nenhum problema.. O que eu faço agora? tento instalar de novo? mas nao tenhu o driver correto :/ a placa e ( GE FORCE FX 5500 AGP )

:seta: Quanto a esta questão sugiro que você crie um novo tópico na área abaixo que é específica para esta questão:

http://forum.imasters.com.br/forum/85-placas-de-video-e-multimidia/

_____________________

:thumbsup: Foi um prazer ajudar, conte sempre conosco!

Muito obrigado Antonio Vieira!

creio q o meu problema seja na minha placa de video mesmo hehehehe

abraços ate a proxima ;)

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.