[Resolvido!] pc lento e abrindo página de navegação sozinho

[marcel1nh0 0]

Bom dia,

 

toda vez que tento desligar o pc ele abre uma página de navegação e ultimamente esta lento tanto internet quanto processamento.

 

log solicitado abaixo:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:27:33, on 26/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\msmsgs.exe

C:\WINDOWS\thunder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\HijackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://query.ieconfigs.com:8083/config.pac

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD1.dll

O2 - BHO: (no name) - {839741A2-B652-4685-A461-481D90915C0F} - C:\WINDOWS\iexplorer.txt (file missing)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\tbDVD1.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSNGS] C:\WINDOWS\msmsgs.exe

O4 - HKLM\..\Run: [THUNDER] C:\WINDOWS\thunder.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG9\avgtray.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\GIORDANO\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\GIORDANO\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261857272043

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261857241887

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8818 bytes

[wings 22]

Boa tarde....

 

*Baixe o Bankerfix e salve-o no desktop

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Execute o bankerfix

*Clique [OK] > [sIM] (se pedir alguma atualização) > [OK]

*Tecle [ENTER] e aguarde.

*Ao término tecle [ENTER]

*Cole o relatório criado em C:\LinhaDefensiva\relatorio.txt

[marcel1nh0 0]

Boa tarde....

 

*Baixe o Bankerfix'>http://www.linhadefensiva.org/dl/bankerfix"]Bankerfix e salve-o no desktop

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Execute o bankerfix

*Clique [OK] > [sIM] (se pedir alguma atualização) > [OK]

*Tecle [ENTER] e aguarde.

*Ao término tecle [ENTER]

*Cole o relatório criado em C:\LinhaDefensiva\relatorio.txt

 

 

 

 

 

Bom dia,

 

Fiz conforme estava descrito,porém quando o programa é finalizado e a pasta que me foi indicado C:\LinhaDefensiva\relatorio.txt[/b]

esta localizado tanto dentro da pasta relatórios que é gerada automaticamente com a data de do dia do log e também em linhadefencisa com o nome de relatório.txt onde os dois arquivos .txt possuem o mesmo texto, somente para avisar caso volte a utilizalo com outras pessoas.

 

segue o log;

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-08-27 - 11:09

-------------------------------------------------------

Lista de Definição: 2010-08-03-1 | CORE: 2010-01-14-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\htp.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\key2010

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\tcefni.dat

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\windowsupdate.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\msmsgs.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Arquivos de programas\jusched.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\GIORDANO\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\dchcp.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\GIORDANO\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\msoobe32.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\GIORDANO\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\svchosf.exe

Arquivo infectado removido com sucesso!

 

Proxy/Internet Explorer (HKCU): query.ieconfigs.com:8083/config.pac

 

Proxy/Firefox: query.ieconfigs.com:8083/config.pac

 

 

 

----- Fim -------------------------

[wings 22]

Obrigado pela nova informação.

 

1.

*Delete o Bankerfix e a pasta C:\LinhaDefensiva

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir, o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[marcel1nh0 0]

Boa dia,

Wings conforme me informou fiz o dl do arquivo mbmam e após os scan esta aqui o log solicitado;

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4492

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

27/8/2010 22:25:46

mbam-log-2010-08-27 (22-25-46).txt

 

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 140480

Tempo decorrido: 8 minuto(s), 38 segundo(s)

 

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 3

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 1

Arquivos Infectados: 8

 

Processos de Memória Infectados:

C:\WINDOWS\thunder.exe (Trojan.Banker) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{839741a2-b652-4685-a461-481d90915c0f} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\avg (Trojan.Banker) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Pastas Infectadas:

C:\Documents and Settings\GIORDANO\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4} (Spyware.Banker) -> Quarantined and deleted successfully.

 

Arquivos Infectados:

C:\WINDOWS\thunder.exe (Trojan.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\libeay32.dll (Trojan.Keylogger) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssleay32.dll (Trojan.PWS) -> Quarantined and deleted successfully.

C:\WINDOWS\libmySQL50.dll (Trojan.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\trz3.tmp (Trojan.Banker) -> Quarantined and deleted successfully.

C:\Documents and Settings\GIORDANO\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\index (Spyware.Banker) -> Not selected for removal.

C:\Documents and Settings\GIORDANO\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\spoolsvr32.scr (Spyware.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\Systemffox.exe-up.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

grato.

[wings 22]

Bom dia....

 

1.

*Baixe o DDS e salve-o no desktop

*Desative temporariamente seu antivírus

*Execute o DDS e aguarde.

*Salve os relatórios (DDS.txt e Attach.txt) no desktop

*Cole o relatório DDS.txt na sua próxima resposta.

[marcel1nh0 0]

Boa noite,

 

segue o log do programa dds.cr;

 

 

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by GIORDANO at 21:47:14,04 on ter 31/08/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1318 [GMT -3:00]

 

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe 4

C:\WINDOWS\system32\svchost -k rpcss

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

svchost.exe 4

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\GIORDANO\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com.br/

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\arquivos de programas\dvdvideosofttb\tbDVD1.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\arquivos de programas\dvdvideosofttb\tbDVD1.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime

mRun: [AVG9_TRAY] c:\progra~1\avg9\avgtray.exe

mRun: [avast!] c:\progra~1\alwils\avast4\ashDisp.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NokiaMusic FastStart] "c:\arquivos de programas\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\arquiv~1\micros~2\office14\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\giordano\dados de aplicativos\dvdvideosoftiehelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\documents and settings\giordano\dados de aplicativos\dvdvideosoftiehelpers\youtubetomp3.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261857272043

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261857241887

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\arquiv~1\wifd1f~1\MpShHook.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\arquivos de programas\windows desktop search\MSNLNamespaceMgr.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\giordano\dadosd~1\mozilla\firefox\profiles\sw8zl6eo.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\documents and settings\giordano\dados de aplicativos\mozilla\firefox\profiles\sw8zl6eo.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll

FF - component: c:\documents and settings\giordano\dados de aplicativos\mozilla\firefox\profiles\sw8zl6eo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\giordano\dados de aplicativos\mozilla\firefox\profiles\sw8zl6eo.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\giordano\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-3-10 45472]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-10 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-10 17744]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-4-10 40384]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-3-10 55072]

R2 WinDefend;Windows Defender;c:\arquivos de programas\windows defender\MsMpEng.exe [2006-11-3 13592]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-12-26 135664]

S3 1SEG_driver;DT1020%;c:\windows\system32\drivers\1seg_driver.sys [2010-4-12 15255]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-4-10 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-4-10 40384]

S3 cpuz132;cpuz132;\??\c:\docume~1\giordano\config~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\giordano\config~1\temp\cpuz132\cpuz132_x32.sys [?]

 

=============== Created Last 30 ================

 

2010-08-31 23:08:49 0 d-----w- c:\arquivos de programas\Rockstar Games

2010-08-28 13:54:34 0 d-----w- c:\windows\Globalization

2010-08-28 13:53:48 0 d-----w- c:\docume~1\alluse~1\dadosd~1\NokiaMusic

2010-08-28 00:36:41 0 d-----w- c:\docume~1\giordano\dadosd~1\Malwarebytes

2010-08-28 00:36:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 00:36:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-28 00:36:32 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2010-08-28 00:36:31 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-08-26 13:50:56 0 d-----w- C:\HijackThis

2010-08-26 13:23:08 0 d-----w- c:\documents and settings\giordano\WINDOWS

2010-08-24 13:43:00 32454 ----a-w- c:\windows\wlm.ctt

2010-08-16 01:59:36 0 d-----w- c:\arquivos de programas\Ask Search Assistant

 

==================== Find3M ====================

 

2010-08-28 13:55:02 86160 ----a-w- c:\windows\system32\perfc016.dat

2010-08-28 13:55:02 485202 ----a-w- c:\windows\system32\perfh016.dat

2010-07-27 11:20:04 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-07-26 01:23:22 56496 ----a-w- c:\windows\system32\wbhelp2.dll

2010-07-26 01:23:22 33968 ----a-w- c:\windows\system32\anim.dll

2010-07-26 01:23:22 258352 ----a-w- c:\windows\system32\unicows.dll

2010-07-26 01:23:22 1706800 ----a-w- c:\windows\system32\gdiplus.dll

2010-07-26 01:23:20 4608 ----a-w- c:\windows\system32\W95INF32.DLL

2010-07-26 01:23:20 2272 ----a-w- c:\windows\system32\W95INF16.DLL

2010-06-30 12:32:26 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr

2010-06-24 12:24:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02:34 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:09 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:42:28 1172480 ----a-w- c:\windows\system32\msxml3.dll

 

============= FINISH: 21:47:39,06 ===============

[wings 22]

1.

*Delete o DDS e seus relatórios.

 

2.

*Baixe o ATF-Cleaner e salve-o no desktop

*Execute o ATF-Cleaner

*Selecione:

 

[X] Select All

*Clique [Empty Selected]

 

=>Caso use Firefox ou Opera:

*Clique na aba "Firefox" ou em "Opera"

*Selecione:

 

[X] Select All

*Clique [sim] > [Empty Selected] > [sim]

 

3.

*Baixe o NTREGOPT e salve-o no desktop

*Crie uma pasta em C:\ chamada REGOPT e extraia para ela

*Na pasta C:\REGOPT, execute o NTREGOPT

*Clique [OK] e aguarde.

*Clique [sim] e o PC será reiniciado

*Delete a pasta C:\REGOPT e o arquivo ntregopt.zip localizado no desktop

 

Informe como está o PC.

[marcel1nh0 0]

boa noite,

 

Segui o que me informou anteriormente pela manha e até o atual momento não tive nenhum imprevisto com o

computador como lentidão ou algo do tipo.

 

Agradeço pela orientação.

 

Grato.

 

Att.

[wings 22]

OK...o log está limpo.

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.