[Resolvido!]Trojan PWS.Bancos

[LaércioSt1 0]

Bom dia, caro amigos.

 

O Trojan PWS.Bancos está constantemente sendo detectado pelo antivírus Spyware Doctor.

 

Será que há uma maneira de saber se meu pc ainda está contaminado, e, ainda melhor, como poderia fazer para me livrar desse vírus?

 

Desde já agradeço qualquer ajuda.

 

Segue o log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:01:52, on 13/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Thunderbird\thunderbird.exe

C:\Documents and Settings\Laercio\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.paraquedismoboituva.com.br/VatDec.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14B73379-2516-4AEF-9E41-48CB87275870}: NameServer = 200.255.121.39 200.169.117.14

O17 - HKLM\System\CS1\Services\Tcpip\..\{14B73379-2516-4AEF-9E41-48CB87275870}: NameServer = 200.255.121.39 200.169.117.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

[DigRam 144]

Boa Tarde LaércioSt1!

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

 

<!> Leia o Tutorial: < Link >

 

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

___________________________

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

[LaércioSt1 0]

Boa Tarde LaércioSt1!

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

 

<!> Leia o Tutorial: < Link >

 

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

___________________________

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

[LaércioSt1 0]

Boa tarde, DigRam, e obrigado por ter respondido tão rapidamente.

 

Seguindo suas instruções, aqui vai o resultado da sua orientação:

 

 

BitDefender Log File !!!!!

Product : BitDefender Total Security 2008

Version : BitDefender UIScanner v.11

Log date : 12:07:37 14/03/2008

Log path : C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender\Desktop\Profiles\Logs\full_scan\1205507257_1_02.xml

 

Scan Paths:Path0000: C:\

Path0001: D:\

 

 

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : Yes

 

 

Target selection options:Scan registry keys : Yes

Scan cookies : Yes

Scan boot sectors : Yes

Scan memory processes : Yes

Scan archives : No

Scan runtime packers : Yes

Scan emails : Yes

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

 

 

Target ProcessingDefault action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

 

 

Scan engines summaryNumber of virus signatures : 985302

Archive plugins : 41

Email plugins : 6

Scan plugins : 12

Archive plugins : 41

System plugins : 4

Unpack plugins : 7

 

 

Overall scan summaryScanned items : 169343

Infected items : 3

Suspicious items : 0

Resolved items : 3

Individual viruses found : 1

Scanned directories : 3568

Scanned boot sectors : 3

Scanned archives : 16112

Input-output errors : 23

Scan time : 00:00:39:28

Files per second : 71

 

 

Scanned processes summaryScanned : 26

Infected : 0

 

 

Scanned registry keys summaryScanned : 286

Infected : 0

 

 

Scanned cookies summaryScanned : 0

Infected : 0

 

 

Remaining issues:Object Name Threat Name Final Status

 

 

Resolved issues:Object Name Threat Name Final Status

C:\RECYCLER\S-1-5-21-73586283-926492609-725345543-1001\Dc58.exe Spyware.Tool.PV Deleted

C:\System Volume Information\_restore{D7272F73-0602-41B0-855C-9A34A4FCEDCE}\RP126\A0044030.exe Spyware.Tool.PV Deleted

C:\System Volume Information\_restore{D7272F73-0602-41B0-855C-9A34A4FCEDCE}\RP131\A0044101.exe Spyware.Tool.PV Deleted

 

 

Objects that were not scanned:Object Name Reason Final Status

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn1.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn1.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn10.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn10.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn11.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn11.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn12.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn12.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn13.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn13.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn14.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn14.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn15.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn15.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn2.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn2.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn3.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn3.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn4.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn4.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn5.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn5.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn6.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn6.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn7.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn7.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn8.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn8.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn9.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn9.zip=]sbRecovery.ini Password-Protected No action was possible

 

 

_________________________________________________xxxxxxxxxx_____________________

_

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:14:59, on 14/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\DllHost.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\seccenter.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Microsoft Office\Office\WINWORD.EXE

C:\Documents and Settings\Laercio\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Arquivos de programas\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Arquivos de programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.paraquedismoboituva.com.br/VatDec.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

 

 

 

 

Fico no aguardo de suas novas instruções.

[DigRam 144]

Boa Tarde! LaércioSt1

 

>@< Abra o Spybot Search & Destroy.

>@< No menu superior, vá em Modo e selecione a opção Avançado. Confirme!

>@< Clique no botão Ferramentas e depois em Residente.

>@< Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

>@< Saia do programa! ( By Ideiafix )

__________________________

 

>@< Faça um novo scan,com o seu antivírus. ( BitDefender )

>@< Poste o relatório! Delete o anterior.

 

Abraços!

[LaércioSt1 0]

Olá, DigRam.

 

Fiz o procedimento que você indicou, e abaixo vai o resultado:

 

 

 

 

BitDefender Log File !!!!!

Product : BitDefender Total Security 2008

Version : BitDefender UIScanner v.11

Log date : 20:12:40 14/03/2008

Log path : C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender\Desktop\Profiles\Logs\full_scan\1205536360_1_02.xml

 

Scan Paths:Path0000: C:\

Path0001: D:\

 

 

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : Yes

 

 

Target selection options:Scan registry keys : Yes

Scan cookies : Yes

Scan boot sectors : Yes

Scan memory processes : Yes

Scan archives : No

Scan runtime packers : Yes

Scan emails : Yes

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

 

 

Target ProcessingDefault action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

 

 

Scan engines summaryNumber of virus signatures : 995267

Archive plugins : 41

Email plugins : 6

Scan plugins : 12

Archive plugins : 41

System plugins : 4

Unpack plugins : 7

 

 

Overall scan summaryScanned items : 159137

Infected items : 0

Suspicious items : 0

Resolved items : 0

Individual viruses found : 0

Scanned directories : 3566

Scanned boot sectors : 3

Scanned archives : 16076

Input-output errors : 25

Scan time : 00:00:44:10

Files per second : 59

 

 

Scanned processes summaryScanned : 28

Infected : 0

 

 

Scanned registry keys summaryScanned : 287

Infected : 0

 

 

Scanned cookies summaryScanned : 0

Infected : 0

 

 

Remaining issues:Object Name Threat Name Final Status

 

 

Resolved issues:Object Name Threat Name Final Status

 

 

Objects that were not scanned:Object Name Reason Final Status

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn1.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn1.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn10.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn10.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn11.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn11.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn12.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn12.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn13.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn13.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn14.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn14.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn15.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn15.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn2.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn2.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn3.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn3.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn4.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn4.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn5.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn5.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn6.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn6.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn7.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn7.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn8.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn8.zip=]sbRecovery.ini Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn9.zip=]sbRecovery.reg Password-Protected No action was possible

C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Recovery\WinBankerekn9.zip=]sbRecovery.ini Password-Protected No action was possible

 

 

Fico aguardando sua análise e orientação.

 

Grato.

[DigRam 144]

Boa Noite! LaércioSt1

 

>@< O Trojan PWS.Bancos,ainda lhe incomoda?

>@< O log está limpo! :thumbsup:

 

Abraços!

[LaércioSt1 0]

Amigo DigRam,

 

 

 

Este problema foi resolvido, obrigado pela sua ajuda e presteza.

 

 

Entretanto, mesmo depois de o ter removido, o Bitdefender continua aparecendo na inicialização do pc e não sei como fazer para resolver isso. Será o caso de postar um novo tópico ou você poderia continuar me ajudando?

 

 

Abração.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 07:38:18, on 15/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Arquivos de programas\HIJACK\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehUni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Arquivos de programas\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Arquivos de programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Arquivos de programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Arquivos de programas\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.paraquedismoboituva.com.br/VatDec.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14B73379-2516-4AEF-9E41-48CB87275870}: NameServer = 200.255.121.39 200.169.117.14

O17 - HKLM\System\CS1\Services\Tcpip\..\{14B73379-2516-4AEF-9E41-48CB87275870}: NameServer = 200.255.121.39 200.169.117.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

 

 

 

Amigo DigRam:

 

Resolvi o problema mencionado acima, portanto, não precisa dar atenção a ele.

 

Muito obrigado por tudo.

 

Laércio.

[DigRam 144]

Boa Tarde! LaércioSt1

 

Este problema foi resolvido, obrigado pela sua ajuda e presteza.

Entretanto, mesmo depois de o ter removido, o Bitdefender continua aparecendo na inicialização do pc e não sei como fazer para resolver isso. Será o caso de postar um novo tópico ou você poderia continuar me ajudando?

>@< Continuarei a lhe ajudar!

_______________________

 

>@< A verificação que voçê fez,em BitDefender,foi com o antivírus: BitDefender Total Security 2008

>@< Na realidade,não foi executado um escaneamento online e sim,baixado o BitDefender. ( Antivírus )

>@< O Spyware Doctor,que voçê chama de antivírus,é um antispyware e não possui a engenharia de um antivírus.

>@< Vá em Adicionar e remover programas,e desinstale o BitDefender.

>@< Normalmente,os antivírus possuem seus próprios desinstaladores.Utilize-os primeiramente!

>@< O curioso,foi que o antivírus resolveu o seu problema e,desinstalando-o,voçê ficará sem essa proteção.

>@< Procure,então,adquirir um bom antivírus free!

 

<!> Sugiro: < Antivir Personal Edition >

 

>@< O Log está limpo e,seu problema agora,está na instalação de um bom antivírus.

 

Abraços!

[LaércioSt1 0]

Olá, DigRam.

 

 

 

Segui suas orientações e o problema, ou melhor, os problemas foram todos solucionados.

 

Salvo melhor juízo, dou o assunto como totalmente resolvido.

 

 

Muito obrigado pela sua ajuda mais uma vez!

 

 

Abração.

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.