[Resolvido!] Trojan TR/Spy.Banker.265216 nos arquivos de seguranç

[wluiz 0]

Olá pessoal,

 

Verifiquei que o TR/Spy.Banker.265216 está alojado nos arquivos Gbplugin utilizados para acessar sites de bancos.

Gostaria de uma ajuda para retirá-lo de meu sistema.

Segue a seguir o log do HiJack, obrigado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:19:45, on 14/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\VM305_STI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Aplicativos\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

D:\Aplicativos\BlueSoleil\BtTray.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE

D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

D:\Aplicativos\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\HiJack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\aplicativos\adobe\reader\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Aplicativos\avg\avg8\avgssie.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Aplicativos\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [btTray] "D:\Aplicativos\BlueSoleil\BtTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [JustVoip] "D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PC Probe II V1.03.05.lnk = D:\Aplicativos\ASUS\PC Probe II\Probe2.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\APLICA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - D:\Aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - D:\Aplicativos\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APLICA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1215188654890

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - D:\Aplicativos\BlueSoleil\BsHelpCS.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 11195 bytes

[Power Max 54]

:) Olá wluiz! Seja bem-vindo ao Fórum Imasters.

 

* Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Aplicativos\avg\avg8\avgssie.dll (file missing)

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

_________________________________________________________________________________

 

* Faça o download da ferramenta Bankerfix no link abaixo e salve-a no Desktop:

http://www.linhadefensiva.org/dl/bankerfix

 

*Desative temporariamente seu antivírus e anti-spyware

* Dê um duplo clique no arquivo bankerfix.exe.

*Clique OK > SIM (se pedir alguma atualização) > OK

*Tecle ENTER e aguarde.

*Ao encerrar leia a mensagem da tela e tecle ENTER

*O log será criado em C:\LinhaDefensiva\relatorio.txt

_________________________________________________________________________________

 

* Você está usando uma versão antiga do Avira Antivir. Vá no menu: Iniciar > Painel de Controle > Adicionar ou remover programas > selecione o Avira e clique no botão Remover. Aí é só ir seguindo os passos que o desinstalador vai te passando.

 

Depois disto faça o download do novo Avira Antivir Personal 9 Free.

 

Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:

 

Tutorial do Avira Antivir 9 free (instalação e configuração)

 

Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

 

Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.

_______________________________________________________________

 

* Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis e o log do Bankerfix que estará em C:\LinhaDefensiva\relatorio.txt para que eles possam ser analizados.

 

Ficamos no aguardo de sua resposta.

[wluiz 0]

Olá Antônio!

Obrigado pela resposta e pelas dicas.

Segui todos os passos sugeridos e aparentemente o remédio surtiu efeito.

Seguem a seguir os logs solicitados:

---------------------------

1. HiJackThis

---------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:26:55, on 16/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\VM305_STI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Aplicativos\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

D:\Aplicativos\BlueSoleil\BtTray.exe

D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE

D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Aplicativos\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\HiJack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\aplicativos\adobe\reader\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Aplicativos\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [btTray] "D:\Aplicativos\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [JustVoip] "D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PC Probe II V1.03.05.lnk = D:\Aplicativos\ASUS\PC Probe II\Probe2.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\APLICA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - D:\Aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - D:\Aplicativos\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APLICA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215188654890

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - D:\Aplicativos\BlueSoleil\BsHelpCS.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 10712 bytes

 

----------------------------------

2. Bankerfix

----------------------------------

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-07-16 - 19:50

-------------------------------------------------------

Lista de Definição: 2009-06-26-1 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- Fim -------------------------

 

--------------------------------------

3. Avira Antivirus

--------------------------------------

 

 

Avira AntiVir Personal

Report file date: quinta-feira, 16 de julho de 2009 21:07

 

Scanning for 1544243 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Save mode

Username : Administrador

Computer name : WALDEMAR-HOME

 

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 3/6/2009 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/5/2009 13:14:47

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 14:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 15:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 14:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 16:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/6/2009 23:30:39

ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 12/7/2009 23:31:15

ANTIVIR3.VDF : 7.1.4.246 388096 Bytes 16/7/2009 23:31:27

Engineversion : 8.2.0.220

AEVDF.DLL : 8.1.1.1 106868 Bytes 30/4/2009 15:52:04

AESCRIPT.DLL : 8.1.2.16 438651 Bytes 16/7/2009 23:32:17

AESCN.DLL : 8.1.2.3 127347 Bytes 14/5/2009 15:02:01

AERDL.DLL : 8.1.2.4 430452 Bytes 16/7/2009 23:32:12

AEPACK.DLL : 8.1.3.18 401783 Bytes 27/5/2009 20:07:20

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 16/7/2009 23:32:04

AEHEUR.DLL : 8.1.0.143 1864055 Bytes 16/7/2009 23:32:01

AEHELP.DLL : 8.1.4.5 229748 Bytes 16/7/2009 23:31:38

AEGEN.DLL : 8.1.1.48 348532 Bytes 16/7/2009 23:31:35

AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 18:32:40

AECORE.DLL : 8.1.7.5 180597 Bytes 16/7/2009 23:31:30

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 18:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 14:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 18:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 14:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/3/2009 19:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 14:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 19:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 14:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/5/2009 19:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/4/2009 14:19:48

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: d:\aplicativos\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: quarantine

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: quinta-feira, 16 de julho de 2009 21:07

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '110' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

Begin scan in 'D:\'

D:\Aplicativos\Conversor de Video\SUPER\SUPER1.dlm

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4aafc70e.qua'!

D:\Instaladores\Adobe\Adobe Premiere Pro 7.0\Premiere Pro\DirectX9\dxnt.cab

[0] Archive type: CAB (Microsoft)

--> encapi.dll

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

D:\Instaladores\Paint Shop Pro 8.10\jascpaintshopprov8.10try&buypatchlash.zip

[0] Archive type: ZIP

--> Patcher.exe

[DETECTION] Contains recognition pattern of the APPL/Tool.TPE.F application

[NOTE] The file was moved to '4ad2cb4c.qua'!

D:\Instaladores\Paint Shop Pro 8.10\psp810entr.exe

[0] Archive type: CAB SFX (self extracting)

--> \Data1.cab

[1] Archive type: CAB (Microsoft)

--> Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24

[WARNING] No further files can be extracted from this archive. The archive will be closed

 

 

End of the scan: quinta-feira, 16 de julho de 2009 22:12

Used time: 1:04:56 Hour(s)

 

The scan has been done completely.

 

9454 Scanned directories

511065 Files were scanned

2 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

2 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

511062 Files not concerned

2624 Archives were scanned

4 Warnings

3 Notes

 

--------------------------------

Abraço,

 

Waldemar

[Power Max 54]

:thumbsup: Dois problemas foram removidos pelo Avira.

 

:seta: Abra o Bloco de notas e copie (CTRL + C) e cole (CTRL + V) o seguinte texto dentro do Quote (caixa branca abaixo):

 

@echo off

sc stop mDNSResponder

sc delete mDNSResponder

exit

 

No Bloco de notas, clique no menu Arquivo > Salvar Como ... > Em Nome do arquivo digite:

 

fix.bat

 

E na opção Salvar como tipo: escolha a opção Todos os arquivos > escolha a opção de salvá-lo no Desktop (área de trabalho) e clique no botão Salvar, conforme mostra esta imagem:

 

 

# Dê um duplo clique em fix.bat

# Espere o bat terminar de executar.

_____________________________________________________________________________

 

:seta: * Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Folders to delete:

C:\Arquivos de programas\Bonjour

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

_____________________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Avenger que estará em C:\avenger.txt e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir todos estes procedimentos acima.

 

Ficamos no aguardo de sua resposta.

[wluiz 0]

Oi Antônio,

 

Segui todos os passos conforme solicitado.

Aparentemente o computador está normal.

Seguem anexos os logs solicitados:

 

**************************

Avenger

**************************

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows XP (build 2600, Service Pack 2)

Mon Jul 20 21:04:39 2009

 

21:04:39: Error: Could not initiate reboot. (error 1115: o sistema está sendo desligado.)

21:04:39: Error: Could not initiate reboot. (error 1115: o sistema está sendo desligado.)

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

Folder "C:\Arquivos de programas\Bonjour" deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

********************************************

Hijack

*********************************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:40:55, on 20/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\VM305_STI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Aplicativos\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

D:\Aplicativos\BlueSoleil\BtTray.exe

D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE

D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe

D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\Aplicativos\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\aplicativos\adobe\reader\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Aplicativos\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [btTray] "D:\Aplicativos\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [JustVoip] "D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PC Probe II V1.03.05.lnk = D:\Aplicativos\ASUS\PC Probe II\Probe2.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\APLICA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - D:\Aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - D:\Aplicativos\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APLICA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215188654890

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Unknown owner - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: BsHelpCS - Unknown owner - D:\Aplicativos\BlueSoleil\BsHelpCS.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 10866 bytes

 

 

 

***********************************************

Malwarebytes

***********************************************

Malwarebytes' Anti-Malware 1.39

Versão do banco de dados: 2468

Windows 5.1.2600 Service Pack 2

 

20/7/2009 22:01:16

mbam-log-2009-07-20 (22-01-16).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 232999

Tempo decorrido: 31 minute(s), 47 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 3

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

d:\aplicativos\DivX\divx player\pS2Xx.ddc (Backdoor.Bot) -> Quarantined and deleted successfully.

d:\aplicativos\WinRAR\Unipatch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

d:\instaladores\compactadores\Winrar\Crack\Unipatch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

 

*********************************

*********************************

*********************************

 

Me tire uma dúvida: O Malwarebytes é melhor do que o Spybot?

 

Obrigado,

 

Waldemar

[Power Max 54]

Me tire uma dúvida: O Malwarebytes é melhor do que o Spybot?

Os dois programas são muito bons.

____________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Baixe o lspfix (mas não o execute, por enquanto):

http://www.cexx.org/lspfix.zip

 

Baixe também o WinsockFix:

http://computer-comfort.nl/downloads/WinsockXPFix.exe

 

*Após o download das ferramentas, desconecte-se da internet

*Dê um duplo clique em LSP-Fix.exe

*Ao abrir o programa, selecione a dll problemática, no caso, mdnsnsp.dll

*Clique no botão [ >> ] para enviar para o lado direito Remove.

*Selecione a caixa "I know what I'm doing"

*Clique em Finish

 

*Somente no caso da conexão com a internet cair e não for recuperada, execute o WinsockFix.

* Clique em Reg-Backup > OK > OK > YES (espere o término) > OK.

* Clique em Fix > YES > OK > Reinicie o PC

___________________________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Vá no menu: Iniciar > Executar e digite:

 

services.msc

 

Tecle Enter.

 

Ache esse Serviço: Bonjour Service, dê um duplo clique sobre ele com o botão esquerdo do mouse e escolha a opção: Desativado. Clique também em Parar e troque o Tipo de Inicialização para Desativado.

 

Reinicie o PC em entre em Modo Seguro (Fique apertando intermitentemente a tecla F8, ou a tecla F5 em alguns computadores, até que apareça uma tela preta em DOS e escolha a opção: Modo Seguro).

 

Estando no modo seguro, abra o HijackThis e clique no botão Open the Misc Tools section e depois em Delete an NT service.

 

Digite isto:

 

mDNSResponder

 

Clique em Ok.

 

Reinicie o computador em Modo Normal.

___________________________________________________________________________________

 

:seta: Depois disto siga as dicas deste tutorial:

 

Tutorial do Spyware Doctor Starter Edition

 

Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

[wluiz 0]

Oi Antônio,

 

Demorei porque postei a resposta mas não apareceu no site e só vi hoje. Lá vai de novo:

 

O Spyware Doctor não rodou, deu problema de atualização. Então atualizei o Spybot e usei ele.

 

Seguem os logs:

 

************************

Spybot

************************

 

--- Report generated: 2009-08-01 14:44 ---

 

EBlaster: [sBI $3EA258E5] Biblioteca (Arquivo, nothing done)

C:\WINDOWS\system32\_005284_.tmp.dll

Properties.size=249270

Properties.md5=1F3E83A56B5177A22BA9594A37F986BE

Properties.filedate=1090075724

Properties.filedatetext=2004-07-17 11:48:44

 

Right Media: Cookie de rastreamento (Internet Explorer: Administrador) (Cookie, nothing done)

 

 

WebTrends live: Cookie de rastreamento (Internet Explorer: Administrador) (Cookie, nothing done)

 

 

 

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

 

2009-01-26 blindman.exe (1.0.0.8)

2008-01-28 SDDelFile.exe (1.0.2.4)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2008-01-28 SDWinSec.exe (1.0.0.11)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2009-08-01 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-07-28 advcheck.dll (1.6.3.17)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2009-05-19 Includes\Adware.sbi (*)

2009-07-28 Includes\AdwareC.sbi (*)

2009-01-22 Includes\Cookies.sbi (*)

2009-05-19 Includes\Dialer.sbi (*)

2009-07-28 Includes\DialerC.sbi (*)

2009-01-22 Includes\HeavyDuty.sbi (*)

2009-05-26 Includes\Hijackers.sbi (*)

2009-07-28 Includes\HijackersC.sbi (*)

2009-06-23 Includes\Keyloggers.sbi (*)

2009-07-28 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2009-07-14 Includes\Malware.sbi (*)

2009-07-28 Includes\MalwareC.sbi (*)

2009-03-25 Includes\PUPS.sbi (*)

2009-07-28 Includes\PUPSC.sbi (*)

2009-01-22 Includes\Revision.sbi (*)

2009-01-13 Includes\Security.sbi (*)

2009-07-28 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2009-04-07 Includes\Spyware.sbi (*)

2009-07-28 Includes\SpywareC.sbi (*)

2009-06-08 Includes\Tracks.uti

2009-07-22 Includes\Trojans.sbi (*)

2009-07-28 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

 

 

************************

Hijack

************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:13:56, on 1/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\VM305_STI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Aplicativos\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

D:\Aplicativos\BlueSoleil\BtTray.exe

D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE

D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

D:\Aplicativos\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

D:\Aplicativos\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

D:\Aplicativos\Malwarebytes' Anti-Malware\mbam.exe

D:\Aplicativos\BitComet\BitComet.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HiJack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\aplicativos\adobe\reader\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Aplicativos\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [btTray] "D:\Aplicativos\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [JustVoip] "D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Aplicativos\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PC Probe II V1.03.05.lnk = D:\Aplicativos\ASUS\PC Probe II\Probe2.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\APLICA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - D:\Aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - D:\Aplicativos\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APLICA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215188654890

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BsHelpCS - Unknown owner - D:\Aplicativos\BlueSoleil\BsHelpCS.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 11121 bytes

[Power Max 54]

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de NEGAÇÃO DE GARANTIA DO SOFTWARE abrir-se-á. Clique em SIM para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre SIM e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela INSTALANDO O CONSOLE DE RECUPERAÇÃO aparecer clique em OK, depois clique sobre SIM para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO.

 

Clique sobre SIM para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[denisdepadua 0]

Olá pessoal,

 

Verifiquei que o TR/Spy.Banker.265216 está alojado nos arquivos Gbplugin utilizados para acessar sites de bancos.

Gostaria de uma ajuda para retirá-lo de meu sistema.

Segue a seguir o log do HiJack, obrigado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:19:45, on 14/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\VM305_STI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Aplicativos\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

D:\Aplicativos\BlueSoleil\BtTray.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE

D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

D:\Aplicativos\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\HiJack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/'>http://www.uol.com.br/"]http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\aplicativos\adobe\reader\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Aplicativos\avg\avg8\avgssie.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Aplicativos\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [btTray] "D:\Aplicativos\BlueSoleil\BtTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE /FU "C:\WINDOWS\TEMP\E_S9B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [JustVoip] "D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PC Probe II V1.03.05.lnk = D:\Aplicativos\ASUS\PC Probe II\Probe2.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\APLICA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - D:\Aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - D:\Aplicativos\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APLICA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1215188654890'>http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215188654890"]http://update.microsoft.com/windowsupdate/...b?1215188654890

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab'>http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab"]http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - D:\Aplicativos\BlueSoleil\BsHelpCS.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 11195 bytes

 

cara trata-de um erro no avira meu pc tambem estava acusando este virus no mesmo lugar gb plugin mais depois baixei a atualizaçao eo falso positivo desapareceu e olha que na duvida tinha ate baixado avira anti vir premium que nao detectou nada

[wluiz 0]

Oi Denis,

 

Pelo sim, pelo não, é melhor dar uma geral do computador para evitar surpresas desagradáveis.

Realmente, depois da atualização do anti-virus ele não apresentou mais os sintomas.

 

Estou realizando a varredura geral pra garantir.

 

Valeu pela dica.

 

Att,

 

Waldemar

[wluiz 0]

Oi Antonio,

 

Executei o Combo fix e segue a seguir o seu log:

 

ComboFix 09-08-18.04 - Administrador 19/08/2009 21:43.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1022.595 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Fonts\Wphv07nb.ttf

c:\windows\system\oeminfo.ini

c:\windows\system32\_005241_.tmp.dll

c:\windows\system32\_005242_.tmp.dll

c:\windows\system32\_005243_.tmp.dll

c:\windows\system32\_005244_.tmp.dll

c:\windows\system32\_005251_.tmp.dll

c:\windows\system32\_005252_.tmp.dll

c:\windows\system32\_005253_.tmp.dll

c:\windows\system32\_005254_.tmp.dll

c:\windows\system32\_005255_.tmp.dll

c:\windows\system32\_005256_.tmp.dll

c:\windows\system32\_005257_.tmp.dll

c:\windows\system32\_005258_.tmp.dll

c:\windows\system32\_005259_.tmp.dll

c:\windows\system32\_005260_.tmp.dll

c:\windows\system32\_005261_.tmp.dll

c:\windows\system32\_005262_.tmp.dll

c:\windows\system32\_005263_.tmp.dll

c:\windows\system32\_005264_.tmp.dll

c:\windows\system32\_005265_.tmp.dll

c:\windows\system32\_005266_.tmp.dll

c:\windows\system32\_005267_.tmp.dll

c:\windows\system32\_005268_.tmp.dll

c:\windows\system32\_005269_.tmp.dll

c:\windows\system32\_005270_.tmp.dll

c:\windows\system32\_005271_.tmp.dll

c:\windows\system32\_005272_.tmp.dll

c:\windows\system32\_005273_.tmp.dll

c:\windows\system32\_005275_.tmp.dll

c:\windows\system32\_005276_.tmp.dll

c:\windows\system32\_005278_.tmp.dll

c:\windows\system32\_005279_.tmp.dll

c:\windows\system32\_005280_.tmp.dll

c:\windows\system32\_005281_.tmp.dll

c:\windows\system32\_005282_.tmp.dll

c:\windows\system32\_005283_.tmp.dll

c:\windows\system32\_005285_.tmp.dll

c:\windows\system32\_005286_.tmp.dll

c:\windows\system32\_005287_.tmp.dll

c:\windows\system32\_005289_.tmp.dll

c:\windows\system32\_005290_.tmp.dll

c:\windows\system32\_005291_.tmp.dll

c:\windows\system32\_005292_.tmp.dll

c:\windows\system32\_005293_.tmp.dll

c:\windows\system32\_005294_.tmp.dll

c:\windows\system32\_005295_.tmp.dll

c:\windows\system32\_005298_.tmp.dll

c:\windows\system32\_005299_.tmp.dll

c:\windows\system32\_005300_.tmp.dll

c:\windows\system32\_005301_.tmp.dll

c:\windows\system32\_005303_.tmp.dll

c:\windows\system32\_005304_.tmp.dll

c:\windows\system32\_005305_.tmp.dll

c:\windows\system32\_005306_.tmp.dll

c:\windows\system32\_005307_.tmp.dll

c:\windows\system32\_005308_.tmp.dll

c:\windows\system32\_005309_.tmp.dll

c:\windows\system32\_005310_.tmp.dll

c:\windows\system32\_005311_.tmp.dll

c:\windows\system32\_005312_.tmp.dll

c:\windows\system32\_005314_.tmp.dll

c:\windows\system32\_005315_.tmp.dll

c:\windows\system32\_005316_.tmp.dll

c:\windows\system32\_005317_.tmp.dll

c:\windows\system32\_005318_.tmp.dll

c:\windows\system32\_005321_.tmp.dll

c:\windows\system32\_005322_.tmp.dll

c:\windows\system32\_005323_.tmp.dll

c:\windows\system32\_005324_.tmp.dll

c:\windows\system32\_005325_.tmp.dll

c:\windows\system32\_005326_.tmp.dll

c:\windows\system32\_005327_.tmp.dll

c:\windows\system32\_005329_.tmp.dll

c:\windows\system32\_005330_.tmp.dll

c:\windows\system32\_005331_.tmp.dll

c:\windows\system32\_005332_.tmp.dll

c:\windows\system32\_005333_.tmp.dll

c:\windows\system32\_005334_.tmp.dll

c:\windows\system32\_005335_.tmp.dll

c:\windows\system32\_005336_.tmp.dll

c:\windows\system32\_005338_.tmp.dll

c:\windows\system32\_005339_.tmp.dll

c:\windows\system32\_005340_.tmp.dll

c:\windows\system32\_005342_.tmp.dll

c:\windows\system32\_005343_.tmp.dll

c:\windows\system32\_005344_.tmp.dll

c:\windows\system32\_005348_.tmp.dll

c:\windows\system32\_005349_.tmp.dll

c:\windows\system32\_005351_.tmp.dll

c:\windows\system32\_005354_.tmp.dll

c:\windows\system32\_005356_.tmp.dll

c:\windows\system32\_005357_.tmp.dll

c:\windows\system32\_005358_.tmp.dll

c:\windows\system32\_005359_.tmp.dll

c:\windows\system32\_005362_.tmp.dll

c:\windows\system32\_005363_.tmp.dll

c:\windows\system32\_005364_.tmp.dll

c:\windows\system32\_005365_.tmp.dll

c:\windows\system32\_005366_.tmp.dll

c:\windows\system32\_005371_.tmp.dll

c:\windows\system32\_005373_.tmp.dll

c:\windows\system32\msconfig.exe

 

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-20 to 2009-08-20 ))))))))))))))))))))))))))))

.

 

2009-08-16 23:11 . 2009-08-16 23:11 -------- d-----w- c:\windows\LastGood

2009-08-14 21:45 . 2009-08-16 13:22 -------- d-----w- C:\temp

2009-08-14 21:41 . 2009-08-14 21:41 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink

2009-08-01 17:14 . 2009-08-01 17:14 -------- d-----w- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-08-01 17:14 . 2009-08-01 17:14 -------- d-----w- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-08-01 17:14 . 2009-08-01 17:14 -------- d-----w- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-08-01 17:14 . 2009-08-01 17:14 -------- d-----w- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-07-31 17:04 . 2009-07-31 17:04 15240 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

2009-07-29 00:45 . 2009-08-01 17:03 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-20 00:52 . 2008-07-11 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-08-14 21:25 . 2008-07-13 15:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-08-05 21:12 . 2009-07-16 23:22 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-01 17:47 . 2008-07-07 02:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-31 17:01 . 2008-07-11 23:12 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-27 00:29 . 2008-08-17 22:40 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\JustVoip

2009-07-21 00:14 . 2009-07-21 00:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-07-21 00:14 . 2009-07-21 00:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-07-16 23:22 . 2009-07-16 23:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-13 16:36 . 2009-07-21 00:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 16:36 . 2009-07-21 00:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-09 16:54 . 2001-10-28 14:07 61400 ----a-w- c:\windows\system32\perfc016.dat

2009-07-09 16:54 . 2001-10-28 14:07 413126 ----a-w- c:\windows\system32\perfh016.dat

2009-07-05 08:22 . 2009-07-05 08:22 1 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys

2009-07-05 08:21 . 2009-07-05 08:21 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org

2009-07-01 18:23 . 2008-12-11 17:48 26624 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-29 22:05 . 2009-06-29 22:05 -------- d-----w- c:\arquivos de programas\MSECache

2009-06-24 06:39 . 2008-07-07 02:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Skype

2005-05-13 20:12 . 2005-05-13 20:12 217073 --sha-r- c:\windows\meta4.exe

2005-10-24 14:13 . 2005-10-24 14:13 66560 --sha-r- c:\windows\MOTA113.exe

2005-10-14 00:27 . 2005-10-14 00:27 422400 --sha-r- c:\windows\x2.64.exe

2005-10-07 22:14 . 2005-10-07 22:14 308224 --sha-r- c:\windows\system32\avisynth.dll

2005-07-14 15:31 . 2005-07-14 15:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll

2005-06-26 18:32 . 2005-06-26 18:32 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 01:37 . 2005-06-22 01:37 45568 --sha-r- c:\windows\system32\cygz.dll

2004-01-25 03:00 . 2004-01-25 03:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2006-04-27 13:24 . 2006-04-27 13:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 16:16 . 2005-02-28 16:16 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-25 03:00 . 2004-01-25 03:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"JustVoip"="d:\aplicativos\JustVoip.com\JustVoip\JustVoip.exe" [2009-07-17 9028608]

"SpybotSD TeaTimer"="d:\aplicativos\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]

"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="d:\aplicativos\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"BtTray"="d:\aplicativos\BlueSoleil\BtTray.exe" [2009-02-27 315478]

"avgnt"="d:\aplicativos\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

PC Probe II V1.03.05.lnk - d:\aplicativos\ASUS\PC Probe II\Probe2.exe [2007-3-21 2129408]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-07-01 293928]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehuni.dll" [2009-07-02 297376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-25 14:32 271152 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-07-01 18:08 293928 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2009-07-02 18:37 297376 ----a-w- c:\arquiv~1\GbPlugin\gbiehuni.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"GbpSv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Aplicativos\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Jogos\\EA GAMES\\Crysis\\Bin32\\Crysis.exe"=

"d:\\Jogos\\EA GAMES\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"d:\\Aplicativos\\JustVoip.com\\JustVoip\\JustVoip.exe"=

"d:\\Aplicativos\\BitComet\\BitComet.exe"=

"d:\\Aplicativos\\eMule\\eMule.exe"=

"d:\\Aplicativos\\iTunes\\iTunes.exe"=

"d:\\Aplicativos\\BlueSoleil\\BlueSoleilCS.exe"=

"d:\\Aplicativos\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6881:TCP"= 6881:TCP:BitComet 6881 TCP

"6881:UDP"= 6881:UDP:BitComet 6881 UDP

 

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7/1/2009 23:39 20744]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [11/12/2008 14:48 26624]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\aplicativos\Avira\AntiVir Desktop\sched.exe [16/7/2009 20:22 108289]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [11/7/2008 20:12 53120]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7/12/2008 12:44 30088]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2/7/2008 14:58 26248]

R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [4/7/2008 21:05 392316]

S3 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [13/7/2008 19:25 31592]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-dimsntfy - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - d:\aplicativos\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - d:\aplicativos\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - d:\aplicativos\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - d:\aplica~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Enviar por Bluetooth - d:\aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

IE: Enviar por mensagem(&M)... - d:\aplicativos\BlueSoleil\TransSend\IE\tssms.htm

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: caixa.gov.br\www

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-19 21:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?Y????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:9a,55,82,a3,2c,ec,89,07,fa,1b,9c,9a,1f,ef,f5,a1,ce,3b,7c,cd,05,

a0,6c,92,43,bb,fd,a1,52,bd,44,ff,7c,33,59,fd,f3,ac,54,ae,3a,a2,c2,90,20,ad,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:9a,55,82,a3,2c,ec,89,07,fa,1b,9c,9a,1f,ef,f5,a1,ce,3b,7c,cd,05,

a0,6c,92,43,bb,fd,a1,52,bd,44,ff,7c,33,59,fd,f3,ac,54,ae,3a,a2,c2,90,20,ad,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(692)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\arquiv~1\GbPlugin\gbiehuni.dll

 

- - - - - - - > 'lsass.exe'(748)

c:\windows\system32\nvappfilter.dll

 

- - - - - - - > 'explorer.exe'(1308)

c:\arquiv~1\GbPlugin\gbiehuni.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\rundll32.exe

d:\aplicativos\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\aplica~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\Apache.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

d:\aplica~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\aplica~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

d:\aplica~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

c:\arquivos de programas\Canon\CAL\CALMAIN.exe

d:\aplica~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\Apache.exe

d:\aplicativos\BlueSoleil\BsHelpCS.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\arquivos de programas\Windows Live\Messenger\usnsvc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-20 21:59 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-20 00:59

 

Pré-execução: 1.003.257.856 bytes disponíveis

Pós execução: 1.317.748.736 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot Loader]

Timeout=2

Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

313 --- E O F --- 2009-05-18 02:20

 

 

 

*********************************

Log do Hijack

*********************************

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:18:36, on 19/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\VM305_STI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

D:\Aplicativos\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Aplicativos\BlueSoleil\BtTray.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

D:\Aplicativos\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HiJack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\aplicativos\adobe\reader\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Aplicativos\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [btTray] "D:\Aplicativos\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [JustVoip] "D:\Aplicativos\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Aplicativos\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: PC Probe II V1.03.05.lnk = D:\Aplicativos\ASUS\PC Probe II\Probe2.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\APLICA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - D:\Aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - D:\Aplicativos\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APLICA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215188654890

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BsHelpCS - Unknown owner - D:\Aplicativos\BlueSoleil\BsHelpCS.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 10234 bytes

 

 

O computador aparentemente está funcionando normalmente.

 

Att,

 

Waldemar

[Power Max 54]

:thumbsup: Vários problemas foram removidos pelo Combofix.

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

__________________________________________

 

:seta: • Faça o download do Superantispyware;

• Dê um duplo clique no ícone do programa e instale-o clicando em (Next > Aceite o contrato > Next > Next > escolha a opção de salvá-lo na pasta de Arquivos de Programas > Next > Next > aguarde a instalação > clique no botão Finish.

• Aparecerá uma caixa pedindo para que seja escolhida o seu idioma, escolha a opção de Portuguese (BR) e clique no botão Ok.

• Aparecerá uma mensagem perguntando: “Você quer que o SUPERAntiSpyware procure as regras e definições atuais agora (Recomendado)? Conecte o computador à Internet e clique no botão Sim. Aguarde a sua atualização

• Surgirá mais uma tela, clique no botão Avançar > – Avançar > – Avançar > - Avançar > – Concluir.

• Aparecerá uma janela perguntando se você deseja proteger a sua página inicial do Internet Explorer contra mudanças. Escolha a opção desejada.

• Reinicie o computador,em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);

• Caso não seja possível reiniciar o computador em Modo de segurança, faça o escaneamento no modo normal.

• Execute o SuperAntispyware e clique em: Escaneia seu PC...

• Em Local de escaneamento escolha: C:\ Fixed Drive ( NTFS ) e se você tiver outros discos a serem escaneados marque-os também;

• Marque a opção Faz Escaneamento Completo;

• Clique em Avançar. Aguarde!

• Terminando,abrir-se-à a janela: Resumo de Escaneamento SUPERAntiSpyware. Clique no botão Ok. Clique no botão Avançar > para que as ameaças sejam excluídas.

• Poderá aparecer uma mensagem perguntando se você deseja que o computador seja reiniciado para que os itens sejam excluídos. Clique em Sim.

• Após o reinício do PC, clique com o botão direito do mouse sobre o ícone do SUPERAntiSpyware ao lado do relógio do Windows e escolha a opção – Ver Centro de Controle (Preferências/Opções)... – clique na aba: Estatísticas/Arquivos de Log - Dê um duplo clique com o botão esquerdo do mouse sobre o log e será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

• Depois disso é só voltar aqui no fórum e postar este log do SUPERAntiSpyware juntamente com um novo log do Hijackthis para que eles possam ser analizados.

• Ficamos no aguardo.

[wluiz 0]

Estava viajando! Demorei mas voltei!

 

O Log do SuperAntiSpyware foi o seguinte:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 09/06/2009 at 04:42 PM

 

Application Version : 4.28.1010

 

Core Rules Database Version : 4086

Trace Rules Database Version: 2026

 

Scan type : Complete Scan

Total Scan Time : 00:30:14

 

Memory items scanned : 572

Memory threats detected : 0

Registry items scanned : 5776

Registry threats detected : 0

File items scanned : 23260

File threats detected : 25

 

Adware.Tracking Cookie

C:\Documents and Settings\Administrador\Cookies\administrador@abril.112.2o7[2].txt

C:\Documents and Settings\Administrador\Cookies\administrador@ads.abril.com[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@hotbar[2].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@ads.adbrite[2].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@server.cpmstar[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@specificclick[2].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@abril.112.2o7[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@overture[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@ad.yieldmanager[2].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@adbrite[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@serving-sys[2].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@msnportal.112.2o7[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@ads.abril.com[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@doubleclick[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@banners.dragonfable[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@clickaider[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@www.googleadservices[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@ad.adnetwork.com[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@www.googleadservices[2].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@www.googleadservices[3].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@richmedia.yahoo[2].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@statcounter[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@bs.serving-sys[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@ads.buscape.com[1].txt

C:\Documents and Settings\Waldemar.WALDEMAR-69D8A2\Cookies\waldemar@atdmt[2].txt

 

 

=====================

O do HijackThis:

=====================

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:14:15, on 7/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\rundll32.exe

D:\Aplicativos\BlueSoleil\BtTray.exe

D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\VM305_STI.EXE

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

D:\Aplicativos\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

D:\aplicativos\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

D:\Aplicativos\BlueSoleil\BsHelpCS.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HiJack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\aplicativos\adobe\reader\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [btTray] "D:\Aplicativos\BlueSoleil\BtTray.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Aplicativos\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Aplicativos\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\aplicativos\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Aplicativos\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\APLICA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar por Bluetooth - D:\Aplicativos\BlueSoleil\TransSend\IE\tsinfo.htm

O8 - Extra context menu item: Enviar por mensagem(&M)... - D:\Aplicativos\BlueSoleil\TransSend\IE\tssms.htm

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Aplicativos\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APLICA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215188654890

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - D:\aplicativos\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Aplicativos\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BsHelpCS - Unknown owner - D:\Aplicativos\BlueSoleil\BsHelpCS.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - d:\APLICA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - d:\APLICA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 9598 bytes

 

======================================

 

O computador aparentemente está funcionando normalmente.

Aguardo o resultado.

[Power Max 54]

:thumbsup: Muito bem, os seus logs estão limpos.

 

:seta: Baixe o programa ToolsCleaner:

http://pc-system.fr/TC/ToolsCleaner2.exe

Salve-o no Desktop (área de trabalho);

Feche programas que estejam abertos e execute a ferramenta.

Clique no botão Recherche para iniciar o scan. <-- Aguarde!

Terminando, teremos relacionados os itens que serão removidos.

Clique no botão Supression para remover os itens encontrados.

Clique, à seguir, em Quitter.

O relatório estará neste local: ( C:\TCleaner.txt ) <--

_________________________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

MV RegClean

 

MV AntiSpy

 

Auslogics Disk Defrag

 

SpywareBlaster

_________________________________________

 

:seta: Para evitar que os virus voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

 

Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

_________________________________________

 

:seta: O seu Internet Explorer está desatualizado. Baixe e instale o Internet Explorer 8.

_________________________________________

 

:seta: Se o seu Windows for original, baixe e instale o Service Pack 3:

http://superdownloads.uol.com.br/download/61/windows-service-pack/

_________________________________________

 

:thumbsup: Foi um prazer ajudar, conte sempre conosco!

[wluiz 0]

Obrigado pela ajuda! Valeu!

 

Abraço,

 

Waldemar

[Power Max 54]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.