[Resolvido!] Windows.Tool.Disabled Hijack.Regedit/TaskManager

[DavidVr 0]

Ola,

 

Situação:

Inicialização normal: Popup com caracteres ilegiveis; Impossivel carregar qualquer programa; Taskmanager inativo; Desligamento apenas por hardboot.

 

Modo de Segurança c/rede: Spybot e Malwarebytes encontram entradas no registro infectadas; ao serem removidas reaparecem ao reiniciar normalmente.

 

Muito obrigado. Log abaixo( feito pelo modo de segurança):

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:38:27, on 28/12/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Users\David Fernandes\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: 12.215.102.170 iplounge

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\RunServices: [Virtual Network Driver] vdnhost.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC062AF-7BFA-4D45-9B59-AD0EC9C6CD2F}: NameServer = 201.76.223.130,201.76.223.131

O20 - AppInit_DLLs: C:\Windows\system32\rzsuej.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

 

--

End of file - 3008 bytes

[Power Max 54]

:) Olá David! Seja bem-vindo ao Fórum Imasters.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://forum.imasters.com.br/index.php?/topic/278480-como-iniciar-em-modo-de-seguranca/"]Modo de Segurança". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[DavidVr 0]

Caro Antonio,

 

Obrigado pela presteza na resposta!

 

Nova situação: Inicialização normal pelo sistema. Aplicativos/processos funcionando normalmente.

 

Abaixo os logs do combofix e hijackthis respectivamente:

 

ComboFix 09-12-28.06 - David Fernandes 29/12/2009 13:41:45.2.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.55.1046.18.2047.1674 [GMT -2:00]

Executando de: c:\users\David Fernandes\Desktop\combofix.exe

Comandos utilizados :: /killall

.

ADS - drivers: deleted 262 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-685800872-2479309641-689141554-500

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-28 to 2009-12-29 ))))))))))))))))))))))))))))

.

 

2009-12-29 15:50 . 2009-12-29 15:52 -------- d-----w- c:\users\David Fernandes\AppData\Local\temp

2009-12-29 15:50 . 2009-12-29 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-27 18:38 . 2009-12-27 18:38 -------- dc----w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2009-12-27 17:08 . 2009-12-27 17:08 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys

2009-12-27 12:14 . 2009-12-27 12:15 -------- d-----w- c:\users\David Fernandes\AppData\Roaming\QuickScan

2009-12-26 23:37 . 2009-12-26 23:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-12-26 23:37 . 2009-12-26 23:40 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-26 21:04 . 2009-12-26 21:04 -------- d-----w- c:\users\David Fernandes\AppData\Roaming\Malwarebytes

2009-12-26 21:04 . 2009-12-03 18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-26 21:04 . 2009-12-26 21:04 -------- d-----w- c:\programdata\Malwarebytes

2009-12-26 21:04 . 2009-12-26 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-26 21:04 . 2009-12-03 18:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 19:38 . 2009-12-26 19:38 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2009-12-26 16:52 . 2009-06-30 11:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-12-26 16:51 . 2009-12-26 16:51 -------- d-----w- c:\program files\Panda Security

2009-12-24 11:58 . 2009-12-24 11:58 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2009-12-24 11:58 . 2009-12-24 11:58 -------- d-----w- c:\program files\DVDVideoSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-29 15:48 . 2006-11-06 01:32 87072 ----a-w- c:\windows\system32\prfc0416.dat

2009-12-29 15:48 . 2006-11-06 01:32 514042 ----a-w- c:\windows\system32\prfh0416.dat

2009-12-27 00:38 . 2007-11-03 21:31 680 ----a-w- c:\users\David Fernandes\AppData\Local\d3d9caps.dat

2009-12-26 15:49 . 2008-10-28 01:15 -------- d-----w- c:\programdata\NVIDIA

2009-12-26 15:49 . 2009-10-31 18:05 67777 ----a-w- c:\programdata\nvModes.dat

2009-12-26 01:31 . 2008-12-24 19:16 -------- d-----w- c:\programdata\Test Drive Unlimited

2009-12-24 04:52 . 2009-12-27 12:13 684032 ----a-w- c:\users\David Fernandes\AppData\Roaming\Mozilla\Firefox\Profiles\izg8zwtw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll

2009-12-24 04:52 . 2009-12-27 12:13 776704 ----a-w- c:\users\David Fernandes\AppData\Roaming\Mozilla\Firefox\Profiles\izg8zwtw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2009-12-19 02:15 . 2008-07-11 02:24 -------- d-----w- c:\program files\Google

2009-12-18 22:57 . 2009-12-18 22:57 676104 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-07 06:47 . 2008-04-29 14:01 -------- d-----w- c:\programdata\GbPlugin

2009-12-06 23:04 . 2008-04-29 14:03 -------- d-----w- c:\program files\GbPlugin

2009-11-21 21:39 . 2009-11-21 21:39 49152 ----a-r- c:\users\David Fernandes\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe

2009-11-21 17:12 . 2007-03-08 17:04 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-13 01:11 . 2008-12-25 01:09 108144 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-11-12 23:29 . 2009-11-12 23:29 -------- d-----w- c:\program files\CAPCOM

2009-11-11 12:53 . 2009-05-16 20:43 -------- d-----w- c:\program files\UBISOFT

2009-10-31 18:00 . 2009-10-31 17:56 -------- d-----w- c:\program files\NVIDIA Corporation

2009-10-31 17:58 . 2009-10-31 17:57 -------- d-----w- c:\program files\AGEIA Technologies

2009-10-31 17:57 . 2009-10-31 17:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-10-31 12:56 . 2009-10-31 12:56 -------- d-----w- c:\program files\TDU Save Protector v2.0

2009-10-31 00:52 . 2009-10-31 00:52 -------- d-----w- c:\program files\Atari

2009-10-28 02:05 . 2009-10-28 02:05 812648 ----a-w- c:\windows\system32\nvsvc.dll

2009-10-28 02:05 . 2009-10-28 02:05 66664 ----a-w- c:\windows\system32\nvshext.dll

2009-10-28 02:05 . 2009-10-28 02:05 12686440 ----a-w- c:\windows\system32\nvcpl.dll

2009-10-28 02:05 . 2009-10-28 02:05 122984 ----a-w- c:\windows\system32\nvvsvc.exe

2009-10-28 02:05 . 2009-10-28 02:05 110184 ----a-w- c:\windows\system32\nvmctray.dll

2009-10-26 18:54 . 2008-10-24 12:03 588392 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-10-22 16:06 . 2009-09-23 13:40 31080 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe

2009-10-01 12:29 . 2009-10-11 22:52 195440 ------w- c:\windows\system32\MpSigStub.exe

2006-11-02 09:45 . 2006-11-02 09:45 140836 --sh--w- c:\windows\System32\lnqqrwo.dll

2006-11-02 09:45 . 2006-11-02 09:45 140836 --sh--w- c:\windows\System32\p.dll

2006-11-02 09:45 . 2006-11-02 09:45 140836 --sh--w- c:\windows\System32\rzsuej.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2009-10-22 16:01 310824 ----a-w- c:\progra~1\GbPlugin\gbiehAbn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\rzsuej.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]

@="service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

2007-02-08 22:56 295856 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-07-13 17:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]

2007-04-19 17:45 74672 ----a-w- c:\program files\Lexmark 1200 Series\LXCZbmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2009-12-03 18:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2006-09-27 19:52 3768320 ----a-w- c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-07-17 18:25 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 18:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-19 20:45 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-423846414-3903668000-291553332-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000001

 

R0 GbpKm;Gbp KernelMode;c:\windows\System32\drivers\GbpKm.sys [23/09/2009 11:40 31080]

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [26/12/2009 14:52 28552]

R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [06/12/2009 12:32 54376]

S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]

S3 rkhdrv40;Rootkit Unhooker Driver;c:\windows\System32\drivers\rkhdrv40.sys [27/12/2009 15:08 24448]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/09/2009 01:27 133104]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27/10/2009 23:08 240232]

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {6BC062AF-7BFA-4D45-9B59-AD0EC9C6CD2F} = 201.76.223.130,201.76.223.131

FF - ProfilePath - c:\users\David Fernandes\AppData\Roaming\Mozilla\Firefox\Profiles\izg8zwtw.default\

FF - component: c:\users\David Fernandes\AppData\Roaming\Mozilla\Firefox\Profiles\izg8zwtw.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - component: c:\users\David Fernandes\AppData\Roaming\Mozilla\Firefox\Profiles\izg8zwtw.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - component: c:\users\David Fernandes\AppData\Roaming\Mozilla\Firefox\Profiles\izg8zwtw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: c:\users\David Fernandes\AppData\Roaming\Mozilla\Firefox\Profiles\izg8zwtw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-userini - c:\windows\system32\userini.exe

 

 

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-423846414-3903668000-291553332-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:7b,02,38,8e,d9,07,88,b9,4e,2b,42,e5,8b,25,a7,5e,e8,9d,4e,72,31,86,bd,

6a,59,c0,1e,e7,3e,e3,fa,96,55,c2,c2,4f,52,e9,7a,61,16,82,c5,80,00,6b,ca,94,\

"??"=hex:47,8e,23,9b,3a,39,d8,97,3b,99,cd,b8,11,ac,14,9e

 

[HKEY_USERS\S-1-5-21-423846414-3903668000-291553332-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0C12&PID_0005\Calibration\0\Type\Axes]

@DACL=(02 0000)

 

[HKEY_USERS\S-1-5-21-423846414-3903668000-291553332-1000\ w*.*]

@Allowed: (Read) (RestrictedCode)

DUMPHIVE0.003 (REGF)

 

[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\conime.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-29 13:59:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-29 15:58

 

Pré-execução: 21.835.272.192 bytes disponíveis

Pós execução: 21.378.576.384 bytes disponíveis

 

- - End Of File - - 1416D1418471C4BBBFD67EDACAAA5702

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:13:50, on 29/12/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iPod Access for Windows\iPAHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\David Fernandes\Downloads\HiJackThis.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC062AF-7BFA-4D45-9B59-AD0EC9C6CD2F}: NameServer = 201.76.223.130,201.76.223.131

O20 - AppInit_DLLs: C:\Windows\System32\rzsuej.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 6691 bytes

[Power Max 54]

:) Alguns problemas foram removidos pelo Combofix.

_____________________________________

 

:!: Pelos seus logs está constando que seu PC está sem antivirus e é muito importante instalar um.

 

:seta: Sugiro um ótimo antivirus gratuito para você, como o Avira Antivir Personal 9 Free.

 

Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 9 free (instalação e configuração)

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html"]Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

 

Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.

 

Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal.

_______________________________________________________________

 

:seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados.

[DavidVr 0]

Ola novamente,

 

Segui suas instruções. Seguem os logs do Avira e Hijackthis:

 

 

 

Avira AntiVir Personal

Report file date: terça-feira, 29 de dezembro de 2009 16:16

 

Scanning for 1486909 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (plain) [6.0.6000]

Boot mode : Save mode

Username : David Fernandes

Computer name : VRF

 

Version information:

BUILD.DAT : 9.0.0.418 21723 Bytes 02/12/2009 16:28:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 13:26:33

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 12:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 13:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 12:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:35:52

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 16:43:26

VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 16:43:26

VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 16:43:26

VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 16:43:27

VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 16:43:27

VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 16:43:27

VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 16:43:27

VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 16:43:28

VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 16:43:28

VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 16:43:28

VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 16:43:29

VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 16:43:29

VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 16:43:32

VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 16:43:35

VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 16:43:38

VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 16:43:40

VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 16:43:44

VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 16:43:46

VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 16:43:49

VBASE020.VDF : 7.10.2.64 2048 Bytes 24/12/2009 16:43:49

VBASE021.VDF : 7.10.2.65 2048 Bytes 24/12/2009 16:43:50

VBASE022.VDF : 7.10.2.66 2048 Bytes 24/12/2009 16:43:50

VBASE023.VDF : 7.10.2.67 2048 Bytes 24/12/2009 16:43:50

VBASE024.VDF : 7.10.2.68 2048 Bytes 24/12/2009 16:43:50

VBASE025.VDF : 7.10.2.69 2048 Bytes 24/12/2009 16:43:51

VBASE026.VDF : 7.10.2.70 2048 Bytes 24/12/2009 16:43:51

VBASE027.VDF : 7.10.2.71 2048 Bytes 24/12/2009 16:43:51

VBASE028.VDF : 7.10.2.72 2048 Bytes 24/12/2009 16:43:52

VBASE029.VDF : 7.10.2.73 2048 Bytes 24/12/2009 16:43:52

VBASE030.VDF : 7.10.2.74 2048 Bytes 24/12/2009 16:43:52

VBASE031.VDF : 7.10.2.88 188416 Bytes 29/12/2009 16:43:55

Engineversion : 8.2.1.122

AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 09:38:52

AESCRIPT.DLL : 8.1.3.4 586105 Bytes 29/12/2009 16:44:21

AESCN.DLL : 8.1.3.0 127348 Bytes 29/12/2009 16:44:18

AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 09:38:44

AERDL.DLL : 8.1.3.4 479605 Bytes 29/12/2009 16:44:17

AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 09:38:40

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 09:38:38

AEHEUR.DLL : 8.1.0.189 2195833 Bytes 29/12/2009 16:44:14

AEHELP.DLL : 8.1.9.0 237943 Bytes 29/12/2009 16:44:02

AEGEN.DLL : 8.1.1.82 369014 Bytes 29/12/2009 16:44:00

AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 09:38:26

AECORE.DLL : 8.1.9.1 180598 Bytes 29/12/2009 16:43:58

AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 09:38:20

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 10:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 17:14:02

AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 16:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 12:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 17:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 12:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 17:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 10:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 12:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 17:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 14:25:47

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: terça-feira, 29 de dezembro de 2009 16:16

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

19 processes with 19 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '39' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Sistema>

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\GTR2\GTR2.exe

[DETECTION] Contains recognition pattern of the WORM/SdBot.15863808 worm

C:\Windows\System32\lnqqrwo.dll

[DETECTION] Is the TR/Dldr.Piker.atw Trojan

C:\Windows\System32\p.dll

[DETECTION] Is the TR/Dldr.Piker.atw Trojan

C:\Windows\System32\rzsuej.dll

[DETECTION] Is the TR/Dldr.Piker.atw Trojan

C:\Windows\System32\drivers\sptd.sys

[WARNING] The file could not be opened!

 

Beginning disinfection:

C:\GTR2\GTR2.exe

[DETECTION] Contains recognition pattern of the WORM/SdBot.15863808 worm

[NOTE] The file was moved to '4b8c587d.qua'!

C:\Windows\System32\lnqqrwo.dll

[DETECTION] Is the TR/Dldr.Piker.atw Trojan

[NOTE] The file was moved to '4bab5898.qua'!

C:\Windows\System32\p.dll

[DETECTION] Is the TR/Dldr.Piker.atw Trojan

[NOTE] The file was moved to '4b9e5858.qua'!

C:\Windows\System32\rzsuej.dll

[DETECTION] Is the TR/Dldr.Piker.atw Trojan

[NOTE] The file was moved to '4bad58a4.qua'!

 

 

End of the scan: terça-feira, 29 de dezembro de 2009 17:27

Used time: 1:10:30 Hour(s)

 

The scan has been done completely.

 

24102 Scanned directories

447915 Files were scanned

4 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

4 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

447908 Files not concerned

2398 Archives were scanned

2 Warnings

5 Notes

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:47:54, on 29/12/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iPod Access for Windows\iPAHelper.exe

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\David Fernandes\Downloads\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC062AF-7BFA-4D45-9B59-AD0EC9C6CD2F}: NameServer = 201.76.223.130,201.76.223.131

O20 - AppInit_DLLs: C:\Windows\System32\rzsuej.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 7461 bytes

[Power Max 54]

:) Outros problemas foram removidos pelo Avira.

 

:seta: Faça uma atualização (update) do Malwarebytes que você já tem instalado em seu PC.

 

Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

[DavidVr 0]

Ola!

 

Abaixo os novos logs MalwareBytes & Hijackthis:

 

Malwarebytes' Anti-Malware 1.42

Database version: 3451

Windows 6.0.6000 (Safe Mode)

Internet Explorer 7.0.6000.16890

 

29/12/2009 20:18:25

mbam-log-2009-12-29 (20-18-25).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 286515

Time elapsed: 51 minute(s), 24 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:21:41, on 29/12/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iPod Access for Windows\iPAHelper.exe

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\mobsync.exe

C:\Users\David Fernandes\Downloads\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC062AF-7BFA-4D45-9B59-AD0EC9C6CD2F}: NameServer = 201.76.223.130,201.76.223.131

O20 - AppInit_DLLs: C:\Windows\System32\rzsuej.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 7097 bytes

[Power Max 54]

:seta: Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):

http://swandog46.geekstogo.com/avenger2/download.php

 

*Selecione e copie (Ctrl+C) todo o texto dentro do Quote (caixa branca) abaixo:

 

Files to delete:

c:\windows\System32\lnqqrwo.dll

c:\windows\System32\p.dll

c:\windows\System32\rzsuej.dll

 

*Execute o programa Avenger

*Clique em [Load Script] > [Paste from Clipboard]

*Clique em [Execute] > [OK]

*O PC será reiniciado

*O relatório será criado em C:\avenger.txt

__________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O20 - AppInit_DLLs: C:\Windows\System32\rzsuej.dll

___________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com o log que estará em C:\avenger.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[DavidVr 0]

Desculpe pela demora.

 

Infelizmente o Nod32 não conseguia terminar o scan no modo normal. Erro: "OnlineCmdLineScanner.exe parou de funcionar".

 

Pelo modo de segurança consegui terminar o scan. Seguem os Logs Do Nod32, Avenger e Hijackthis:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=6c366ae5b5965f42945a9897c70a4cf9

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-12-30 01:21:23

# local_time=2009-12-29 11:21:23 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=6.0.6000 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 94 0 33855335 0 0

# compatibility_mode=5892 16776573 100 100 4681032 98740748 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=33334

# found=0

# cleaned=0

# scan_time=2864

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=6c366ae5b5965f42945a9897c70a4cf9

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-12-30 02:06:34

# local_time=2009-12-30 12:06:34 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=6.0.6000 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 94 0 33858244 0 0

# compatibility_mode=5892 16776573 100 100 4683941 98743657 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=33342

# found=0

# cleaned=0

# scan_time=2665

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=6c366ae5b5965f42945a9897c70a4cf9

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-12-30 03:17:51

# local_time=2009-12-30 01:17:51 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=6.0.6000 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 94 0 33861645 0 0

# compatibility_mode=5892 16776573 100 100 4687342 98747058 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=33368

# found=0

# cleaned=0

# scan_time=3541

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=6c366ae5b5965f42945a9897c70a4cf9

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2009-12-30 03:47:46

# local_time=2009-12-30 01:47:46 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=6.0.6000 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775126 100 94 0 33865578 0 0

# compatibility_mode=5892 16776573 100 100 4691275 98750991 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=33371

# found=0

# cleaned=0

# scan_time=1415

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows Vista

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "c:\windows\System32\lnqqrwo.dll" not found!

Deletion of file "c:\windows\System32\lnqqrwo.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\System32\p.dll" not found!

Deletion of file "c:\windows\System32\p.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\System32\rzsuej.dll" not found!

Deletion of file "c:\windows\System32\rzsuej.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:04:26, on 30/12/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\iPod Access for Windows\iPAHelper.exe

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\mspaint.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\David Fernandes\Downloads\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC062AF-7BFA-4D45-9B59-AD0EC9C6CD2F}: NameServer = 201.76.223.130,201.76.223.131

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 7406 bytes

[Power Max 54]

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

_______________________________________

 

:seta: Baixe e execute este programa abaixo para desativar o Bonjour (que é um desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

_______________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_______________________________________

 

:seta: Depois disto poste um novo log do Hijackthis e nos diga, por gentileza, como está seu PC.

[DavidVr 0]

Caro Antonio.

 

Segui suas instruções. Pelo ccleaner deixei habilitado apenas o driver de som e o avira. Tambem limpei as entradas indicadas como erros no registro. Repeti o processo 5 vezes.

 

Segue o novo log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:36:53, on 30/12/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16890)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\iPod Access for Windows\iPAHelper.exe

C:\Windows\system32\lxczcoms.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\David Fernandes\Downloads\HiJackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6BC062AF-7BFA-4D45-9B59-AD0EC9C6CD2F}: NameServer = 201.76.223.130,201.76.223.131

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 6092 bytes

[Power Max 54]

:seta: Como está seu PC após estes procedimentos?

[DavidVr 0]

Tudo esta normal.

 

Regedit esta operacional. Restauração do Sistema esta operacional. som/internet/aplicativos funcionando.

 

Algum detalhe especifico?

[Power Max 54]

Tudo esta normal.

 

Regedit esta operacional. Restauração do Sistema esta operacional. som/internet/aplicativos funcionando.

:) Ficamos felizes que os problemas foram resolvidos.

 

:seta: Vá no menu: Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

_____________________________________

 

:seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:

 

Tutorial do ToolsCleaner

_____________________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

MV RegClean

 

MV AntiSpy

 

Auslogics Disk Defrag

 

SpywareBlaster

_____________________________________

 

:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Veja mais detalhes sobre como desativá-la no site abaixo:

http://www.baboo.com.br/conteudo/modelos/Desativando-a-Restauracao-do-Sistema-no-Windows-Vista_a31528_z0.aspx

 

E depois de desativá-la, volte a ativá-la novamente no mesmo local indicado no site acima.

_____________________________________

 

:natal_smile: Foi um prazer ajudar, conte sempre conosco!

[DavidVr 0]

Muito Obrigado pelo auxilio Antonio!

 

Parabens pela excelente metodologia, clara e bem facil de entender.

 

Obrigado Novamente e feliz 2010!!! :natal_biggrin: :natal_smile: :natal_biggrin: :natal_smile: :natal_biggrin: :natal_smile:

 

David

 

PS:Existe alguma forma de colaborar com o Forum voluntariamente?

[Power Max 54]

PS:Existe alguma forma de colaborar com o Forum voluntariamente?

Você pode colaborar com o fórum ajudando os outros usuários nas áreas do fórum que você tenha mais conhecimentos.

 

Felicidades e um próspero ano novo!

[Power Max 54]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.