[Resolvido] &nbspComputador lento

Flavia Elaine · Abril 14, 2011

Boa noite,

meu computador está mais lento que o normal, gostaria de saber se estou com algum vírus. Quando inicio aparece uma tela estranho de gerenciamento de aplicativos.

segue meu log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:58:51, on 13/4/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\TomTom HOME 2\TomTomHOMERunner.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\HiJackthis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.viafacil.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Arquivos de programas\Softonic.BR\prxtbSof0.dll

R3 - URLSearchHook: Discover USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Arquivos de programas\Discover_USA\prxtbDis0.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngin0.dll

O2 - BHO: Discover USA - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Arquivos de programas\Discover_USA\prxtbDis0.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\ARQUIV~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Softonic.BR - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Arquivos de programas\Softonic.BR\prxtbSof0.dll

O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\ARQUIV~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Softonic.BR Toolbar - {b558ef17-3612-40c3-b954-419a460bf9f1} - C:\Arquivos de programas\Softonic.BR\prxtbSof0.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngin0.dll

O3 - Toolbar: Discover USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Arquivos de programas\Discover_USA\prxtbDis0.dll

O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\ARQUIV~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [DATAMNGR] C:\ARQUIV~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Antonio\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Arquivos de programas\TomTom HOME 2\TomTomHOMERunner.exe" -s

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.santander.com.br

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284351546074

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284352785615

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\ARQUIV~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Arquivos de programas\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 13167 bytes

Obrigada pela atenção.

Flavia Elaine

wings · Abril 14, 2011

Olá Flavia Elaine

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

2.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Caso já tenhas o Malwarebytes instalado....

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione [x] Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Flavia Elaine · Abril 19, 2011

Tentei por 2 vezes completar o AD Remover, porem ele para no 95%. Seguem os 2 logs:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 6370

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

18/4/2011 23:37:50

mbam-log-2011-04-18 (23-37-50).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 231127

Tempo decorrido: 3 hora(s), 9 minuto(s), 4 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

C:\Documents and Settings\Antonio\Configurações locais\Temporary Internet Files\Content.IE5\LMTZOZ4X\CursorMania[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

-----------------------

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 20:44:07 on 15/04/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)

Antonio@ANTONIO-6332198 ( )

============== ACTION(S) ==============

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

Folder deleted: C:\Documents and Settings\Antonio\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Documents and Settings\Antonio\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

Folder deleted: C:\Documents and Settings\Antonio\Dados de aplicativos\PriceGong

(!) -- Temporary files deleted.

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{6E0F8FD8-D823-4D99-89A8-D0BE4045B80B}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E0F8FD8-D823-4D99-89A8-D0BE4045B80B}

Key deleted: HKLM\Software\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}

Key deleted: HKLM\Software\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

Key deleted: HKLM\Software\Classes\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT2284374

Key deleted: HKLM\Software\Classes\Toolbar.CT2304564

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKLM\Software\DataMngr

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\DataMngr

Key deleted: HKCU\Software\PriceGong

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD49C581-2712-4D9E-A195-1CB274897231}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== ADDITIONNAL SCAN ==============

**** Google Chrome Version [10.0.648.204] ****

-- C:\Documents and Settings\Antonio\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Web Search" (Enabled: ) ("search_url" : "hxxp://search.bearshare.com/web?src=crb&systemid=2&q={searchTerms}")

-----------------

segue o log do malwarebytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 6370

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

18/4/2011 23:37:50

mbam-log-2011-04-18 (23-37-50).txt

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 231127

Tempo decorrido: 3 hora(s), 9 minuto(s), 4 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

C:\Documents and Settings\Antonio\Configurações locais\Temporary Internet Files\Content.IE5\LMTZOZ4X\CursorMania[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

obrigada

wings · Abril 19, 2011

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

2.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas, pois isto implicará na desconfiguração do seu desktop deixando-o em branco!

*Cole o relatório apresentado

Flavia Elaine · Abril 19, 2011

ComboFix 11-04-19.01 - Antonio 19/04/2011 18:42:11.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.543 [GMT -3:00]

Executando de: C:\Documents and Settings\Antonio\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

ADS - system32: deleted 6 bytes in 3 streams.

ADS - drivers: deleted 354 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

C:\HiJackthis\HiJackthis.exe

(((((((((((((((( Arquivos/Ficheiros criados de 2011-03-19 to 2011-04-19 ))))))))))))))))))))))))))))

2011-04-15 23:50:04 . 2011-04-15 23:50:04 -------- d-----w- C:\Documents and Settings\Antonio\Dados de aplicativos\Malwarebytes

2011-04-15 23:47:57 . 2010-04-29 18:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-04-15 23:47:26 . 2011-04-15 23:47:26 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2011-04-15 23:47:19 . 2010-04-29 18:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-04-15 23:47:18 . 2011-04-15 23:49:13 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2011-04-13 23:58:18 . 2011-04-19 21:45:56 -------- d-----w- C:\HiJackthis

2011-04-11 00:49:49 . 2011-04-11 00:49:49 -------- d-----w- C:\Documents and Settings\Antonio\Dados de aplicativos\bsbandmltbpi

2011-04-11 00:16:27 . 2011-04-11 21:02:00 -------- d-----w- C:\Documents and Settings\Antonio\Dados de aplicativos\mediabarbs

2011-04-11 00:15:32 . 2011-04-11 00:20:12 -------- d-----w- C:\Documents and Settings\Antonio\Configurações locais\Dados de aplicativos\BearShare

2011-04-11 00:14:42 . 2011-04-11 00:23:05 -------- d-----w- C:\Arquivos de programas\BearShare Applications

2011-04-11 00:10:37 . 2011-04-11 00:10:37 -------- d-----w- C:\Documents and Settings\Antonio\Configurações locais\Dados de aplicativos\PackageAware

2011-04-09 17:23:43 . 2011-04-09 17:23:49 -------- d-----w- C:\Documents and Settings\Antonio\Dados de aplicativos\Printer Info Cache

2011-04-09 17:23:39 . 2011-04-10 00:04:38 -------- d-----w- C:\Documents and Settings\Antonio\Dados de aplicativos\Image Zone Express

2011-04-09 16:05:24 . 2011-04-09 23:48:23 -------- d-----w- C:\UniScan

2011-04-09 16:05:16 . 2007-01-17 05:19:12 438272 ----a-r- C:\WINDOWS\system32\hp2436co.dll

2011-04-09 16:05:14 . 2008-04-13 14:45:36 15104 -c--a-w- C:\WINDOWS\system32\dllcache\usbscan.sys

2011-04-09 16:05:14 . 2008-04-13 14:45:36 15104 ----a-w- C:\WINDOWS\system32\drivers\usbscan.sys

2011-04-09 16:04:49 . 2011-04-09 16:04:49 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2011-04-09 16:04:48 . 2011-04-09 16:04:48 -------- d-----w- C:\Arquivos de programas\Hewlett-Packard

2011-03-24 17:09:35 . 2011-03-24 17:09:38 -------- d-----w- C:\Arquivos de programas\Microsoft Silverlight

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-30 12:20:02 . 2010-09-13 20:27:49 46600 ----a-w- C:\WINDOWS\system32\drivers\GbpKm.sys

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b558ef17-3612-40c3-b954-419a460bf9f1}"= "C:\Arquivos de programas\Softonic.BR\prxtbSof0.dll" [2011-01-17 14:54:02 175912]

"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "C:\Arquivos de programas\Discover_USA\prxtbDis0.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{b558ef17-3612-40c3-b954-419a460bf9f1}]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

2011-01-17 14:54:02 175912 ----a-w- C:\Arquivos de programas\Discover_USA\prxtbDis0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b558ef17-3612-40c3-b954-419a460bf9f1}]

2011-01-17 14:54:02 175912 ----a-w- C:\Arquivos de programas\Softonic.BR\prxtbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b558ef17-3612-40c3-b954-419a460bf9f1}"= "C:\Arquivos de programas\Softonic.BR\prxtbSof0.dll" [2011-01-17 14:54:02 175912]

"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "C:\Arquivos de programas\Discover_USA\prxtbDis0.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{b558ef17-3612-40c3-b954-419a460bf9f1}]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B558EF17-3612-40C3-B954-419A460BF9F1}"= "C:\Arquivos de programas\Softonic.BR\prxtbSof0.dll" [2011-01-17 14:54:02 175912]

"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "C:\Arquivos de programas\Discover_USA\prxtbDis0.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{b558ef17-3612-40c3-b954-419a460bf9f1}]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 01:12:18 3872080]

"TomTomHOME.exe"="C:\Arquivos de programas\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 09:38:16 247144]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-27 21:28:45 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 20:28:22 577536]

"VTTimer"="VTTimer.exe" [2006-09-21 15:36:18 53248]

"VTTrayp"="VTtrayp.exe" [2007-05-15 09:31:50 200704]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 18:57:24 153136]

"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 18:55:46 1628208]

"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 18:55:26 1057328]

"avast5"="C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2011-01-13 08:47:34 3396624]

"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 14:44:46 248552]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 03:47:42 31016]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 00:17:32 49152]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 08:44:43 35760]

"Adobe ARM"="C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 01:07:44 932288]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 22:21:26 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:20:56 15360]

C:\Documents and Settings\Antonio\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Windows Search.lnk - C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 01:19:02 304128]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2011-02-18 18:50:10 346568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2011-03-17 01:06:28 352536 ----a-w- C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-03-30 12:19:20 505736 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2011-02-18 18:50:10 346568 ----a-w- C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\GbpKm.sys [13/9/2010 17:27:49 46600]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [13/9/2010 11:50:00 294608]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [13/9/2010 11:50:01 17744]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [13/9/2010 17:27:42 56712]

R2 TomTomHOMEService;TomTomHOMEService;C:\Arquivos de programas\TomTom HOME 2\TomTomHOMEService.exe [24/8/2010 06:38:18 92008]

S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [13/9/2010 19:56:26 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Conteúdo da pasta 'Tarefas Agendadas'

2011-04-19 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-13 22:56:26 . 2010-09-13 22:56:24]

2011-04-19 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-09-13 22:56:26 . 2010-09-13 22:56:24]

------- Scan Suplementar -------

uStart Page = hxxp://www.viafacil.com.br/

IE: E&xport to Microsoft Excel - C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

Trusted Zone: bancoreal.com.br\www

Trusted Zone: realsecureweb.com.br\www

Trusted Zone: realsecureweb.com.br\www2

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: secureweb.com.br\www

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)

Toolbar-10 - (no file)

HKLM-Run-hpqSRMon - (no file)

AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-19 18:49:21

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(680)

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

Tempo para conclusão: 2011-04-19 18:52:09

ComboFix-quarantined-files.txt 2011-04-19 21:51:52

Pré-execução: 6 pasta(s) 49.958.506.496 bytes disponíveis

Pós execução: 9 pasta(s) 51.086.475.264 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E43E80642F27D2C80F2B8C5884BDAE48

wings · Abril 19, 2011

OK...log limpo.

*Renomei o Combofix para Uninstall

*Execute-o

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

Um abraço.

Flavia Elaine · Abril 19, 2011

Obrigada!!!! :)

wings · Abril 19, 2011

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido] &nbspComputador lento

Recommended Posts

Flavia Elaine 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Flavia Elaine 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Flavia Elaine 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Flavia Elaine 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Fixar div até atingir uma certa altura

Ajuda com Extends e envio para o banco

PHP+Codeginiter - Orientação para Impressão

Fóruns

Tempo Real

Informação importante