[Arquivado] &nbspAnalise de log ...

[o_pensador 0]

Prezados amigos,

 

Estou com um dor de cabecas daquelas. Possuo um Notebook e o mesmo tem menos de um ano de uso. Pelo zelo que tenho a ele me causou estranheza que de uma semana pra cá quando conecto o cabo da rede do meu trabalho ele fica desconectando (cabo de rede desligado) e conectando a todo instante. O mesmo cabo esta funcionando perfeitamente em todas as outras maquinas da empresa. Usei o Anti-Virus F-SECURE e o MALAREBYTES e nenhum dos dois consegu detectar nada. Gostaria portanto que voces analisassem o meu LOG do HIJACTHIS.

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:08:20, on 27/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\F-Secure\Common\FSM32.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\F-Secure\Common\FSHDLL32.EXE

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

C:\Arquivos de programas\F-Secure\Common\FIH32.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\System32\svchost.exe

C:\O MUNDO E BREGA\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 66.36.245.154 www2.bancobrasil.com.br

O1 - Hosts: 66.36.245.158 bradesco.com.br

O1 - Hosts: 66.36.245.158 www.bradesco.com.br

O1 - Hosts: 66.36.245.158 www.realsecureweb.com.br

O1 - Hosts: 66.235.176.176 www2.realsecureweb.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GAS Helper - {F1C465B1-9278-409c-BF49-06190F5A94C8} - C:\WINDOWS\system32\gas.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253108062421

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.saude.ce.gov.br/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe

 

--

End of file - 11491 bytes

[Felipe_88 0]

Olá, o_pensador!

 

Vamos por etapa:

 

1º

* Baixe o programa HostsXpert

* Salve-o e descompacte em uma pasta temporária;

* Execute o arquivo [HostsXpert.exe];

* Em "File Handling" > clique em [Restore MS Hosts File];

* Uma caixa de confirmação será exibida, clique em [OK];

*Feche o HostsXpert.

 

2º

*Baixe o Bankerfix e salve-o no desktop

*Duplo clique em bankerfix.exe.

*Clique [OK] > [sIM] (se pedir alguma atualização) > [OK]

*Tecle [ENTER] e aguarde.

*Ao término tecle [ENTER]

*Cole o relatório criado em C:\LinhaDefensiva\relatorio.txt

 

Aguardo os relatórios.

[o_pensador 0]

Fiz exatamente como recomendado e segue os relatorios ...

 

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-12-27 - 23:17

-------------------------------------------------------

Lista de Definição: 2010-12-25-1 | CORE: 2010-01-14-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\Temp\Perflib_Perfdata_4dc.dat

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

 

 

 

o LOG do HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:26:59, on 27/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\F-Secure\Common\FSM32.EXE

C:\Arquivos de programas\F-Secure\Common\FSHDLL32.EXE

C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

C:\Arquivos de programas\F-Secure\Common\FIH32.EXE

C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe

C:\O MUNDO E BREGA\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GAS Helper - {F1C465B1-9278-409c-BF49-06190F5A94C8} - C:\WINDOWS\system32\gas.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253108062421

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.saude.ce.gov.br/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe

 

--

End of file - 11297 bytes

[Felipe_88 0]

o_pensador,

 

1º

*Faça o download da ferramenta do link abaixo

http://computer-comfort.nl/downloads/WinsockXPFix.exe

*Coloque-a na maquina que não tem conexão com a rede.

*Deixe o modem da internet conectado a maquina normalmente.

*Execute o programa e

*Clique em> Reg-Backup > OK > OK > YES (espere o término) > OK.

*Clique em Fix > YES > OK > Reinicie o PC

*Agora tente conectar a maquina a internet.

 

Veja se corrigiu o problema relacionado a conexão;

[o_pensador 0]

Procurei fazer segundo o sugerido só que me apareceram varias mensagens de erro.

 

Quando estava no processo de "Backing up registry to C:\ERDNT" em todas as 7 etapas do mesmo apresentava a seguinte mensagem "ERROR SAVING FILE C:\ERDNT\System ! Continue with the next file?" e fui teclando SIM até a última fase.

 

Na fase 5 a mensagem de ERRO foi uma outra: "ERROR SAVING FILE C:\ERDNT\Users\S-1-5-21-73586283-1960408961-682003330-1003\ntuser.dat ! Continue with the next file?"

 

Ja na fase 6 mensagem de ERRO foi uma outra: "ERROR SAVING FILE C:\ERDNT\Users\S-1-5-21-73586283-1960408961-682003330-1003_Classes\UsrClass.dat ! Continue with the next file?".

 

No final a seguinte mensagem: "Registry backup is complete! To restore the registry at a later point, run the ERDNT program from folder C:\ERDNT."

 

 

Segue abaixo mais um LOG do HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:08:35, on 28/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\F-Secure\Common\FSHDLL32.EXE

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

C:\Arquivos de programas\F-Secure\Common\FIH32.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\F-Secure\Common\FSM32.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\O MUNDO E BREGA\HiJackThis.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

c:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X4\PROGRAMS\CORELDRW.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 66.36.245.154 www2.bancobrasil.com.br

O1 - Hosts: 66.36.245.158 bradesco.com.br

O1 - Hosts: 66.36.245.158 www.bradesco.com.br

O1 - Hosts: 66.36.245.158 www.realsecureweb.com.br

O1 - Hosts: 66.235.176.176 www2.realsecureweb.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GAS Helper - {F1C465B1-9278-409c-BF49-06190F5A94C8} - C:\WINDOWS\system32\gas.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253108062421

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.saude.ce.gov.br/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe

 

--

End of file - 11511 bytes

[Felipe_88 0]

o_pensador,

 

Vamos dar continuidade e ver se resolve o problema;

 

*Baixe o ComboFix e salve-o no desktop

* Desative seu antivírus temporariamente:

 

*Execute o Combofix e aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

*Clique em [sIM] para continuar.

*Aguarde a conclusão de todas as etapas

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

 

No Aguardo.

[o_pensador 0]

Fiz confore o orientado. Segue abaixo o relatorio:

 

 

ComboFix 10-12-26.01 - TarTech 28/12/2010 14:29:13.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3055.2525 [GMT -2:00]

Executando de: c:\documents and settings\TarTech\Desktop\ComboFix.exe

AV: F-Secure Client Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Client Security 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

c:\documents and settings\TarTech\Dados de aplicativos\inst.exe

c:\windows\system32\autorun.i

c:\windows\system32\autorun.in

c:\windows\system32\own.inf

D:\AUTORUN.INF

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))

.

 

2011-01-01 10:45 . 2010-12-28 11:24 -------- d-----w- C:\ERDNT

2010-12-28 01:16 . 2010-12-28 01:17 -------- d-----w- C:\LinhaDefensiva

2010-12-28 01:12 . 2008-07-27 14:08 356352 ----a-w- c:\temp\HostsXpert\HostsXpert.exe

2010-12-27 20:08 . 2010-12-27 20:08 -------- d-----w- c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\F-Secure

2010-12-27 20:07 . 2010-12-27 21:19 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-12-27 20:07 . 2010-03-26 09:08 80080 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2010-12-27 20:04 . 2010-12-27 20:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\fssg

2010-12-27 20:04 . 2010-12-27 20:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\F-Secure

2010-12-27 20:01 . 2010-12-27 21:19 -------- d-----w- c:\arquivos de programas\F-Secure

2010-12-22 12:40 . 2010-12-22 12:40 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

2010-12-15 11:45 . 2010-12-15 11:45 -------- d-----w- c:\documents and settings\TarTech\Configurações locais\Dados de aplicativos\RadioSure

2010-12-15 11:40 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 11:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-11 16:06 . 2010-12-11 16:06 -------- d-----w- c:\arquivos de programas\DriverGuide DriverScan

2010-12-11 15:14 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2010-12-11 15:14 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-12-11 14:53 . 2010-12-11 14:53 -------- d-----w- c:\documents and settings\TarTech\Woopra

2010-12-11 14:52 . 2010-12-11 14:53 -------- d-----w- c:\documents and settings\TarTech\.woopra

2010-12-11 14:52 . 2010-12-11 14:52 -------- d-----w- c:\arquivos de programas\Woopra

2010-12-11 14:04 . 2010-12-11 14:04 83765096 ----a-w- c:\arquivos de programas\Arquivos comuns\Windows Live\.cache\wlc1B.tmp

2010-12-03 10:47 . 2010-12-15 18:16 -------- d-----w- c:\windows\system32\NtmsData

2010-12-02 00:44 . 2010-12-02 00:44 -------- d-----w- c:\arquivos de programas\icons

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-28 11:42 . 2010-02-22 18:23 2828 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-11-24 13:58 . 2010-11-24 13:58 1011854 ----a-w- c:\windows\unins000.exe

2010-11-18 18:15 . 2009-09-16 01:25 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-07 17:39 . 2010-11-07 17:39 18688 ----a-w- c:\windows\system32\drivers\ActBoot.sys

2010-11-06 00:21 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21 . 2004-08-04 03:45 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:21 . 2004-08-04 03:45 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-03 12:27 . 2004-08-04 03:37 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2001-10-28 15:07 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 2004-08-04 03:44 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:58 . 2004-08-04 03:38 1853440 ----a-w- c:\windows\system32\win32k.sys

2010-09-30 18:50 . 2010-05-17 22:53 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-09-30 18:50 . 2010-05-17 22:53 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2010-09-30 18:50 . 2010-05-17 22:53 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-09-30 18:50 . 2010-05-17 22:53 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1C465B1-9278-409c-BF49-06190F5A94C8}]

2010-07-24 14:12 24576 ----a-w- c:\windows\system32\gas.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\arquivos de programas\F-Secure\Common\FSM32.EXE" [2010-03-26 301744]

"F-Secure TNB"="c:\arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" [2010-03-26 1653424]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - d:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-26 1719568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-09-30 18:50 87424 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^OSD.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk

backup=c:\windows\pss\OSD.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk

backup=c:\windows\pss\Utility Tray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^TarTech^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=c:\documents and settings\TarTech\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^TarTech^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

path=c:\documents and settings\TarTech\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk

backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2008-08-11 15:41 63048 ----a-w- c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-12-09 21:23 18063872 ----a-w- c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

2009-06-05 13:58 53248 ----a-w- c:\windows\system32\SiSPower.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2008-06-11 10:16 1454080 ----a-r- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 19:07 2260480 --sha-r- c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-08-25 15:25 737369 ----a-w- c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Java\\jdk1.6.0_12\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\SPSSInc\\SPSS16\\spss.com"=

"c:\\Arquivos de programas\\SPSSInc\\SPSS16\\spss.exe"=

"c:\\Arquivos de programas\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"d:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"d:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\SUPDSvc.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Recosoft PDF2Office\\PDF2Office v5.0\\PDF2Office.exe"=

"c:\\Arquivos de programas\\Recosoft PDF2Office\\PDF2Office v5.0\\PDF2OfficeDesktopServer.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\WINWORD.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\POWERPNT.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\EXCEL.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Woopra\\Woopra.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 ActBoot;ActBoot;c:\windows\system32\drivers\ActBoot.sys [07/11/2010 15:39 18688]

R0 ActUsb;ActUsb;c:\windows\system32\drivers\ActUsb.sys [24/07/2010 12:12 13952]

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [27/12/2010 18:07 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [27/12/2010 18:07 80080]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\arquivos de programas\F-Secure\HIPS\drivers\fshs.sys [27/12/2010 18:07 68144]

R2 ECSLiveIO;ECSLiveIO;c:\windows\system32\drivers\ECSLiveIO.sys [16/09/2009 09:36 16336]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]

R2 GpdKBFilter;GpdKBFilter;c:\windows\system32\drivers\GpdKBFilter.sys [16/09/2009 09:36 4096]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [01/10/2010 09:31 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [11/08/2008 13:41 12856]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 14:33 50704]

R3 ecskbc;ecskbc;c:\windows\system32\drivers\ecskbc.sys [16/09/2009 09:36 4096]

R3 ecsmouclass;ecsmouclass;c:\windows\system32\drivers\ecsmouclass.sys [16/09/2009 09:36 3968]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys [27/12/2010 18:07 130728]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]

R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [16/09/2009 15:06 31616]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys --> c:\windows\system32\drivers\gbpkm.sys [?]

S2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe --> c:\arquiv~1\GbPlugin\GbpSv.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/05/2010 16:48 136176]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 FSORSPClient;F-Secure ORSP Client;c:\arquivos de programas\F-Secure\ORSP Client\fsorsp.exe [27/12/2010 18:07 63992]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [15/03/2010 11:04 127656]

S4 F-Secure Filter;F-Secure File System Filter;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsfilter.sys [27/12/2010 18:07 39856]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsrec.sys [27/12/2010 18:07 25264]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-05-19 18:48]

 

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-05-19 18:48]

 

2011-01-01 c:\windows\Tasks\User_Feed_Synchronization-{F34DF7DD-8B62-4470-91D0-A2F690D421FB}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: &Download by Orbit - d:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - d:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - d:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - d:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: bancobrasil.com.br\www2

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\TarTech\Dados de aplicativos\Mozilla\Firefox\Profiles\opq22gdh.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Módulo de Segurança - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

FF - user.js: network.proxy.type - 0

FF - user.js: network.proxy.http -

user_pref(network.proxy.http_port,);

FF - user.js: network.proxy.no_proxies_on -

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-DivXUpdate - c:\arquivos de programas\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-GrooveMonitor - c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

MSConfigStartUp-HideMyIP - c:\arquivos de programas\Hide My IP\HideMyIP.exe

MSConfigStartUp-Malwarebytes' Anti-Malware - c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

MSConfigStartUp-NeroFilterCheck - c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

MSConfigStartUp-SunJavaUpdateSched - c:\arquivos de programas\Java\jre6\bin\jusched.exe

AddRemove-2010_is1 - c:\datasus\SISAIH01\SIHD2\unins000.exe

AddRemove-2009_is1 - c:\arquivos de programas\Datasus\SIHD2\unins004.exe

AddRemove-SISAIH01_is1 - c:\datasus\SISAIH01\FB\MARCO\unins000.exe

AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\arquivos de programas\DivX\DivXConverterUninstall.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\arquivos de programas\DivX\DivXCodecUninstall.exe

AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\arquivos de programas\DivX\DivXConverterUninstall.exe

AddRemove-{D050D7362D214723AD585B541FFB6C11} - c:\arquivos de programas\DivX\DivXContentUploaderUninstall.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-28 14:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(484)

c:\windows\system32\LMIinit.dll

.

Tempo para conclusão: 2010-12-28 14:34:21

ComboFix-quarantined-files.txt 2010-12-28 16:34

 

Pré-execução: 21 pasta(s) 16.484.253.696 bytes disponíveis

Pós execução: 24 pasta(s) 16.908.541.952 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 8679A54065906EDFB87CDBDCAD936D2C

[o_pensador 0]

Caros amigos estou aguardando já a algum temp e não tive mais respostas. Seria porque o LOG está limpo ? Aguardo um retorno.

 

Rubens

[Power Max 54]

:) Olá Rubens!

 

Vários problemas foram removidos pelo Combofix.

_____________________

 

:seta: Siga, por gentileza, as dicas abaixo:

 

Tutorial do USBFix

 

Tutorial do antivirus Nod32 Online

_____________________

 

:seta: Na sua próxima resposta poste o log do Usbfix que estará em C:\UsbFix.txt, o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta.

[o_pensador 0]

Fiz exatamente conforme o sugerido:

 

 

LOG do USBFIX:

 

############################## | UsbFix 7.037 | [Pesquisa]

 

Usuário: TarTech (Administrador) # RUBENS [ ]

Atualizado em 03/01/2011 por El Desaparecido / C_XX

Começou em 16:23:44 | 05/01/2011

Site: http://www.teamxscript.org

Contato: eldesaparecido@teamxscript.org

 

CPU: Intel® Core2 Duo CPU T5800 @ 2.00GHz

CPU 2: Intel® Core2 Duo CPU T5800 @ 2.00GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Deficientes /!\

Antivirus: F-Secure Client Security 9.01 9.01 [(!) Disabled | Updated]

Firewall: F-Secure Client Security 9.01 9.01 [(!) Disabled]

RAM -> 3055 Mb

C:\ (%systemdrive%) -> Disco fixo # 98 Gb (13 Mb livre - 13%) [] # NTFS

D:\ -> Disco fixo # 135 Gb (32 Mb livre - 24%) [Dados] # NTFS

E:\ -> CD-ROM

F:\ -> Disco removível # 4 Gb (959 Mb livre - 25%) [KINGSTON] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

 

Presente ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

Presente ! C:\khu

Presente ! C:\khv

Presente ! C:\khw

Presente ! C:\khy

Presente ! D:\khu

Presente ! D:\khv

Presente ! D:\khw

Presente ! D:\khy

 

################## | Registro |

 

Presente ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher

 

################## | Mountpoints2 |

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

 

 

 

 

LOG do NOD:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=1db0c09782b4ac42a8acad522b89baca

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-01-05 09:55:42

# local_time=2011-01-05 07:55:42 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2304 16777191 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=120693

# found=22

# cleaned=22

# scan_time=11213

C:\Arquivos de programas\Hide Your IP Address\hide.your.ip.address.1.0-patch.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-335e2feb probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\20\65f2f554-17495f51 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\21\1854a095-4b340019 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\36\769eee4-27dd2f71 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\43\736e16eb-12284ff4 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\44\4f0623ec-7622046b a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Sony Sound Forge Pro 9.0e Full.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Soundforge90e.441.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\WinRAR 3.61 + PATCH.rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Soundforge90e.441\keygen.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\O MUNDO E BREGA\setup.rar probably a variant of Win32/Agent.FWLWAGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.i.vir Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.in.vir Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\ActBoot.sys probably a variant of Win32/Spy.Banker.PRQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\(incl. KeyGen) coolsms .zip a variant of Win32/Agent.WRY trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\coolsms Total.zip a variant of Win32/Agent.WRY trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\Install.exe a variant of Win32/Agent.WRY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\Microsoft Office Home and Student 2007 [ Full crack serial].zip a variant of Win32/Agent.WRY trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\DOWNLOADS\Hide_Your_IP_Address_2009_Full.rar Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DOWNLOADS\Hide_Your_IP_Address_2009_Full\Hide Your IP Address 2009 Full\Hide Your IP Address 2009 Full\Patch\hide.your.ip.address.1.0-patch.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx a variant of Win32/Conficker.X worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

 

 

LOG do HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:12:53, on 05/01/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\F-Secure\Common\FSLAUNCH.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\O MUNDO E BREGA\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 66.36.245.154 www2.bancobrasil.com.br

O1 - Hosts: 66.36.245.158 bradesco.com.br

O1 - Hosts: 66.36.245.158 www.bradesco.com.br

O1 - Hosts: 66.36.245.158 www.realsecureweb.com.br

O1 - Hosts: 66.235.176.176 www2.realsecureweb.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GAS Helper - {F1C465B1-9278-409c-BF49-06190F5A94C8} - C:\WINDOWS\system32\gas.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253108062421

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.saude.ce.gov.br/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe

 

--

End of file - 11877 bytes

 

 

 

Depois de todos os passos recomendados posso afirmar que o desempenho da maquina melhrou e muito. Quanto ao problema de conectar e desconectar a rede por meio do cabo ainda continua. Amanhã vou levar até uma oficina para se dar uma olhada se não tem algum problema de conexão mesmo. Ainda asseguro que depois estarei avisando o final de tudo.

 

Rubens

 

Fiz exatamente conforme o sugerido:

 

 

LOG do USBFIX:

 

############################## | UsbFix 7.037 | [Pesquisa]

 

Usuário: TarTech (Administrador) # RUBENS [ ]

Atualizado em 03/01/2011 por El Desaparecido / C_XX

Começou em 16:23:44 | 05/01/2011

Site: http://www.teamxscript.org

Contato: eldesaparecido@teamxscript.org

 

CPU: Intel® Core2 Duo CPU T5800 @ 2.00GHz

CPU 2: Intel® Core2 Duo CPU T5800 @ 2.00GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Deficientes /!\

Antivirus: F-Secure Client Security 9.01 9.01 [(!) Disabled | Updated]

Firewall: F-Secure Client Security 9.01 9.01 [(!) Disabled]

RAM -> 3055 Mb

C:\ (%systemdrive%) -> Disco fixo # 98 Gb (13 Mb livre - 13%) [] # NTFS

D:\ -> Disco fixo # 135 Gb (32 Mb livre - 24%) [Dados] # NTFS

E:\ -> CD-ROM

F:\ -> Disco removível # 4 Gb (959 Mb livre - 25%) [KINGSTON] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

 

Presente ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

Presente ! C:\khu

Presente ! C:\khv

Presente ! C:\khw

Presente ! C:\khy

Presente ! D:\khu

Presente ! D:\khv

Presente ! D:\khw

Presente ! D:\khy

 

################## | Registro |

 

Presente ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher

 

################## | Mountpoints2 |

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

 

 

 

 

LOG do NOD:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=1db0c09782b4ac42a8acad522b89baca

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-01-05 09:55:42

# local_time=2011-01-05 07:55:42 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2304 16777191 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=120693

# found=22

# cleaned=22

# scan_time=11213

C:\Arquivos de programas\Hide Your IP Address\hide.your.ip.address.1.0-patch.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\16\21535c50-335e2feb probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\20\65f2f554-17495f51 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\21\1854a095-4b340019 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\36\769eee4-27dd2f71 probably a variant of Win32/Spy.Banker.PRQ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\43\736e16eb-12284ff4 a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\TarTech\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\44\4f0623ec-7622046b a variant of Java/TrojanDownloader.Agent.NBN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Sony Sound Forge Pro 9.0e Full.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Soundforge90e.441.rar a variant of Win32/Keygen.AR application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\WinRAR 3.61 + PATCH.rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\downloads\Soundforge90e.441\keygen.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\O MUNDO E BREGA\setup.rar probably a variant of Win32/Agent.FWLWAGA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.i.vir Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.in.vir Win32/Tifaut.C worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\ActBoot.sys probably a variant of Win32/Spy.Banker.PRQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\(incl. KeyGen) coolsms .zip a variant of Win32/Agent.WRY trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\coolsms Total.zip a variant of Win32/Agent.WRY trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\Install.exe a variant of Win32/Agent.WRY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Arquivos de programas\DreaMule\incoming\Microsoft Office Home and Student 2007 [ Full crack serial].zip a variant of Win32/Agent.WRY trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\DOWNLOADS\Hide_Your_IP_Address_2009_Full.rar Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

D:\DOWNLOADS\Hide_Your_IP_Address_2009_Full\Hide Your IP Address 2009 Full\Hide Your IP Address 2009 Full\Patch\hide.your.ip.address.1.0-patch.exe Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx a variant of Win32/Conficker.X worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

 

 

LOG do HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:12:53, on 05/01/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\F-Secure\Common\FSLAUNCH.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\O MUNDO E BREGA\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 66.36.245.154 www2.bancobrasil.com.br

O1 - Hosts: 66.36.245.158 bradesco.com.br

O1 - Hosts: 66.36.245.158 www.bradesco.com.br

O1 - Hosts: 66.36.245.158 www.realsecureweb.com.br

O1 - Hosts: 66.235.176.176 www2.realsecureweb.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GAS Helper - {F1C465B1-9278-409c-BF49-06190F5A94C8} - C:\WINDOWS\system32\gas.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://d:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253108062421

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://www.saude.ce.gov.br/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\Ovislink\Common\RalinkRegistryWriter.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe

 

--

End of file - 11877 bytes

 

 

 

Depois de todos os passos recomendados posso afirmar que o desempenho da maquina melhrou e muito. Quanto ao problema de conectar e desconectar a rede por meio do cabo ainda continua. Amanhã vou levar até uma oficina para se dar uma olhada se não tem algum problema de conexão mesmo. Ainda asseguro que depois estarei avisando o final de tudo.

 

Rubens

[Power Max 54]

:) Vários problemas foram removidos pelo Nod32.

______________________

 

LOG do USBFIX:

 

############################## | UsbFix 7.037 | [Pesquisa]

:!: Mas no seu log do Usbfix está constando que você usou apenas a função de pesquisa dele. Conecte novamente suas mídias removíveis no Pc (caso as tenha), abra novamente o Usbfix, clique no botão Supressão e aí é só ir seguindo as orientações que o Usbfix e o tutorial dele que te passei também ensinam, e aí depois poste o novo log dele aqui no seu tópico para podermos analisá-lo.

[o_pensador 0]

Segue o LOG do USBFIX:

 

############################## | UsbFix 7.037 | [supressão]

 

Usuário: TarTech (Administrador) # RUBENS [ ]

Atualizado em 03/01/2011 por El Desaparecido / C_XX

Começou em 18:17:23 | 06/01/2011

Site: http://www.teamxscript.org

Contato: eldesaparecido@teamxscript.org

 

CPU: Intel® Core2 Duo CPU T5800 @ 2.00GHz

CPU 2: Intel® Core2 Duo CPU T5800 @ 2.00GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Deficientes /!\

Antivirus: F-Secure Client Security 9.01 9.01 [(!) Disabled | Updated]

Firewall: F-Secure Client Security 9.01 9.01 [(!) Disabled]

RAM -> 3055 Mb

C:\ (%systemdrive%) -> Disco fixo # 98 Gb (13 Mb livre - 13%) [] # NTFS

D:\ -> Disco fixo # 135 Gb (33 Mb livre - 24%) [Dados] # NTFS

E:\ -> CD-ROM

F:\ -> Disco removível # 4 Gb (955 Mb livre - 25%) [KINGSTON] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

 

Supprimido ! C:\Recycler\S-1-5-21-73586283-1960408961-682003330-1003

Supprimido ! D:\Recycler\S-1-5-21-73586283-1960408961-682003330-1003

Supprimido ! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

Supprimido ! C:\khu

Supprimido ! C:\khv

Supprimido ! C:\khw

Supprimido ! C:\khy

Supprimido ! D:\khu

Supprimido ! D:\khv

Supprimido ! D:\khw

Supprimido ! D:\khy

 

################## | Registro |

 

Supprimido ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[17/05/2010 - 20:53:12 | N | 1024] C:\.rnd

[05/01/2011 - 16:31:36 | D ] C:\Arquivos de programas

[30/04/2010 - 08:27:49 | D ] C:\Arquivos de Programas RFB

[15/09/2009 - 23:27:33 | N | 0] C:\AUTOEXEC.BAT

[15/12/2010 - 17:55:59 | N | 211] C:\Boot.bak

[28/12/2010 - 14:28:21 | N | 327] C:\boot.ini

[28/10/2001 - 13:06:10 | N | 4952] C:\Bootfont.bin

[15/05/2010 - 20:33:54 | N | 11] C:\boots.log

[28/12/2010 - 14:28:20 | D ] C:\cmdcons

[03/08/2004 - 23:00:16 | N | 261856] C:\cmldr

[09/11/2010 - 11:14:27 | D ] C:\CNI

[28/12/2010 - 14:34:21 | N | 21084] C:\ComboFix.txt

[04/01/2011 - 16:37:35 | D ] C:\Config.Msi

[15/09/2009 - 23:27:33 | N | 0] C:\CONFIG.SYS

[07/12/2010 - 09:20:28 | D ] C:\DATASUS

[28/05/2010 - 11:15:25 | D ] C:\docpdfbibliosus

[15/09/2009 - 23:31:21 | D ] C:\Documents and Settings

[05/01/2011 - 22:08:22 | D ] C:\downloads

[19/02/2010 - 17:08:15 | D ] C:\DRIVERS

[05/01/2011 - 16:02:58 | N | 0] C:\dump_dvd.vob

[28/12/2010 - 09:24:43 | D ] C:\ERDNT

[15/09/2009 - 23:27:33 | N | 0] C:\IO.SYS

[03/12/2010 - 11:57:38 | D ] C:\itarget

[23/09/2009 - 10:02:53 | N | 0] C:\law.sp

[27/12/2010 - 23:17:25 | D ] C:\LinhaDefensiva

[09/05/2010 - 19:18:31 | N | 100] C:\mbam-error.txt

[15/09/2009 - 23:27:33 | N | 0] C:\MSDOS.SYS

[16/09/2009 - 00:03:53 | RD ] C:\MSOCache

[03/08/2004 - 23:38:34 | N | 47564] C:\NTDETECT.COM

[14/05/2010 - 14:27:23 | N | 251696] C:\ntldr

[06/01/2011 - 11:10:26 | D ] C:\O MUNDO E BREGA

[31/05/2010 - 21:01:11 | D ] C:\Output

[06/01/2011 - 16:28:33 | ASH | 2145386496] C:\pagefile.sys

[31/03/2010 - 19:55:40 | D ] C:\papai

[06/01/2011 - 15:03:06 | D ] C:\Playlist

[15/10/2010 - 11:41:28 | D ] C:\Program Files

[28/12/2010 - 14:34:23 | D ] C:\Qoobox

[06/01/2011 - 18:20:06 | SHD ] C:\RECYCLER

[24/09/2009 - 23:23:31 | D ] C:\SIA

[06/05/2010 - 09:39:45 | D ] C:\siabmun

[15/09/2009 - 23:30:29 | SHD ] C:\System Volume Information

[07/11/2010 - 15:39:47 | N | 10] C:\TBOOT

[27/12/2010 - 23:12:39 | D ] C:\Temp

[30/04/2008 - 20:32:00 | N | 107596] C:\toolkit_widget.gif

[06/01/2011 - 18:20:06 | D ] C:\UsbFix

[06/01/2011 - 18:20:10 | A | 1364] C:\UsbFix.txt

[05/01/2011 - 16:26:10 | N | 1800] C:\UsbFix0.txt

[15/05/2010 - 20:33:55 | N | 1114] C:\W70349101.reg

[06/01/2011 - 14:09:19 | D ] C:\WINDOWS

[24/12/2010 - 11:57:31 | D ] D:\APACS

[20/05/2010 - 10:11:26 | D ] D:\Arquivos de programas

[13/12/2010 - 18:17:51 | D ] D:\Arquivos de Programas RFB

[24/12/2010 - 11:58:56 | D ] D:\BPA

[29/10/2010 - 17:55:23 | D ] D:\DADOS 2010

[23/11/2010 - 23:11:31 | D ] D:\DATASUS

[05/01/2011 - 18:32:19 | D ] D:\DOWNLOADS

[05/01/2011 - 16:11:07 | D ] D:\fotos

[01/01/2011 - 13:54:08 | D ] D:\fotos2

[03/12/2010 - 11:57:43 | D ] D:\fox

[24/09/2009 - 23:30:46 | D ] D:\IBOCONSOLE

[05/01/2011 - 15:31:04 | D ] D:\LUTHER

[06/01/2011 - 15:04:17 | D ] D:\MP3

[06/01/2011 - 14:51:21 | D ] D:\MP3 2

[04/01/2011 - 14:44:09 | D ] D:\MURAL DA ESPI

[16/12/2010 - 13:57:45 | D ] D:\O Popular

[05/01/2011 - 14:21:00 | D ] D:\PEN DRIVER - DADOS FB

[07/11/2009 - 16:14:14 | D ] D:\pendriver-ph

[28/11/2010 - 11:05:55 | D ] D:\PEN_DRIVER_8GB

[06/04/2010 - 16:33:57 | N | 61675] D:\Procedimentos FISIOTERAPIA COM CIDs.pdf

[06/04/2010 - 16:32:24 | N | 2611] D:\Procedimentos FISIOTERAPIA.pdf

[06/01/2011 - 18:20:06 | SHD ] D:\RECYCLER

[11/05/2010 - 20:33:42 | D ] D:\RELATORIOS

[04/08/2004 - 01:45:46 | N | 28672] D:\setupSNK.exe

[06/05/2010 - 09:42:22 | D ] D:\SIABMUN em Intel Core 2 Duo (Siab)

[05/03/2010 - 15:52:12 | D ] D:\SMRTNTKY

[18/10/2010 - 16:14:26 | D ] D:\SPSS

[15/12/2010 - 16:19:24 | SHD ] D:\System Volume Information

[06/01/2011 - 17:18:36 | D ] D:\TABWIN

[15/05/2008 - 10:45:48 | D ] D:\temp

[10/05/2010 - 19:35:21 | D ] D:\Thiedo

[04/01/2011 - 14:44:03 | ASH | 9728] D:\Thumbs.db

[05/03/2010 - 15:52:12 | D ] D:\vascorj

[16/08/2010 - 08:35:48 | D ] F:\urDrive

[10/11/2010 - 18:23:58 | RSHD ] F:\RECYCLER

[21/12/2010 - 06:41:06 | D ] F:\Selecao Fagner

[23/12/2010 - 15:07:28 | D ] F:\ANA CAROLINA

[23/12/2010 - 15:07:38 | D ] F:\Ana Carolina - 2005 - Perfil

[23/12/2010 - 15:07:48 | D ] F:\Ana & Jorge

[23/12/2010 - 15:08:40 | D ] F:\Djavan - Djavan ao vivo d1

[23/12/2010 - 15:08:46 | D ] F:\Djavan - Djavan ao vivo d2

[23/12/2010 - 15:08:56 | D ] F:\Geraldo Azevedo

[23/12/2010 - 15:09:08 | D ] F:\GILBERTO_GIL

[23/12/2010 - 15:09:20 | D ] F:\GUILHERME ARANTES

[23/12/2010 - 15:09:44 | D ] F:\ivan_lins

[23/12/2010 - 15:09:56 | D ] F:\Jorge Vecilo - Ao Vivo 2006 (Audio DVD)

[23/12/2010 - 15:10:36 | D ] F:\Kleiton & Kledir

[23/12/2010 - 15:11:04 | D ] F:\Milton Nascimnento - Perfil

[23/12/2010 - 15:11:16 | D ] F:\Paralamas - Perfil 1

[23/12/2010 - 15:11:22 | D ] F:\Paralamas - Perfil 2

[23/12/2010 - 15:13:08 | D ] F:\Zé Geraldo e Renato Teixeira

[23/12/2010 - 15:13:20 | D ] F:\Zeca Baleiro - Perfil

[23/12/2010 - 15:13:38 | D ] F:\Peninha

[23/12/2010 - 15:15:14 | D ] F:\Bruno e Marrone - 2009 - De Volta aos Bares_www.GaleriadaMusica.Net

[23/12/2010 - 15:15:44 | D ] F:\limousine 58

[23/12/2010 - 15:15:58 | D ] F:\OS NONATOS

[23/12/2010 - 15:16:04 | D ] F:\RITA LEE

[23/12/2010 - 15:16:30 | D ] F:\Raça Negra - 2006 Roda de Samba

[23/12/2010 - 15:16:40 | D ] F:\Raça Negra - 2002 O Samba da Jovem Guarda

[23/12/2010 - 15:16:52 | D ] F:\Raça Negra - 2000 Ao Vivo Vol. 01

[23/12/2010 - 15:16:58 | D ] F:\Raça Negra - 2000 Ao Vivo Vol. 02

[23/12/2010 - 15:17:22 | D ] F:\Repertório Rita Lee

[23/12/2010 - 15:13:46 | D ] F:\O.melhor.de.Joana

[23/12/2010 - 15:06:16 | D ] F:\Rock Brasil - Cd_1

[23/12/2010 - 15:06:24 | D ] F:\Rock Brasil - Cd_2

[23/12/2010 - 15:06:34 | D ] F:\Rock Brasil - Cd_3

[23/12/2010 - 15:06:44 | D ] F:\Rock Brasil - Cd_4

[29/12/2010 - 17:59:48 | D ] F:\OffEnt2007-BaixeBr

[05/01/2011 - 09:40:26 | N | 6017109] F:\Cardreader_IS-1412.exe

[05/01/2011 - 09:40:44 | N | 2025981] F:\Chipset_IS-1412.exe

[05/01/2011 - 09:42:44 | N | 3371039] F:\LAN_RTL8111_XP.exe

[05/01/2011 - 09:52:28 | N | 16404381] F:\RTL8191SE_XPVista.exe

[05/01/2011 - 09:53:48 | N | 18191169] F:\Video_IS-1414XP.exe

[13/12/2010 - 09:38:40 | N | 3805460] F:\setupCMR2010-EXE-101213-01.exe

 

################## | Vaccin |

 

Rubens

[Power Max 54]

:) Vários problemas foram removidos pelo Usbfix.

_____________________

 

:seta: Siga estas dicas:

 

Tutorial do Flash Disinfector

 

Tutorial do antivírus BitDefender Online

_____________________

 

:seta: Faça o download do PenClean:

https://dl.getdropbox.com/u/1035720/PenClean.zip

 

● Descompacte o Penclean.zip usando um descompactor (como o Winrar ou Winzip, por exemplo).

● Conecte o seu pendrive ou outra mídia que estiver infectada (se você tiver um) no computador e siga as etapas abaixo:

● Execute o arquivo PenClean.exe, e marque a opção: Verificar unidade > clique seta voltada para baixo e escolha a opção Todas as unidades. Depois disto clique no botão: Verificar.

● Se algo for detectado, o programa vai pedir para reiniciar o computador. Marque a opção para reiniciar e aguarde.

 

● Será salvo um log em C:\PenClean\PenClean.txt

_______________________

 

:seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log, juntamente com um novo log do Hijackthis, o log do PenClean que estará em C:\PenClean\PenClean.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.