[Resolvido!] Analisem meu Log

Não consigo abrir as seguintes coisas: user acconts, serch,system restore, defragmenter entre outros.

Estou tendo uma série de problemas c/ o pc e quando resolvi tentar restaurar descobri que quase nada está funcionando. Segue abaixo o Log do Hijackthis... Desde de já muitissimo obrigada!


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:14:59, on 6/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:











C:\Program Files\Google\Update\\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe


C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe


C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


C:\Program Files\iTunes\iTunesHelper.exe



C:\Program Files\Windows Live\Messenger\msnmsgr.exe



C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe



C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe


C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iconcache] c:\windows\vcp_temp\iconcache\icon.bat

O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer =,

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)



End of file - 9683 bytes

:thumbsup: Olá LityAlves! Seja bem-vinda ao Fórum Imasters.


:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


O4 - HKLM\..\Policies\Explorer\Run: []


O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')


O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')



:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:


Faça o download do ComboFix


1) Desabilite o seu anti-vírus temporariamente;


2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);


3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.


4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.


Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.


Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.


Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.


Clique sobre “SIM” para continuar a varredura.


5) O ComboFix iniciará o AUTOSCAN (aguarde).


ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).


Ao término do processo a máquina será reiniciada para a emissão do relatório.


6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.


7) Reabilite o seu anti-vírus;


OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!


Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;


OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";


Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.


Ficamos no aguardo.

O relatório do Notepad do Combofix é gigantesco, eu posto ele todo ou só a parte de Relatório Find3M ?


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:42:21, on 6/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:






C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe





C:\Program Files\Google\Update\\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe



C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe




C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe




C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe



C:\Program Files\iPod\bin\iPodService.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s

O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"

O4 - HKLM\..\Run: [CARPService] "carpserv.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"

O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer =,

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: __GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ( - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe



End of file - 9176 bytes

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))


2009-08-06 19:21 . 2007-04-19 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GbPlugin

2009-08-06 06:29 . 2006-08-16 06:51 48352 -c--a-w- c:\documents and settings\Marcelo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-06 06:24 . 2006-08-18 04:09 12 -c--a-w- c:\windows\bthservsdp.dat

2009-08-04 04:12 . 2007-10-03 02:18 -------- d-----w- c:\program files\iTunes

2009-08-04 03:21 . 2008-03-21 01:30 -------- d-----w- c:\program files\Common Files\Apple

2009-08-03 23:33 . 2008-03-04 06:35 -------- d-----w- c:\program files\Windows Live

2009-08-03 23:32 . 2008-03-04 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller

2009-07-31 20:00 . 2009-06-26 06:36 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-29 19:29 . 2009-06-03 22:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-22 20:17 . 2006-11-13 12:13 -------- d-----w- c:\program files\Google

2009-07-21 06:31 . 2009-06-17 01:33 -------- d-----w- c:\documents and settings\Marcelo\Application Data\U3

2009-07-19 05:19 . 2008-04-13 03:55 -------- d-----w- c:\program files\Messenger Plus! Live

2009-07-03 17:09 . 2006-06-23 14:33 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 06:35 . 2009-03-11 21:14 -------- d-----w- c:\program files\Microsoft

2009-06-24 21:21 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-06-23 02:17 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

2009-06-23 02:16 . 2009-06-03 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-23 02:16 . 2009-06-03 22:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-21 05:02 . 2007-11-11 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-06-21 04:39 . 2009-06-21 04:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\Auslogics

2009-06-21 04:11 . 2003-03-24 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-20 03:02 . 2009-06-03 22:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\AVGTOOLBAR

2009-06-19 04:13 . 2009-06-19 04:13 1024 ----a-w- c:\documents and settings\All Users\Application Data\BVRP Software\Motorola Phone Tools\faxres.cmd

2009-06-17 05:30 . 2009-06-17 05:21 -------- d-----w- c:\program files\Motorola Phone Tools

2009-06-17 05:26 . 2009-06-17 05:24 -------- d-----w- c:\program files\Avanquest update

2009-06-17 05:24 . 2007-08-12 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2009-06-17 05:20 . 2009-06-17 05:20 -------- d-----w- c:\documents and settings\Marcelo\Application Data\InstallShield

2009-06-16 18:56 . 2009-05-01 03:38 -------- d-----w- c:\program files\Auslogics

2009-06-16 14:36 . 2002-08-29 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2002-08-29 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-14 19:07 . 2009-06-24 21:21 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2009-06-03 22:40 . 2009-06-03 22:40 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-03 19:09 . 2002-08-29 02:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-10-19 09:58 . 2008-10-19 09:58 49152 -c--a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll

2008-04-14 00:12 . 2006-08-16 05:33 60416 -csha-w- c:\windows\ServicePackFiles\i386\msimn.exe

2008-10-25 06:37 . 2008-10-22 23:13 428064 -csha-w- c:\windows\system32\drivers\fidbox.dat

2008-10-25 06:37 . 2008-10-22 23:13 12832 -csha-w- c:\windows\system32\drivers\fidbox2.dat


Se precisar eu envio o relatório completo...

Muito obrigada por ter respondido tão rápido o SEarch, restore system e users accouts voltou a funcionar.

Mas antes de rodar o combofix, o sweeper tinha encontrado 8 spycookies e 2 vírus, as eu não conseguia terminar de rodar o programa pois o pc desligava sozinho. Agora estou rodando o AVG, qual anti vírus gratuíto você me indica?

Mais uma vez obrigada e desculpe por abusar da sua ajuda!

O relatório do Notepad do Combofix é gigantesco, eu posto ele todo ou só a parte de Relatório Find3M ?

:seta: É preciso que você poste ele todo, se não couber em uma só resposta, divida ele em partes e poste em mais de uma resposta.


Agora estou rodando o AVG, qual anti vírus gratuíto você me indica?

Depois que terminarmos a limpeza do seu PC sugiro que você desinstale o Avg e baixe o Avira Antivir Personal 9 Free.


Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:


Tutorial do Avira Antivir 9 free (instalação e configuração)


Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

ComboFix 09-08-06.01 - Lity Freitas 06/08/2009 17:06.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1033.18.447.216 [GMT -3:00]

Executando de: c:\documents and settings\Marcelo\Desktop\ComboFix.exe



((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))




c:\documents and settings\Marcelo\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\Marcelo\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini





































































































































(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-06 to 2009-08-06 ))))))))))))))))))))))))))))



2009-08-06 06:20 . 2009-08-06 06:20 -------- d-----w- c:\program files\MSSOAP

2009-08-06 06:18 . 2009-05-13 18:39 1563008 ----a-w- c:\windows\WRSetup.dll

2009-08-06 06:18 . 2009-08-06 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot

2009-08-06 06:18 . 2009-08-06 06:18 -------- d-----w- c:\program files\Webroot

2009-08-06 06:18 . 2009-08-06 06:18 -------- d-----w- c:\documents and settings\Marcelo\Application Data\Webroot

2009-08-06 06:12 . 2009-08-06 06:12 164 ----a-w- c:\windows\install.dat

2009-08-04 17:13 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

2009-08-04 16:38 . 2008-09-10 01:14 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll

2009-08-04 16:38 . 2008-04-14 01:57 79872 ------w- c:\windows\system32\dllcache\msxml6r.dll

2009-08-04 16:38 . 2008-04-14 08:42 10752 ------w- c:\windows\system32\smtpapi.dll

2009-08-04 16:38 . 2008-04-14 08:42 9728 ------w- c:\windows\system32\rwnh.dll

2009-08-04 16:38 . 2008-04-14 08:41 81920 ------w- c:\windows\system32\ieencode.dll

2009-08-04 05:08 . 2008-06-17 19:02 8461312 ----a-w- c:\windows\system32\dllcache\shell32.dll

2009-08-04 05:02 . 2009-08-04 05:02 -------- d-----w- c:\program files\Wallpapers

2009-08-04 05:01 . 2009-08-04 05:01 -------- d-----w- c:\program files\Fonts

2009-08-04 05:01 . 2009-08-04 05:28 -------- d-----w- c:\windows\VCP_TEMP

2009-08-04 04:55 . 2008-11-12 02:22 20480 ----a-w- c:\windows\system32\scrnrdr.exe

2009-08-04 03:21 . 2009-08-04 03:21 -------- d-----w- c:\program files\iPod

2009-08-04 03:20 . 2009-08-04 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-08-04 03:15 . 2009-08-04 03:16 -------- d-----w- c:\program files\QuickTime

2009-08-03 06:29 . 2009-03-11 05:52 38208 ----a-w- c:\documents and settings\Marcelo\Application Data\Macromedia\Flash Player\\bin\airappinstaller\airappinstaller.exe

2009-07-25 06:17 . 2009-08-06 03:00 -------- d-----w- c:\program files\PokerStars

2009-07-25 06:00 . 2009-03-24 17:43 43008 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll

2009-07-25 06:00 . 2009-03-24 17:43 43008 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-07-25 06:00 . 2009-03-24 17:43 338432 -c--a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-07-25 06:00 . 2009-03-24 17:43 235520 -c--a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll

2009-07-25 06:00 . 2009-03-24 17:42 345088 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-07-25 06:00 . 2009-03-24 17:42 235008 ----a-w- c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll

2009-07-22 20:22 . 2009-07-22 20:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-07-22 20:17 . 2009-07-22 20:17 -------- d-----w- c:\documents and settings\Marcelo\Local Settings\Application Data\Temp

2009-07-22 20:17 . 2009-07-22 20:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2009-07-13 17:22 . 2009-07-13 17:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes\SetupAdmin.exe



((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))


2009-08-06 19:21 . 2007-04-19 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\GbPlugin

2009-08-06 06:29 . 2006-08-16 06:51 48352 -c--a-w- c:\documents and settings\Marcelo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-06 06:24 . 2006-08-18 04:09 12 -c--a-w- c:\windows\bthservsdp.dat

2009-08-04 04:12 . 2007-10-03 02:18 -------- d-----w- c:\program files\iTunes

2009-08-04 03:21 . 2008-03-21 01:30 -------- d-----w- c:\program files\Common Files\Apple

2009-08-03 23:33 . 2008-03-04 06:35 -------- d-----w- c:\program files\Windows Live

2009-08-03 23:32 . 2008-03-04 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller

2009-07-31 20:00 . 2009-06-26 06:36 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-29 19:29 . 2009-06-03 22:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-22 20:17 . 2006-11-13 12:13 -------- d-----w- c:\program files\Google

2009-07-21 06:31 . 2009-06-17 01:33 -------- d-----w- c:\documents and settings\Marcelo\Application Data\U3

2009-07-19 05:19 . 2008-04-13 03:55 -------- d-----w- c:\program files\Messenger Plus! Live

2009-07-03 17:09 . 2006-06-23 14:33 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 06:35 . 2009-03-11 21:14 -------- d-----w- c:\program files\Microsoft

2009-06-24 21:21 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-06-23 02:17 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

2009-06-23 02:16 . 2009-06-03 22:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-23 02:16 . 2009-06-03 22:40 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-21 05:02 . 2007-11-11 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-06-21 04:39 . 2009-06-21 04:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\Auslogics

2009-06-21 04:11 . 2003-03-24 20:57 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-20 03:02 . 2009-06-03 22:39 -------- d-----w- c:\documents and settings\Marcelo\Application Data\AVGTOOLBAR

2009-06-19 04:13 . 2009-06-19 04:13 1024 ----a-w- c:\documents and settings\All Users\Application Data\BVRP Software\Motorola Phone Tools\faxres.cmd

2009-06-17 05:30 . 2009-06-17 05:21 -------- d-----w- c:\program files\Motorola Phone Tools

2009-06-17 05:26 . 2009-06-17 05:24 -------- d-----w- c:\program files\Avanquest update

2009-06-17 05:24 . 2007-08-12 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

2009-06-17 05:20 . 2009-06-17 05:20 -------- d-----w- c:\documents and settings\Marcelo\Application Data\InstallShield

2009-06-16 18:56 . 2009-05-01 03:38 -------- d-----w- c:\program files\Auslogics

2009-06-16 14:36 . 2002-08-29 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2002-08-29 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-14 19:07 . 2009-06-24 21:21 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2009-06-03 22:40 . 2009-06-03 22:40 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys

2009-06-03 19:09 . 2002-08-29 02:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-10-19 09:58 . 2008-10-19 09:58 49152 -c--a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll

2008-04-14 00:12 . 2006-08-16 05:33 60416 -csha-w- c:\windows\ServicePackFiles\i386\msimn.exe

2008-10-25 06:37 . 2008-10-22 23:13 428064 -csha-w- c:\windows\system32\drivers\fidbox.dat

2008-10-25 06:37 . 2008-10-22 23:13 12832 -csha-w- c:\windows\system32\drivers\fidbox2.dat



(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))



*Nota* entradas vazias e legítimas por defeito não são mostradas.



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]




[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-14 19:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]




[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]







2009-05-13 18:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll



"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]



"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-02-27 180316]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]

"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-05-21 4608]

"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]


c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-03-10 20:03 421168 ----a-w- c:\progra~1\GbPlugin\gbieh.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

2009-03-10 20:03 421168 ----a-w- c:\program files\GbPlugin\gbieh.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-23 02:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll








[HKLM\~\startupfolder\C:^Documents and Settings^Marcelo^Start Menu^Programs^Startup^Light Mule.lnk]

path=c:\documents and settings\Marcelo\Start Menu\Programs\Startup\Light Mule.lnk

backup=c:\windows\pss\Light Mule.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]





"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=



"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus\\Brazilian\\setup.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Secured eMule\\light_mule.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires\\age3y.exe"=


"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=



"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [21/3/2009 00:18 26320]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [21/4/2009 18:27 29808]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/6/2009 19:40 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/6/2009 19:40 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/6/2009 19:39 298776]

R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [18/4/2007 22:35 52560]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [6/8/2009 03:23 1205760]

R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [24/3/2003 17:42 26112]

R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [24/3/2003 17:45 292352]

R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [24/3/2003 17:45 273536]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [24/3/2003 17:42 16512]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/7/2009 17:17 133104]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 12:28 24592]

S3 ZSMC302;LG webpro2 Camera;c:\windows\system32\drivers\usbvm302.sys [28/9/2006 19:02 91271]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP


Conteúdo da pasta 'Tarefas Agendadas'


2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:34]


2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:16]


2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:16]


2009-08-06 c:\windows\Tasks\User_Feed_Synchronization-{D3A41332-C717-4D5B-BC4F-12F89911049E}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]


2009-08-06 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-02 01:18]


2009-08-06 c:\windows\Tasks\wrSpySweeper_LCE6D72E7D0F7416799491E87B2826FC0.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-08-06 18:39]


2009-08-06 c:\windows\Tasks\wrSpySweeper_LCE6D72E7D0F7416799491E87B2826FC0.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-08-06 18:39]


- - - - ORFÃOS REMOVIDOS - - - -


HKLM-Run-cleanup - (no file)




------- Scan Suplementar -------


uSearchMigratedDefaultURL = hxxp://{searchTerms}&sourceid=ie7&

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

TCP: {6FF0B388-BFB8-4970-AB94-FDE8B194488F} =,

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\

FF - ProfilePath - c:\documents and settings\Marcelo\Application Data\Mozilla\Firefox\Profiles\1bjtxlq2.default\

FF - prefs.js: - hxxp://

FF - prefs.js: - Google

FF - prefs.js: browser.startup.homepage - hxxp://

FF - prefs.js: keyword.URL - hxxp://

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll

FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll

FF - plugin: c:\program files\Google\Update\\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll



c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", "");



------- Associação de arquivos/ficheiros -------


inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"





catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Rootkit scan 2009-08-06 17:23

Windows 5.1.2600 Service Pack 3 NTFS


Procurando processos ocultos ...


Procurando entradas auto inicializáveis ocultas ...


Procurando ficheiros/arquivos ocultos ...


Varredura completada com sucesso

arquivos/ficheiros ocultos: 0




--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------





--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------


- - - - - - - > 'winlogon.exe'(1972)




Tempo para conclusão: 2009-08-06 17:32

ComboFix-quarantined-files.txt 2009-08-06 20:32


Pré-execução: 27.389.456.384 bytes free

Pós execução: 27.564.408.832 bytes free



[boot loader]



[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /bootlogo /NoExecute=OptOut


385 --- E O F --- 2009-08-06 02:07

:thumbsup: Vários problemas foram removidos pelo Combofix.


:seta: Faça o download do Bankerfix.


Dê um duplo clique no instalador dele > clique em Sim > clique em Ok > clique em Ok novamente > pressione a tecla Enter > os navegadores (Internet Explorer, Firefox, etc.) serão fechados temporariamente > aguarde a conclusão do escaneamento.



Faça também o seguinte:


:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:


- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: Iniciar verificação

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba Logs, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.


Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o Relatorio.txt que se encontrará em C:\LinhaDefensiva e um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima.


Ficamos no aguardo de sua resposta.

Vou fazer estes procedimentos e depois posto os logs, mas tbm queria aproveitar para dizer que o pc ficou muuuuuito lento, hj levei quase meia hora pra entrar aqui no fórum (entre inicializar e abrir o navegador)...

Vou fazer estes procedimentos e depois posto os logs

:) Ok, ficamos na espera.


mas tbm queria aproveitar para dizer que o pc ficou muuuuuito lento, hj levei quase meia hora pra entrar aqui no fórum (entre inicializar e abrir o navegador)...

Esta lentidão pode ser causada pelos malwares que estão em seu PC. Veja que o Combofix já removeu uma porção deles e certamente ainda há outros em seu computador.

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva |


Data: 2009-08-07 - 17:15


Lista de Definição: 2009-07-24-2 | CORE: 2009-07-24-1



Arquivo infectado detectado: C:\WINDOWS\plugin.fax

Arquivo infectado removido com sucesso!




----- Fim -------------------------




Malwarebytes' Anti-Malware 1.40

Versão do banco de dados: 2575

Windows 5.1.2600 Service Pack 3 (Safe Mode)


7/8/2009 18:53:03

mbam-log-2009-08-07 (18-53-03).txt


Tipo de Verificação: Completa (A:\|C:\|D:\|)

Objetos verificados: 176611

Tempo decorrido: 1 hour(s), 19 minute(s), 57 second(s)


Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 3


Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)


Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)


Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully.


Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)


Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)


Pastas infectadas:

(Nenhum ítem malicioso foi detectado)


Arquivos infectados:

C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP859\A0258899.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\rar.exe (Malware.NSPack) -> Quarantined and deleted successfully.

C:\PROGRAM FILES\GbPlugin\gbieh.dll (Trojan.Vundo) -> Delete on reboot.



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:19:17, on 7/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:









C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe



C:\Program Files\Google\Update\\GoogleCrashHandler.exe


C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe




C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iTunes\iTunesHelper.exe



C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE



C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe


C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe




C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] "carpserv.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"

O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer =,

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)



End of file - 9379 bytes


E agora qual o próximo passo ?

Trocar o antivirus?



:thumbsup: Vários outros problemas foram removidos de seu Pc.


:seta: * Baixe o VundoFix:


* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;


* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;


* Terminado o scan clique em Remove Vundo;


* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);


* Para completar o scan será necessário reinicializar a máquina. Clique em OK.



:seta: Siga também, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:


Tutorial do antivirus Nod32 Online


Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt


Na sua próxima resposta poste este log do Nod32 Online juntamente com o log do VundoFix (C:\vundofix.txt) e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.


Ficamos no aguardo de sua resposta.

meu pc ta cheio de viirus :s

Win32;Sality / rootkit / Win32 conf [Wrm]

nao sei como tira-los preciso de ajuda profissional

tenhu avast home / spybot search and destroy / hijackthis

ta brabo aqui do nada aparece issu:

"O Generic Host Process for Win32 Services encontrou um problema e precisa ser fechado"

daew eu aperto fechar o pc trava aew tem q reinicia :s

sem falar q tem mais problema alem do pc ficar mais lento =/

espero q tenha solução.


analisem meu log do hijackthis:


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:54:04, on 9/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:







C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe


C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe



C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe


C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe


C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\\GoogleCrashHandler.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe


C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe



C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

O2 - BHO: - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\Administrador\Bluebirds\BlueBirds.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll



O17 - HKLM\System\CCS\Services\Tcpip\..\{AA5809A3-A12E-42DA-82F4-8B801021B459}: NameServer =

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



End of file - 7202 bytes

:thumbsup: Olá w.storm! Seja bem-vindo ao Fórum Imasters.


Podemos te ajudar na solução do seu problema, mas só que você postou o seu log em um tópico de uma outra pessoa e é preciso criar um novo tópico com o seu log para que possamos analizá-lo.


Clique no link abaixo:


Clique no botão Novo tópico > escreva um título com informações resumidas sobre o problema do seu PC > na parte maior do tópico poste o log do Hijackthis e descreva detalhadamente os problemas que estão acontecendo no seu PC > aí é só aguardar que um analista irá lhe passar os procedimentos para a solução deste problema.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:30:01, on 11/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:









C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe



C:\Program Files\Google\Update\\GoogleCrashHandler.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE




C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe




C:\Program Files\HP\hpcoretech\hpcmpmgr.exe





C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe


C:\Documents and Settings\Marcelo\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] "carpserv.exe"

O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer =,

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Marcelo\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)



End of file - 9283 bytes




O nod32 eu fiz o scan online e no fim apareceu NO TREATHS FOUND, mas não consegui achar o log no meu pc.

E o Anti virus eu troco agora? Todos esses problemas eram os virus e malwares? como eu peguei tantos no pc, eu nunca abro anexos de emails nem páginas suspeitas. Há, vou ver se a lentidão do pc melhorou e aí te aviso, ele só fica lento quando eu ligo...






Compartilhar este post

Link para o post
Compartilhar em outros sites
O nod32 eu fiz o scan online e no fim apareceu NO TREATHS FOUND, mas não consegui achar o log no meu pc.

Tudo bem, o importante é que ele não achou mais nada de errado em seu PC.



:seta: Mas você se esqueceu de executar o Vundofix. Execute ele seguindo aquelas dicas que te passei na resposta anterior:


* Baixe o VundoFix:


* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;


* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;


* Terminado o scan clique em Remove Vundo;


* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);


* Para completar o scan será necessário reinicializar a máquina. Clique em OK.



Todos esses problemas eram os virus e malwares?

Sim, foram removidos bankers (malwares que roubam senhas de banco e outras informações pessoais da vítima), trojans (cavalos de tróia) e outros tipos de malware que estavam em seu PC.



:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:


Escolhendo Programas que Iniciam com o PC


De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.



E o Anti virus eu troco agora?

Sim, desinstale o Avg e o Avast que estão no seu PC atualmente e instale e configure o Avira Antivir seguindo aqueles tutoriais dele que te passei anteriormente.


Depois de instalar e configurar o Avira Antivir seguindo as dicas daqueles tutoriais, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.



:seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com o log do Vundofix que estará em C:\vundofix.txt e um novo log do Hijackthis para que eles possam ser analizados.


Ficamos no aguardo de sua resposta.

Quando você falou pra passar o Vundo eu scaneei e não havia encontrado nada, dessa vez eu escaneei e no meio do processo meu pc travou, vou tentar de novo...


Report file date: Friday, August 21, 2009 17:46


Scanning for 1650870 virus strains and unwanted programs.


Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : LITIERI-ALVES


Version information:

BUILD.DAT : 17961 Bytes 29/7/2009 10:34:00

AVSCAN.EXE : 466689 Bytes 21/7/2009 17:36:14

AVSCAN.DLL : 40705 Bytes 27/2/2009 14:58:24

LUKE.DLL : 209665 Bytes 20/2/2009 15:35:49

LUKERES.DLL : 12033 Bytes 27/2/2009 14:58:52

ANTIVIR0.VDF : 15603712 Bytes 27/10/2008 16:30:36

ANTIVIR1.VDF : 5707264 Bytes 24/6/2009 13:21:42

ANTIVIR2.VDF : 2668032 Bytes 10/8/2009 04:28:21

ANTIVIR3.VDF : 448000 Bytes 20/8/2009 04:28:24

Engineversion :

AEVDF.DLL : 106868 Bytes 28/7/2009 17:31:50

AESCRIPT.DLL : 459130 Bytes 21/8/2009 04:28:34

AESCN.DLL : 127348 Bytes 23/7/2009 13:59:39

AERDL.DLL : 430452 Bytes 23/7/2009 13:59:39

AEPACK.DLL : 401783 Bytes 28/7/2009 17:31:50

AEOFFICE.DLL : 196987 Bytes 23/7/2009 13:59:39

AEHEUR.DLL : 1921400 Bytes 21/8/2009 04:28:33

AEHELP.DLL : 233846 Bytes 21/8/2009 04:28:28

AEGEN.DLL : 356725 Bytes 21/8/2009 04:28:25

AEEMU.DLL : 393588 Bytes 9/10/2008 18:32:40

AECORE.DLL : 184694 Bytes 23/7/2009 13:59:39

AEBB.DLL : 53618 Bytes 9/10/2008 18:32:40

AVWINLL.DLL : 18177 Bytes 12/12/2008 12:47:59

AVPREF.DLL : 43777 Bytes 5/12/2008 14:32:15

AVREP.DLL : 155905 Bytes 20/1/2009 18:34:28

AVREG.DLL : 36609 Bytes 5/12/2008 14:32:09

AVARKT.DLL : 292609 Bytes 24/3/2009 19:05:41

AVEVTLOG.DLL : 167169 Bytes 30/1/2009 14:37:08

SQLITE3.DLL : 326401 Bytes 28/1/2009 19:03:49

SMTPLIB.DLL : 28417 Bytes 2/2/2009 12:21:33

NETNT.DLL : 11521 Bytes 5/12/2008 14:32:10

RCIMAGE.DLL : 2438913 Bytes 15/5/2009 19:39:58

RCTEXT.DLL : 86785 Bytes 17/4/2009 14:19:48


Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: repair

Secondary action....................: quarantine

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,


Start of the scan: Friday, August 21, 2009 17:46


Starting search for hidden objects.

'55579' objects were checked, '0' hidden objects were found.


The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned

Scan process 'mqsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SeaPort.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'msdtc.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned

Scan process 'HPConfig.exe' - '1' Module(s) have been scanned

Scan process 'hptskmgr.exe' - '1' Module(s) have been scanned

Scan process 'E_S40RP7.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'VisualToolTip.exe' - '1' Module(s) have been scanned

Scan process 'ViOrb.exe' - '1' Module(s) have been scanned

Scan process 'ViStart.exe' - '1' Module(s) have been scanned

Scan process 'LClock.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'DrvIcon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'carpserv.exe' - '1' Module(s) have been scanned

Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'gbpsv.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

43 processes with 43 modules were scanned


Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!


Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!


Starting to scan executable files (registry).

The registry was scanned ( '62' files ).



Starting the file scan:


Begin scan in 'C:\'


[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.


[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.


[0] Archive type: CAB (Microsoft)

--> msoe.hlp

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP897\A0271226.exe

[DETECTION] Is the TR/Spy.Gen Trojan

[NOTE] The file was moved to '4ac11b34.qua'!

C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP909\A0271771.exe

[DETECTION] Contains recognition pattern of the APPL/PsKill.E application

[NOTE] The file was moved to '4ac11b64.qua'!

C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP910\A0272314.exe

[DETECTION] Contains recognition pattern of the APPL/PsKill.E application

[NOTE] The file was moved to '4ac11b92.qua'!

C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP911\A0272380.exe

[DETECTION] Contains recognition pattern of the APPL/PsKill.E application

[NOTE] The file was moved to '4ac11b9b.qua'!


[0] Archive type: CAB (Microsoft)

--> DDEInstall.msi

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed


[DETECTION] Contains recognition pattern of the APPL/PsKill.E application

[NOTE] The file was moved to '4afa2345.qua'!



End of the scan: Friday, August 21, 2009 19:46

Used time: 2:00:03 Hour(s)


The scan has been done completely.


8602 Scanned directories

325911 Files were scanned

5 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

5 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

325904 Files not concerned

3304 Archives were scanned

6 Warnings

7 Notes

55579 Objects were scanned with rootkit scan

0 Hidden objects were found

:seta: Baixe o programa ToolsCleaner:

Salve-o no Desktop (área de trabalho);

Feche programas que estejam abertos e execute a ferramenta.

Clique no botão Recherche para iniciar o scan. <-- Aguarde!

Terminando, teremos relacionados os itens que serão removidos.

Clique no botão Supression para remover os itens encontrados.

Clique, à seguir, em Quitter.

Será criado um relatório que estará em C:\TCleaner.txt



:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:


MV RegClean


MV AntiSpy




Siga também as dicas deste tutorial:


Dicas para deixar seu computador mais rápido e eficiente



:!: O Java está desatualizado em seu PC.


Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:


Baixe > JavaRa


Descompacte-o e dê um duplo-clique no JavaRa.exe. Selecione a língua inglesa (English) ou outro idioma de sua preferência e clique no botão Select. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe. Clique então no botão Search.


Se o Java estiver atualizado em seu PC, você receberá um aviso de que tem a última versão. Caso contrário, siga as instruções que o programa vai te passar para que a nova versão do Java seja baixada e instalada. Feche temporariamente os seus navegadores (Internet Explorer, Firefox, etc). Depois clique no botão Remove Older Versions, confirme clicando no botão Sim e clique em Ok e clique em Ok novamente para que as versões antigas do Java que existirem no PC sejam desinstaladas.



:seta: Para evitar que os virus voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.


Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.



:seta: Depois disto poste o log que estará em C:\TCleaner.txt juntamente com um novo log do Hijackthis e nos diga como está o seu PC após todos estes procedimentos.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:05:42, on 5/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:










C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe


C:\Program Files\Google\Update\\GoogleCrashHandler.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe



C:\Program Files\HP\hpcoretech\hpcmpmgr.exe


C:\Program Files\Avira\AntiVir Desktop\avgnt.exe


C:\Program Files\Vista Drive Icon\DrvIcon.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


C:\Program Files\LClock\lclock.exe

C:\Program Files\ViStart\ViStart.exe

C:\Program Files\ViOrb\ViOrb.exe

C:\Program Files\VisualTooltip\VisualToolTip.exe


C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [srmclean] "C:\Cpqs\Scom\srmclean.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] "carpserv.exe"

O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe

O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe

O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe

O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\\gears.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{6FF0B388-BFB8-4970-AB94-FDE8B194488F}: NameServer =,

O20 - Winlogon Notify: GbPluginBb - C:\PROGRA~1\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google Inc. - (no file)

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: hpdj - Hewlett-Packard - (no file)

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



End of file - 9101 bytes




[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]


--> Recherche:


C:\VundoFix.txt: trouvé !

C:\Combofix.txt: trouvé !

C:\Vundofix backups: trouvé !

C:\Qoobox: trouvé !

C:\Documents and Settings\Marcelo\Desktop\ComboFix.exe: trouvé !

C:\Documents and Settings\Marcelo\Desktop\vundoFix.exe: trouvé !

C:\Documents and Settings\Marcelo\Desktop\HijackThis.exe: trouvé !

C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\hijackthis.log: trouvé !

C:\Documents and Settings\Marcelo\My Documents\ComboFix.exe: trouvé !

C:\Documents and Settings\Marcelo\My Documents\Utilidades\hijackthis.log: trouvé !

C:\Qoobox\Quarantine\catchme.log: trouvé !



--> Suppression:


C:\Documents and Settings\Marcelo\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!

C:\Documents and Settings\Marcelo\Desktop\vundoFix.exe: supprimé !

C:\Documents and Settings\Marcelo\Desktop\HijackThis.exe: supprimé !

C:\Documents and Settings\Marcelo\My Documents\ComboFix.exe: ERREUR DE SUPPRESSION !!

C:\VundoFix.txt: supprimé !

C:\Combofix.txt: supprimé !

C:\Documents and Settings\Marcelo\Desktop\Anti - Vírus\hijackthis.log: supprimé !

C:\Documents and Settings\Marcelo\My Documents\Utilidades\hijackthis.log: supprimé !

C:\Qoobox\Quarantine\catchme.log: supprimé !

C:\Vundofix backups: supprimé !

C:\Qoobox: supprimé !





Depois desses relatórios acho que podemos considerar o meu PC curado!!! Tem mais algum programa que posso tirar da inicialização ? usei os programas que me indicou e só o de registros encontrou alguma coisa, na verdade 2019 chaves de registro que eu já deletei, erra coisa antiga que não acabava mais, agora vou passar um disk clean up e desfragmentar!

No aguardo...

