[Arquivado] Meu pc inicia lerdo e nao desliga

[pepeo 0]

Tipo, quando aparece o bem Vindo do Windows, Demora quase 30 seg para entrar no windows..

e quando vou no iniciar para desligar o pc, ai o pc nem desliga, e ja passei anti virus.. Kaspersky, Avira, Spybot, ccleaner, Ad-aware, Advanced System Care Profissional, e nenhum deles dectetou Virus.. e quando baixei o Banker Fix, ai ele executa e fecha sozinho.. vou Postar o HijackThis Log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:58 T?l?p? , on 13/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\Arquivos de programas\Sandboxie\SbieSvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Felipe\CONFIG~1\Temp\Rar$EX00.812\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\Explorer.exe

O4 - Startup: Speedy.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Adicionar ao Bloqueador de Banners - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas de protecção do Tráfego de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://birdtable.derby-college.ac.uk/kxhcm10.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198195117675

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198199945500

O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{44C3EB4D-DF4A-4335-A85F-0B93972328A7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{60ECD4EE-3F94-42DF-B508-6CF5821D0359}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS6\Services\Tcpip\..\{44C3EB4D-DF4A-4335-A85F-0B93972328A7}: NameServer = 208.67.222.222,208.67.220.220

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Arquivos de programas\Sandboxie\SbieSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10822 bytes

 

 

Espero que alguem me ajude.. Obrigado :thumbsup:

[Power Max 54]

:thumbsup: Olá Pepeo! Seja bem-vindo ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

[pepeo 0]

:thumbsup: Olá Pepeo! Seja bem-vindo ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

 

 

 

Ok.. vou fazer.. Já dou a resposta !

Obrigado !

[Power Max 54]

Ok.. vou fazer.. Já dou a resposta !

Obrigado !

Valeu, ficamos na espera.

[pepeo 0]

Ok.. vou fazer.. Já dou a resposta !

Obrigado !

Valeu, ficamos na espera.

 

 

Ai Está o resultado do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:27:32 T?l?p? , on 15/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Documents and Settings\Felipe\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Felipe\CONFIG~1\Temp\Rar$EX00.187\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - Startup: Speedy.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Adicionar ao Bloqueador de Banners - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas de protecção do Tráfego de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{44C3EB4D-DF4A-4335-A85F-0B93972328A7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{60ECD4EE-3F94-42DF-B508-6CF5821D0359}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS6\Services\Tcpip\..\{44C3EB4D-DF4A-4335-A85F-0B93972328A7}: NameServer = 208.67.222.222,208.67.220.220

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8059 bytes

============================

 

E o resultado do Malware

 

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2280

Windows 5.1.2600 Service Pack 3

 

15/6/2009 01:43:27 T?l?p?

mbam-log-2009-06-15 (01-43-27).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 174097

Tempo decorrido: 49 minute(s), 58 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 1

Ítens do Registro infectados: 3

Pastas infectadas: 0

Arquivos infectados: 1

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

c:\WINDOWS\Explorer.sav (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

mas o meu orkut ta lerdo.... 0.o

nao tem como resolver a net ?? minha net é Speedy 2 mb

 

Espero a resposta

[Power Max 54]

:thumbsup: Vários problemas foram eliminados pelo Malwarebytes.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix.

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[pepeo 0]

Fiz ISto, Ai Está o Resultado do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:18 T?l?p? , on 16/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\DOCUME~1\Felipe\CONFIG~1\Temp\Rar$EX00.641\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - Startup: Speedy.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Adicionar ao Bloqueador de Banners - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Estatísticas de protecção do Tráfego de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{44C3EB4D-DF4A-4335-A85F-0B93972328A7}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{60ECD4EE-3F94-42DF-B508-6CF5821D0359}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS6\Services\Tcpip\..\{44C3EB4D-DF4A-4335-A85F-0B93972328A7}: NameServer = 208.67.222.222,208.67.220.220

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 7863 bytes

 

 

E o resultado do ComboFix

 

ComboFix 09-06-16.01 - Felipe 16/06/2009 23:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.579 [GMT -3:00]

Executando de: d:\programas\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

* Criado um novo ponto de restauração

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\WinPCap

c:\arquivos de programas\WinPCap\daemon_mgm.exe

c:\arquivos de programas\WinPCap\NetMonInstaller.exe

c:\arquivos de programas\WinPCap\npf_mgm.exe

c:\arquivos de programas\WinPCap\rpcapd.exe

c:\arquivos de programas\WinPCap\Uninstall.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

c:\windows\jestertb.dll

c:\windows\system32\msssc.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-17 to 2009-06-17 ))))))))))))))))))))))))))))

.

 

2009-06-15 04:55 . 2009-06-15 04:55 -------- d-----w- c:\arquivos de programas\CrazyChat 2.3

2009-06-15 03:02 . 2009-06-15 03:02 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Malwarebytes

2009-06-15 03:02 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-15 03:02 . 2009-06-15 03:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-15 03:02 . 2009-06-15 03:02 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-15 03:02 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-12 03:45 . 2009-06-12 03:50 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-06-12 03:34 . 2009-06-12 03:34 -------- d-----w- c:\windows\system32\xircom

2009-06-10 02:28 . 2009-06-10 02:34 -------- d-----w- C:\LinhaDefensiva

2009-06-09 22:07 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-09 22:07 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-08 20:05 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-06-08 20:05 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-06-08 20:05 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-06-08 20:05 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-06-04 15:51 . 2009-06-04 15:51 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\dBpoweramp

2009-06-04 15:48 . 2009-06-04 15:48 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\AccurateRip

2009-06-04 15:47 . 2009-06-04 15:47 14381 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-06-04 15:47 . 2009-06-04 15:47 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe

2009-06-04 15:47 . 2009-06-04 15:47 -------- d-----w- c:\arquivos de programas\Illustrate

2009-05-27 21:08 . 2009-05-27 21:08 -------- d-----w- c:\arquivos de programas\GameVicio

2009-05-27 20:34 . 2009-05-27 20:34 -------- d-----w- c:\arquivos de programas\Sierra

2009-05-27 00:04 . 2004-07-09 07:26 354816 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll

2009-05-27 00:04 . 2004-07-09 07:26 354816 ----a-w- c:\windows\system32\psisdecd.dll

2009-05-27 00:04 . 2004-07-09 07:26 52096 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2009-05-27 00:04 . 2004-07-09 07:26 52096 ----a-w- c:\windows\system32\drivers\msdv.sys

2009-05-27 00:04 . 2004-07-09 07:26 15104 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2009-05-27 00:04 . 2004-07-09 07:26 15104 ----a-w- c:\windows\system32\drivers\mpe.sys

2009-05-27 00:04 . 2004-07-09 07:26 11392 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2009-05-27 00:04 . 2004-07-09 07:26 11392 ----a-w- c:\windows\system32\drivers\bdasup.sys

2009-05-27 00:04 . 2001-08-23 08:00 10496 -c--a-w- c:\windows\system32\dllcache\dxapi.sys

2009-05-27 00:04 . 2002-12-12 03:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe

2009-05-26 23:59 . 2009-05-26 23:59 -------- d-----w- c:\arquivos de programas\DirectX Buster

2009-05-26 23:59 . 2009-05-26 23:59 -------- d-----w- c:\windows\uninstall\DirectX Buster

2009-05-26 23:59 . 2009-05-26 23:59 -------- d-----w- c:\windows\uninstall

2009-05-26 22:23 . 2009-05-26 22:23 314200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\threatwork.exe

2009-05-26 22:23 . 2009-05-26 22:23 25440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\savapibridge.dll

2009-05-26 22:23 . 2009-05-26 22:23 15688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-05-26 22:23 . 2009-05-26 22:23 169312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lavamessage.dll

2009-05-26 22:23 . 2009-05-26 22:23 348496 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\lavalicense.dll

2009-05-26 22:23 . 2009-05-26 22:23 294240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2009-05-26 22:23 . 2009-05-26 22:23 83808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\ShellExt.dll

2009-05-26 22:22 . 2009-05-26 22:22 1630048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Resources.dll

2009-05-26 22:22 . 2009-05-26 22:22 212848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\RPAPI.dll

2009-05-26 22:22 . 2009-05-26 22:22 40288 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2009-05-26 22:22 . 2009-05-26 22:22 640360 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\CEAPI.dll

2009-05-26 22:22 . 2009-05-26 22:22 540536 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2009-05-26 22:22 . 2009-05-26 22:22 559464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2009-05-26 22:22 . 2009-05-26 22:22 2352456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-05-26 22:22 . 2009-05-26 22:22 627536 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWWSC.exe

2009-05-26 22:22 . 2009-05-26 22:22 518488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-05-26 22:22 . 2009-05-26 22:22 1005904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-05-26 22:03 . 2009-06-05 19:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-05-26 18:30 . 2009-05-26 18:35 -------- d--h--w- c:\windows\msdownld.tmp

2009-05-26 18:30 . 2009-05-26 18:30 -------- d-----w- c:\windows\Logs

2009-05-26 00:46 . 2009-05-26 00:46 -------- d-sh--w- c:\documents and settings\Familia\IECompatCache

2009-05-23 03:27 . 2009-05-23 03:27 -------- d-----w- C:\Sandbox

2009-05-23 03:15 . 2009-06-14 04:31 -------- d-----w- c:\arquivos de programas\Sandboxie

2009-05-21 03:22 . 2009-05-21 03:22 -------- d-sh--w- c:\documents and settings\Familia\PrivacIE

2009-05-21 03:01 . 2009-05-21 03:01 -------- d-sh--w- c:\documents and settings\Familia\IETldCache

2009-05-20 21:57 . 2009-05-20 21:57 -------- d-----w- c:\documents and settings\Felipe\SystemRequirementsLab

2009-05-19 22:28 . 2009-05-26 22:23 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-05-19 22:20 . 2009-05-19 22:19 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-05-19 22:19 . 2009-05-19 22:19 64160 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys

2009-05-19 22:19 . 2009-05-19 22:19 73064 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

2009-05-19 22:16 . 2009-05-19 22:16 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-05-19 22:16 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe

2009-05-19 22:16 . 2009-05-19 22:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-05-19 22:16 . 2009-05-19 22:16 -------- d-----w- c:\arquivos de programas\Lavasoft

2009-05-19 18:30 . 2009-06-09 22:22 -------- d-----w- c:\windows\ie8updates

2009-05-19 18:30 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-05-19 18:20 . 2009-05-19 18:29 -------- dc-h--w- c:\windows\ie8

2009-05-18 19:51 . 2009-05-18 19:51 673280 ----a-w- c:\windows\is-FBT19.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-17 02:32 . 2007-12-20 23:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2009-06-17 02:29 . 2008-11-25 20:37 745504 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-17 02:29 . 2008-11-25 20:37 4676 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-17 02:29 . 2008-11-25 20:37 3107360 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-17 02:29 . 2008-11-25 20:37 26404 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-15 21:04 . 2008-09-13 14:53 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\LimeWire

2009-06-14 16:17 . 2008-11-22 23:18 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-14 04:37 . 2007-12-20 23:30 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-14 04:32 . 2009-03-05 15:50 -------- d-----w- c:\arquivos de programas\IObit

2009-06-12 15:32 . 2009-04-25 04:22 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\ManyCam

2009-06-12 15:32 . 2008-09-14 14:59 -------- d-----w- c:\arquivos de programas\LimeWire

2009-06-12 06:17 . 2008-02-17 03:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-12 05:08 . 2008-08-18 01:11 -------- d-----w- c:\arquivos de programas\Glary Utilities

2009-06-09 23:55 . 2001-10-28 18:07 61400 -c--a-w- c:\windows\system32\perfc016.dat

2009-06-09 23:55 . 2001-10-28 18:07 413126 -c--a-w- c:\windows\system32\perfh016.dat

2009-06-07 04:01 . 2008-10-08 00:17 -------- d-----w- c:\arquivos de programas\Valve

2009-06-07 02:45 . 2009-03-10 19:12 -------- d-----w- c:\arquivos de programas\CrossLoop

2009-06-04 15:18 . 2008-01-13 03:08 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\LimeWire

2009-06-01 03:11 . 2008-05-19 02:12 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Camfrog

2009-05-20 21:57 . 2009-03-28 19:19 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-05-20 20:47 . 2008-11-25 20:38 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-05-20 20:47 . 2008-11-25 20:38 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-05-18 20:07 . 2008-08-18 01:19 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\GlarySoft

2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-12 23:28 . 2009-01-28 16:33 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\IObit

2009-05-12 17:25 . 2009-05-12 17:25 0 ----a-w- c:\windows\nsreg.dat

2009-05-09 03:22 . 2009-05-09 03:22 225884 ----a-w- c:\documents and settings\Felipe\Dados de aplicativos\Smart PC Solutions\Smart PC Suite\Update\stopapi4.dll

2009-05-09 03:21 . 2009-05-09 03:21 44124 ----a-w- c:\documents and settings\Felipe\Dados de aplicativos\Smart PC Solutions\Smart PC Suite\Update\kernel40.dll

2009-05-09 03:17 . 2009-05-09 03:17 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\Smart PC Solutions

2009-05-09 03:17 . 2009-05-09 03:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-05-09 03:16 . 2009-05-09 03:16 -------- d-----w- c:\arquivos de programas\Smart PC Solutions

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-05-07 03:14 . 2009-05-07 03:14 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Media Player Classic

2009-05-07 03:14 . 2009-05-07 03:14 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\DivX

2009-05-07 02:49 . 2008-09-30 15:26 -------- d-----w- c:\documents and settings\Felipe\Dados de aplicativos\IObit

2009-05-07 02:49 . 2008-01-14 19:52 -------- d-----w- c:\arquivos de programas\Motorola Phone Tools

2009-05-06 19:18 . 2009-05-06 19:18 -------- d-----w- c:\arquivos de programas\Asus

2009-05-02 02:21 . 2009-04-01 02:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Agnitum Shared

2009-05-01 03:31 . 2009-05-01 03:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

2009-05-01 03:31 . 2009-05-01 03:31 449056 ----a-w- c:\windows\system32\nvappbar.exe

2009-05-01 03:31 . 2009-05-01 03:31 436768 ----a-w- c:\windows\system32\keystone.exe

2009-05-01 03:31 . 2009-05-01 03:31 466944 ----a-w- c:\windows\system32\nvshell.dll

2009-05-01 03:31 . 2009-05-01 03:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll

2009-05-01 03:31 . 2009-05-01 03:31 1507328 ----a-w- c:\windows\system32\nview.dll

2009-05-01 03:31 . 2009-05-01 03:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll

2009-05-01 01:02 . 2009-05-01 01:02 1579630 ----a-w- c:\windows\system32\nvdata.bin

2009-05-01 01:02 . 2009-05-01 01:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-05-01 01:02 . 2009-02-18 17:44 663552 ----a-w- c:\windows\system32\nvcuvid.dll

2009-05-01 01:02 . 2007-12-22 14:30 457248 -c--a-w- c:\windows\system32\nvudisp.exe

2009-05-01 01:02 . 2007-12-05 03:41 9994240 ----a-w- c:\windows\system32\nvoglnt.dll

2009-05-01 01:02 . 2007-12-05 03:41 806912 ----a-w- c:\windows\system32\nvapi.dll

2009-05-01 01:02 . 2007-12-05 03:41 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-05-01 01:02 . 2007-12-05 03:41 5896320 ----a-w- c:\windows\system32\nv4_disp.dll

2009-05-01 01:02 . 2007-12-05 03:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-05-01 01:02 . 2007-12-05 03:41 143360 ----a-w- c:\windows\system32\nvcodins.dll

2009-05-01 01:02 . 2007-12-05 03:41 143360 ----a-w- c:\windows\system32\nvcod.dll

2009-04-28 17:09 . 2009-04-28 17:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-04-28 17:09 . 2009-04-28 17:06 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-04-28 17:06 . 2009-04-28 17:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-04-28 17:06 . 2009-04-28 17:06 -------- d-----w- c:\arquivos de programas\Avira

2009-04-27 16:31 . 2009-04-21 01:03 -------- d-----w- c:\arquivos de programas\sXe Injected

2009-04-27 03:42 . 2007-12-22 14:30 457248 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-04-27 02:32 . 2009-02-24 03:21 -------- d-----w- c:\arquivos de programas\Smallvideosoft

2009-04-26 03:33 . 2009-04-26 03:32 -------- d-----w- c:\arquivos de programas\ManyCam 2.4

2009-04-22 12:46 . 2007-12-20 23:38 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-04-20 02:26 . 2009-04-20 02:26 -------- d-----w- c:\arquivos de programas\Camfrog

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-18 22:22 . 2009-04-18 22:22 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-04-18 02:50 . 2009-04-18 02:50 -------- d-----w- c:\arquivos de programas\Motorola

2009-04-18 02:45 . 2008-01-14 19:54 -------- d-----w- c:\arquivos de programas\Avanquest update

2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-03-24 21:33 . 2009-03-24 21:33 237264 -c--a-w- c:\documents and settings\Felipe\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

2009-03-22 21:16 . 2009-03-22 21:16 720896 -c--a-w- c:\windows\iun6002ev.exe

2004-07-22 12:51 . 2004-07-22 12:51 3432656 -c--a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 00:58 . 2004-07-20 00:58 1156363 -c--a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 00:53 . 2004-07-20 00:53 976020 -c--a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 16:17 . 2004-07-09 16:17 13265040 -c--a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 11:13 . 2004-07-09 11:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 11:13 . 2004-07-09 11:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 06:08 . 2004-07-09 06:08 472576 -c--a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 06:08 . 2004-07-09 06:08 2242560 -c--a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 05:03 . 2004-07-09 05:03 62976 -c--a-w- c:\arquivos de programas\DSETUP.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-22 206088]

"Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-26 518488]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehuni.dll" [2008-01-29 345504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2008-01-29 18:34 345504 ----a-w- c:\arquiv~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WinVNC4"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"SNPSTD2"=c:\windows\vsnpstd2.exe

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"nwiz"=nwiz.exe /install

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]

R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [x]

R3 viafilter;VIA USB Filter;c:\windows\System32\Drivers\viausb1.sys [2001-09-19 9728]

R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [x]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-22 33808]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-19 64160]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]

S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-04-03 16896]

S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-04-03 53248]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-06-12 108289]

S2 AsProbe;AsProbe;c:\windows\system32\drivers\AsProbe.sys [2004-06-24 4644]

S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [2008-01-29 45968]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-05-26 1005904]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:22]

 

2009-06-15 c:\windows\Tasks\AWC Update.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-05-05 13:15]

 

2009-06-17 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2008-08-18 14:39]

 

2009-06-16 c:\windows\Tasks\User_Feed_Synchronization-{0DD3659B-92F5-46DC-BC40-1F28A8D81C7A}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

 

2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{3870D6C8-041E-48D7-B5AC-627A3B5BB85B}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

IE: Add to AMV Convert Tool... - c:\arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

IE: Adicionar ao Bloqueador de Banners - c:\arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

TCP: {44C3EB4D-DF4A-4335-A85F-0B93972328A7} = 208.67.222.222,208.67.220.220

TCP: {60ECD4EE-3F94-42DF-B508-6CF5821D0359} = 200.204.0.10 200.204.0.138

FF - ProfilePath -

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-16 23:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\GbpSv]

@Denied: (A 2 3 6) (LocalSystem)

@Denied: (A C D 2 3 6) (S-1-2-0)

@Allowed: (B C D 1 4 5) (LocalSystem)

@Allowed: (Read) (S-1-2-0)

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000001

"ImagePath"=expand:"c:\\ARQUIV~1\\GbPlugin\\GbpSv.exe"

"DisplayName"="Gbp Service"

"Group"="GbPlugin Group"

"ObjectName"="LocalSystem"

"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,

00,01,00,00,00,e8,03,00,00

"Description"="Service for G-Buster Browser Defense"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1156)

c:\arquiv~1\GbPlugin\gbiehuni.dll

 

- - - - - - - > 'explorer.exe'(3312)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\CF4050.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-17 23:38 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-17 02:37

 

Pré-execução: 7 pasta(s) 44.853.194.752 bytes disponíveis

Pós execução: 7 pasta(s) 44.754.399.232 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8

348

 

 

Problema é q o Orkut Aqui nao entra no Recados de alguem,Tem A Solução ? Espero a Resposta.. Obrigado ! :thumbsup:

[Power Max 54]

:thumbsup: Mais problemas foram removidos pelo Combofix.

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

 

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

________________________________________________________________________________

 

:seta: Depois disto siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\EsetOnlineScanner\log

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.