Remoção de vírus

Salve Mr. Wolf!!!!!!!!!

Passei a ferramenta e ele excluiu o conficker. Consegui já baixar e instalar a atualização de segurança, direto da microsoft...

Muitoooo Obrigada mesmo pela ajuda...
Preciso fazer mais alguma coisa pra certificar que está tudo certo??
 
Mr.Wolf disse:
Ok amigo healer, vamos lá então:

- Baixe o Avenger e salve no desktop;

● Extraia a ferramenta do zip para o desktop;
● Copie este texto abaixo:

Código: 
Begin copying here:
Files to delete:
C:\Windows\System32\drivers\gbpkm.sys

Folders to delete:
C:\Windows\Downloaded Program Files\GbPlugin
C:\Program Files (x86)\GbPlugin

ATENÇÃO: Este script acima foi prepado somente para o caso do amigo healer. Não repitam o mesmo procedimento em seus computadores!

● Execute o programa Avenger, dando dois cliques em avenger.exe;
● Clique no menu Load Script > Paste from Clipboard;
● Clique no botão Execute > Yes > OK;
● Seu computador será reiniciado;
● Será gerado um log em C:\avenger.txt

Cole o log do Avenger em sua próxima resposta healer. Cole também um novo log do OTListIt2.
Clique para expandir...


Mr.Wolf, o log avanger.txt não foi gerado. Fiz o que você disse acima, ele reinicio meu computador mais não tem o log.

Porque será?
 
Amiga Carol, vamos ver como está:

Acesse o site abaixo e verifique se consegue visualizar as seis imagens:

http://www.joestewart.org/cfeyechart.html

Acesse aos sites abaixo e veja se consegue também:

http://www.microsoft.com/en/us/default.aspx
http://brazil.kaspersky.com/products/HomeProducts.php?c_id=sem_ggl_bd_latm_kaspersky
http://www.f-secure.com/en_EMEA/

Se tiver sucesso em todos os sites acima, ótimo! O Conficker foi removido. :)

Então pode reativar a restauração do sistema, excluir o KidoKiller e HijackThis (se quiser, depois baixe-o novamente) e desinstale e reinstale o antivirus (o Conficker danifica-o).
 
healer disse:

Mr.Wolf, o log avanger.txt não foi gerado. Fiz o que você disse acima, ele reinicio meu computador mais não tem o log.

Porque será?
Clique para expandir...
Estranho healer...

Creio que o Avenger não rodou! Verifique se as pastas do GbPlugin ainda existem aí.
 
Mr.Wolf disse:
Estranho healer...

Creio que o Avenger não rodou! Verifique se as pastas do GbPlugin ainda existem aí.
Clique para expandir...

Sim está tudo aqui, eu pensei em algo, veja se concordas comigo...

Eu tenho 2 partições com Windows Seven e Windows Vista, eu poderia entrar na partição do Windows Vista no qual o GBPluguin não esta ativo e deletar os arquivos na mão mesmo, já que o mesmo não criou chaves em meu registro.

O que achas?
 
Mr Wolf, executei o combofix, ele gerou log, porém não reiniciou o micro??!!!:cry:
é normal?
Obrigada mais uma vez....
:wave:
 

Attachments

  • ComboFix.txt
    143.4 KB · Visitas: 118
Mr.Wolf disse:
Opa luisednardo, siga as instruções abaixo:

As entradas marcadas em azul acima são legítmas. Acalme-se que os programas não serão removidos do computador, apenas da inicialização. Pois há um Backdoor.Agent no log, e as entradas em azul são do Software Manager, se permanecerem na inicialização junto com o backdoor após a nova inicialização, a infecção retornará à máquina. Depois se quiser e achar necessário, coloque as entradas novamente na inicialização.
Clique para expandir...

Não precisa colocá-las novamente não Mr Wolf. Vou postar os logs
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\arquivos de programas\adobe\reader 8.0\reader\reader_sl.exe
+ egui Eset GUI (Verified) ESET, spol. s r.o. c:\arquivos de programas\eset\eset smart security\egui.exe
+ NBKeyScan Nero BackItUp (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero backitup\nbkeyscan.exe
+ NeroFilterCheck NeroCheck (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\lib\nerocheck.exe
+ RemoteControl PowerDVD RC Service (Not verified) Cyberlink Corp. c:\arquivos de programas\cyberlink\powerdvd\pdvdserv.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre6\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler (Verified) RealNetworks, Inc. c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\lib\nmbgmonitor.exe
+ Google Update Google Installer (Verified) Google Inc c:\documents and settings\k\configurações locais\dados de aplicativos\google\update\googleupdate.exe
+ Uniblue RegistryBooster 2009 File not found: C:\Arquivos de programas\Uniblue\RegistryBooster\RegistryBooster.exe /S
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ scpLIB scpIBLoad Module (Verified) Scopus Tecnologia c:\arquivos de programas\scpad\scplib.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CompIBBrd scpIBLoad Module (Verified) Scopus Tecnologia c:\arquivos de programas\scpad\scplib.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ GbPlugin ShlObj Gbieh Module (Verified) Banco do Brasil S.A. c:\arquivos de programas\gbplugin\gbieh.dll
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ Cover Designer Cover Designer (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero coverdesigner\coveredextension.dll
+ Eset Smart Security - Context Menu Shell Extension Shell Extension (Verified) ESET, spol. s r.o. c:\arquivos de programas\eset\eset smart security\shellext.dll
+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero backitup\nbshell.dll
+ WinRAR c:\arquivos de programas\winrar\rarext.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ WinRAR c:\arquivos de programas\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\arquivos de programas\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
+ PIDirectoryHook c:\arquivos de programas\arcsoft\photoimpression 5\share\pihook.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ NeroDigitalColumnHandler Class Nero Digital Shell Extension (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\lib\nerodigitalext.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ Eset Smart Security - Context Menu Shell Extension Shell Extension (Verified) ESET, spol. s r.o. c:\arquivos de programas\eset\eset smart security\shellext.dll
+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero backitup\nbshell.dll
+ WinRAR c:\arquivos de programas\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Eset Smart Security - Context Menu Shell Extension Shell Extension (Verified) ESET, spol. s r.o. c:\arquivos de programas\eset\eset smart security\shellext.dll
+ Extensão do 'Painel de controle' para panorâmica de vídeo File not found: deskpan.dll
+ GbPlugin ShlObj Gbieh Module (Verified) Banco do Brasil S.A. c:\arquivos de programas\gbplugin\gbieh.dll
+ NeroCoverEd Live Icons Cover Designer (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero coverdesigner\coveredextension.dll
+ NeroDigitalIconHandler Nero Digital Shell Extension (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandler Nero Digital Shell Extension (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\lib\nerodigitalext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ WinRAR shell extension c:\arquivos de programas\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Facilitador de Leitor de Link Adobe PDF Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelper.dll
+ GbIehObj Class Gbieh Module (Verified) Banco do Brasil S.A. c:\arquivos de programas\gbplugin\gbieh.dll
+ Java(tm) Plug-In 2 SSV Helper Java(TM) Platform SE binary (Not verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
+ JQSIEStartDetectorImpl Class Java(TM) Quick Starter binary (Not verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
+ RealPlayer Download and Record Plugin for Internet Explorer RealPlayer Download and Record Plugin for Internet Explorer (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rpbrowserrecordplugin.dll
+ ssh2 Class scpsssh2 Module (Verified) Scopus Tecnologia c:\arquivos de programas\scpad\scpsssh2.dll
Task Scheduler
+ GoogleUpdateTaskUserS-1-5-21-2052111302-1677128483-1417001333-1003.job Google Installer (Verified) Google Inc c:\documents and settings\k\configurações locais\dados de aplicativos\google\update\googleupdate.exe
+ Norton Security Scan for K.job Norton Security Scan (Verified) Symantec Corporation c:\arquivos de programas\norton security scan\nss.exe
HKLM\System\CurrentControlSet\Services
+ Adobe LM Service AdobeLM Service (Not verified) Adobe Systems c:\arquivos de programas\arquivos comuns\adobe systems shared\service\adobelmsvc.exe
+ EhttpSrv Eset HTTP Server (Verified) ESET, spol. s r.o. c:\arquivos de programas\eset\eset smart security\ehttpsrv.exe
+ ekrn Eset Service (Verified) ESET, spol. s r.o. c:\arquivos de programas\eset\eset smart security\ekrn.exe
+ JavaQuickStarterService Prefetches JRE files for faster startup of Java applets and applications (Verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre6\bin\jqs.exe
+ Nero BackItUp Scheduler 3 Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP. (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero backitup\nbservice.exe
+ NMIndexingService Nero Home (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\lib\nmindexingservice.exe
HKLM\System\CurrentControlSet\Services
+ Afc Arcsoft(R) ASPI Shell (Not verified) Arcsoft, Inc. c:\windows\system32\drivers\afc.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ eamon Eset file on-access scanner (Verified) ESET, spol. s r.o. c:\windows\system32\drivers\eamon.sys
+ easdrv Eset AntiStealth driver (Verified) ESET, spol. s r.o. c:\windows\system32\drivers\easdrv.sys
+ epfw EPFW Filter Driver (Verified) ESET, spol. s r.o. c:\windows\system32\drivers\epfw.sys
+ Epfwndis Eset Personal Firewall NDIS filter (Verified) ESET, spol. s r.o. c:\windows\system32\drivers\epfwndis.sys
+ epfwtdi EPFW Filter Driver (Verified) ESET, spol. s r.o. c:\windows\system32\drivers\epfwtdi.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
+ vidc.ffds File not found: ffdshow.ax
+ vidc.xvid File not found: xvidvfw.dll
HKLM\Software\Classes\Filter
+ Sony Acoustic Mirror Sony Acoustic Mirror (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfmirror.dll
+ Sony Amplitude Modulation Sony XFX 3 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack3.dll
+ Sony Audio Restoration Sony Noise Reduction Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\noise reduction plug-in\sfnrpack.dll
+ Sony Chorus Sony XFX 1 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack1.dll
+ Sony Click and Crackle Removal Sony Noise Reduction Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\noise reduction plug-in\sfnrpack.dll
+ Sony Clipped Peak Restoration Sony Noise Reduction Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\noise reduction plug-in\sfnrpack.dll
+ Sony Distortion Sony XFX 3 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack3.dll
+ Sony ExpressFX Amplitude Modulation Sony ExpressFX 2 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx2.dll
+ Sony ExpressFX Chorus Sony ExpressFX 2 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx2.dll
+ Sony ExpressFX Delay Sony ExpressFX 2 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx2.dll
+ Sony ExpressFX Distortion Sony ExpressFX 1 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx1.dll
+ Sony ExpressFX Dynamics Sony ExpressFX 3 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx3.dll
+ Sony ExpressFX Equalization Sony ExpressFX 2 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx2.dll
+ Sony ExpressFX Flange/Wah-Wah Sony ExpressFX 1 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx1.dll
+ Sony ExpressFX Graphic EQ Sony ExpressFX 3 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx3.dll
+ Sony ExpressFX Noise Gate Sony ExpressFX 3 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx3.dll
+ Sony ExpressFX Reverb Sony ExpressFX 1 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx1.dll
+ Sony ExpressFX Stutter Sony ExpressFX 1 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx1.dll
+ Sony ExpressFX Time Stretch Sony ExpressFX 3 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfxpfx3.dll
+ Sony Flange/Wah-wah Sony XFX 3 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack3.dll
+ Sony Gapper/Snipper Sony XFX 3 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack3.dll
+ Sony Graphic Dynamics Sony XFX 2 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack2.dll
+ Sony Graphic EQ Sony XFX 2 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack2.dll
+ Sony Multi-Band Dynamics Sony XFX 2 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack2.dll
+ Sony Multi-Tap Delay Sony XFX 1 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack1.dll
+ Sony Noise Gate Sony XFX 2 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack2.dll
+ Sony Noise Reduction Sony Noise Reduction Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\noise reduction plug-in\sfnrpack.dll
+ Sony Pan Sound Forge Pan and Volume 1 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sffrgpnv.dll
+ Sony Paragraphic EQ Sony XFX 2 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack2.dll
+ Sony Parametric EQ Sony XFX 2 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack2.dll
+ Sony Pitch Shift Sony XFX 1 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack1.dll
+ Sony Reverb Sony XFX 1 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack1.dll
+ Sony Simple Delay Sony XFX 1 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack1.dll
+ Sony Smooth/Enhance Sony XFX 3 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack3.dll
+ Sony Time Stretch Sony XFX 1 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack1.dll
+ Sony Vibrato Sony XFX 3 Plug-In Pack (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfppack3.dll
+ Sony Volume Sound Forge Pan and Volume 1 (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sffrgpnv.dll
HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ AC3Filter File not found: C:\Arquivos de programas\XP Codec Pack\filters\ac3filter.ax
+ CoreAAC Audio Decoder CoreAAC c:\windows\system32\coreaac.ax
+ CoreAVC Video Decoder CoreAVC DirectShow Video Decoder (Not verified) CoreCodec, Inc. c:\arquivos de programas\quicktime alternative\directshow\coreavcdecoder.ax
+ CustomFrameGrabber Filter Viscom Frame (Not verified) Viscom Software www.viscomsoft.com c:\windows\system32\viscomframe.dll
+ CyberLink Audio Decoder CyberLink Audio Decoder Filter (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\audiofilter\claud.ax
+ CyberLink Audio Effect (PDVD6) CyberLink Audio Effect Filter (Not verified) CyberLink Corporation c:\arquivos de programas\cyberlink\powerdvd\audiofilter\claudfx.ax
+ CyberLink Audio Spectrum Analyzer (PDVD6) CLAudSpa.ax (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\audiofilter\claudspa.ax
+ CyberLink AudioCD Filter (PDVD6) CyberLink AudioCD Filter (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\audiofilter\claudiocd.ax
+ CyberLink Demux (PDVD6) MPEG-2 Dempltiplexer (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\navfilter\cldemuxer.ax
+ CyberLink DVD Navigator (PDVD6) CyberLink DVD Navigation Filter (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\navfilter\clnavx.ax
+ CyberLink Line21 Decoder (PDVD6) CyberLink Line21 Decoder Filter (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\videofilter\clline21.ax
+ Cyberlink SubTitle Importor (PDVD6) CLSubTitle.ax (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\videofilter\clsubtitle.ax
+ CyberLink TimeStretch Filter (PDVD6) CLAuTS.ax (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\audiofilter\clauts.ax
+ CyberLink Video/SP Decoder CyberLink Video/SP Filter (Not verified) CyberLink Corp. c:\arquivos de programas\cyberlink\powerdvd\videofilter\clvsd.ax
+ DTS/AC3/DD+ Source File not found: C:\Arquivos de programas\XP Codec Pack\filters\dtsac3source.ax
+ Dump Audio Encoder (Not verified) Viscom Software c:\windows\system32\viscomaudioencoder.dll
+ DV Scenes DV-Timecode based Scenechange Detection (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero vision\nvdv.dll
+ DV Source Filter DV-Timecode based Scenechange Detection (Verified) Nero AG c:\arquivos de programas\nero\nero8\nero vision\nvdv.dll
+ iPodShow viscomdata1.dll (Not verified) Viscom Software Viscom Software c:\windows\system32\viscomdata1.dll
+ MP4 Source MP4 Splitter (Not verified) Gabest c:\arquivos de programas\quicktime alternative\directshow\mp4splitter.ax
+ MP4 Splitter MP4 Splitter (Not verified) Gabest c:\arquivos de programas\quicktime alternative\directshow\mp4splitter.ax
+ MPEG-2 PSI Reader Filter Mpeg2PsiReader (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\nerocaptureapi\mpeg2psireader.ax
+ MPEG4 Video Source MP4 Splitter (Not verified) Gabest c:\arquivos de programas\quicktime alternative\directshow\mp4splitter.ax
+ MPEG4 Video Splitter MP4 Splitter (Not verified) Gabest c:\arquivos de programas\quicktime alternative\directshow\mp4splitter.ax
+ NeAudio2 Nero Audio Decoder 2 (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neaudio2.ax
+ NeAudioRender Nero Audio Renderer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neaudiorender.ax
+ Nero Audible Decoder Nero Audible Decoder (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neaudible.ax
+ Nero Audio CD Filter Nero Audio CD Source Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neaudcd.ax
+ Nero Audio CD Navigator Nero Audio CD Source Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neaudcd.ax
+ Nero Audio Transcoder Audio Transcoding Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\netranscoder.ax
+ Nero AV Synchronizer Audio/Video Synchronizer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neavsync.ax
+ Nero Closed Captioning Multiplexer Closed Captioning Multiplexer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\nerocaptureapi\neccmultiplexer.ax
+ Nero Colorspace Converter Colorspace Converter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\necolorspace.ax
+ Nero Deinterlace Deinterlacing Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nedeinterlace.ax
+ Nero Digital Audio Encoder 8 AAC LC/HE Audio Encoder (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nendaud.ax
+ Nero Digital File Writer 8 NeroDigital File Format Muxer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nendmux.ax
+ Nero Digital Muxer 8 NeroDigital File Format Muxer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nendmux.ax
+ Nero Digital Null Renderer 8 NeroDigital File Format Muxer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nendmux.ax
+ Nero Digital Subpicture Enc 8 NeroDigital File Format Muxer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nendmux.ax
+ Nero Digital Video Enc 8 MPEG4 and H.264 (AVC) Video Encoder (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nendvid.ax
+ Nero DV Splitter DV Splitter Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nedvsplitter.ax
+ Nero DVD Decoder MPEG-1/2/4 & AVC video decoder w/ DxVA (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nevideo.ax
+ Nero DVD Navigator DVD Navigator Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nedvd.ax
+ Nero Elementary Stream Parser Nero Elementary Stream Parser (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neesparser.ax
+ Nero File Source (Async.) Nero Home (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nefilesourceasync.ax
+ Nero FLV Splitter Nero FLV Splitter Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neflvsplitter.ax
+ Nero Frame Capture Direct Show frame grabber filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\necapture.ax
+ Nero Framerate Converter Framerate Conversion DirectShow Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neframerate.ax
+ Nero FTC Frame Time Corrector Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\nerocaptureapi\neftc.ax
+ Nero HD Audio Mixer Nero Audio Mixer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nehdaudiomixer.ax
+ Nero InteractiveGraphics Decoder Graphics Decoder Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nebdgraphic.ax
+ Nero MP3 Encoder MP3 Encoding Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nemp3encoder.ax
+ Nero MP4 Splitter MP4 Splitter Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nemp4splitter.ax
+ Nero Mpeg2 Encoder MPEG 1/2 encoder filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nevcr.ax
+ Nero Ogg Splitter Ogg Splitter Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neoggsplitter.ax
+ Nero Photo Source Nero Home (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nephotosource.ax
+ Nero PresentationGraphics Decoder Graphics Decoder Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nebdgraphic.ax
+ Nero PS Muxer PS Muxer Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nepsmuxer.ax
+ Nero QuickTime(tm) Audio Decoder QuickTime(tm) Decoder Wrapper (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neqtdec.ax
+ Nero QuickTime(tm) Video Decoder QuickTime(tm) Decoder Wrapper (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neqtdec.ax
+ Nero Resize Resizing Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neresize.ax
+ Nero Sample Queue Sample Queue Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\nerocaptureapi\nesamplequeue.ax
+ Nero Scene Change Detector Scene Change Detector (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nescenedetector.ax
+ Nero Scene Change Detector Scene Change Detector (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nescenedetector.ax
+ Nero Sound Processor Nero Sound Processor (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nesoundproc.ax
+ Nero Splitter Splitter Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nesplitter.ax
+ Nero Stream Buffer Sink Nero Stream Buffer Engine (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nesbe.ax
+ Nero Stream Buffer Source Nero Stream Buffer Engine (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nesbe.ax
+ Nero Stream Control Stream Control Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\nerocaptureapi\nestreamcontrol.ax
+ Nero Subpicture Decoder Nero Subpicture Decoder (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nesubpicture.ax
+ Nero Subtitle Subtitle Renderer & Mixer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nesubtitle.ax
+ Nero Teletext Decoder Teletext Decoder Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\neteletext.ax
+ Nero Thumbnail Decoder Thumbnail Decoder Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nebdthumbnail.ax
+ Nero Vcd Navigator Nero Vcd Navigator Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nevcd.ax
+ Nero Video Analyzer Nero Video Analyzer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nevideoanalyzer.ax
+ Nero Video Decoder MPEG-1/2/4 & AVC video decoder w/ DxVA (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nevideo.ax
+ Nero Video Decoder HD Nero HD Video Decoder (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nevideohd.ax
+ Nero Video Processor Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nerovideoproc.ax
+ Nero Video Renderer Nero Video Renderer (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nevideorenderer.ax
+ NeroVobuGenerator Nero Vobu Generator (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nerovobugenerator.ax
+ NeSoundSwitch Nero Sound Switcher (Verified) Nero AG c:\arquivos de programas\arquivos comuns\nero\dsfilter\nesoundswitch.ax
+ PSPShow visomdata2.dll (Not verified) Viscom Software www.viscomsoft.com c:\windows\system32\viscomdata2.dll
+ RealAudio Decoder RealMedia Splitter (Not verified) Gabest c:\windows\system32\realmediasplitter.ax
+ RealMedia Source RealMedia Splitter (Not verified) Gabest c:\windows\system32\realmediasplitter.ax
+ RealMedia Splitter RealMedia Splitter (Not verified) Gabest c:\windows\system32\realmediasplitter.ax
+ RealMediaEncoder Filter RealMedia Encoder (Not verified) Viscom Software www.viscomsoft.com c:\windows\system32\viscomrmencoder.dll
+ RealPlayer Audio Filter Audio Filter Plugin (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rdsf3260.dll
+ RealPlayer Transcode Filter Audio Filter Plugin (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rdsf3260.dll
+ RealPlayer Video Filter Audio Filter Plugin (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rdsf3260.dll
+ RealVideo Decoder RealMedia Splitter (Not verified) Gabest c:\windows\system32\realmediasplitter.ax
+ Render Dib Special Effects Sample (Not verified) ArcSoft c:\arquivos de programas\arcsoft\photoimpression 5\modules\browser\ezrgb24.ax
+ Sample Grabber Filter Grabber Filter (Sample) (Not verified) Microsoft Corporation c:\windows\system32\samplegrabber.ax
+ Sony Wave Hammer Sony Wave Hammer (Verified) Sony Creative Software Inc c:\arquivos de programas\sony\shared plug-ins\audio\sfhammer.dll
+ Subtitle Source File not found: C:\WINDOWS\system32\DVobSub.ax
+ TextImageTrans Filter Tranform Filter (Not verified) Viscom Software www.viscomsoft.com c:\windows\system32\viscomtran.dll
+ Viscomsoft Mpeg Encoder viscomdata3.dll (Not verified) Viscom Software www.viscomsoft.com c:\windows\system32\viscommpgenc.dll
+ WAV Dest (Not verified) Viscom Software c:\windows\system32\viscomwave.dll
+ Xvid MPEG-4 Video Decoder File not found: C:\WINDOWS\system32\xvid.ax
+ ZJSoft RealAudio Decoder File not found: C:\Arquivos de programas\WinAVI Video Converter\Filter\RealMediaSplitter.ax
+ ZJSoft RealMedia Source File not found: C:\Arquivos de programas\WinAVI Video Converter\Filter\RealMediaSplitter.ax
+ ZJSoft RealMedia Splitter File not found: C:\Arquivos de programas\WinAVI Video Converter\Filter\RealMediaSplitter.ax
+ ZJSoft RealVideo Decoder File not found: C:\Arquivos de programas\WinAVI Video Converter\Filter\RealMediaSplitter.ax
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ GbPluginBb Gbieh Module (Verified) Banco do Brasil S.A. c:\arquivos de programas\gbplugin\gbieh.dll
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:34, on 15/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
C:\Documents and Settings\K\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\TeamViewer\Version4\TeamViewer.exe
C:\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\WINDOWS\TEMP\E_S545.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Arquivos de programas\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\K\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FC4022-DAC5-4253-BEF1-92F47D4B320B}: NameServer = 200.165.132.155 200.149.55.140
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

--
End of file - 7583 bytes
 
Dá uma olhada nesse log pra mim

Logfile of HijackThis v1.99.1
Scan saved at 23:55:13, on 15/05/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Marcus FX\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Marcus FX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcus FX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marcus FX\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcus FX\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{F653CCFB-277E-4092-B3E3-30CFCE64FA26}: NameServer = 200.149.55.142 200.165.132.154
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
 
Intao kara acontece assim.

To mexeno aki normal ai do nada ele desliga(n reinicia).
Ai eu ligo de novo ele da uns 5 seg desliga de novo.
Ai ligo de novo da uns 15 seg desliga.
Ai ligo ele funciona normal.

Tipo qdo to sÓ na net ele demora pta desliga
as vezes fika o dia todo sem desliga.(mesmo assim ema hora deslig)

se eu abri un jogo ai passa uns 10 min ele desliga.

Tenhu esse pc a 2 anos nunka akonteceu isso.

Eu axei q era virus pois eu nao tava usano antivirus >.<

espero q possa me ajudar.
 
Olá Mr Wolf, bom dia !!! Com o findkill eu consegui instalar e gerar o relatório vou postá-lo aqui e aguardo pela sua resposta. Lembrando que meu anti virus é o Avira e no momento não estou conseguindo executá-lo, logo na sexta linha já aparece o dito cujo que está me preocupando é este
C:\ARQUIV~1\GbPlugin\GbpSv.exe então está aqui o post:


############################## [ FindyKill V4.728 ]

# User : Administrador (Administradores) # CARRIJO
# Update on 13/05/09 by Chiquitine29
# Start at: 08:19:23 | 16/5/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 48,83 Go (17,59 Go free) # NTFS
# D:\ # Disco fixo local # 230,63 Go (83,84 Go free) [II] # NTFS
# E:\ # Disco fixo local # 111,78 Go (42,84 Go free) [III] # NTFS
# F:\ # Disco CD-ROM
# G:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Arquivos de programas\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrador\Dados de aplicativos\drivers\winupgro.exe
C:\WINDOWS\system32\wintems.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrador\Dados de aplicativos\m\flec006.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected processes stopped ]

"C:\Documents and Settings\Administrador\Dados de aplicativos\drivers\winupgro.exe" (344)
"C:\WINDOWS\system32\wintems.exe" (544)
"C:\Documents and Settings\Administrador\Dados de aplicativos\m\flec006.exe" (1096)

################## [ Infected Files / Folders ]

Found ! C:\WINDOWS\Prefetch\KEYGEN.EXE-2CFF99F1.pf
Found ! C:\WINDOWS\Prefetch\SERIAL.EXE-2C77891C.pf
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\drivers\down
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\drivers"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\drivers\downld"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\m"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\m\data.oct"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\m\flec006.exe"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\m\list.oct"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\m\shared"
Found ! "C:\Documents and Settings\Administrador\Dados de aplicativos\m\srvlist.oct"

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]

Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\Local AppWizard-Generated Applications\serial
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\FFC
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\MuleAppData
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1606980848-261903793-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Searching in removable drives ]


################## [ Registry / Mountpoints2 ]

# -> Not found !

################## [ ! End of report # FindyKill V4.728 ! ]
 
Mr. Wolf, eu acho que nao porque eu ainda tenho a pasta Recycler com o mesmo arquivo dentro...
isso se repete nos 2 pendrive e no HD externo, e se eu plugar um "pendrive Limpo" ele faz a copia e acusa o virus (no avast)

veja ai

recycler.jpg

edit... Valeuuu ai Mr, Wolf .


Formatei os pendrive e Resolveu.... não voltou mais.
Muito Obrigado, mesmo. De coração me salvo o dia....

abraçooos!!!
 
ÊÊÊÊÊÊÊÊÊ!!!!!
E Ñ FOI DESSA VEZ Q MEU PC ENTROU NA LUZ!!!
VALEU MR. WOLF, QUE DEUS TE PAGUE!!!
:yes:
taí os logs do usbfix e do hijackThis:
############################## [ UsbFix V3.021 # Cleaning ]

# User : usuario (Administradores) # DESKTOP
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 11:08:31 | 16/5/2009

# AMD Sempron(tm) Processor 2800+
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 76,32 Go (36,02 Go free) # NTFS
# D:\ # Disco CD-ROM
# E:\ # Disco CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avwsc.exe

################## [ Fichiers # Dossiers infectieux ]

C:\autorun.inf # -> fichier appelé : "C:\2.bat" ( absent ! )
Deleted ! C:\autorun.inf
Deleted ! C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\software\microsoft\shared tools\msconfig\startupreg\cdoosoft
Deleted ! HKLM\software\microsoft\shared tools\msconfig\startupreg\kamsoft
# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\...\Explorer\MountPoints2\{5660ee3c-3cbb-11de-8b7a-0016ecc90263}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{76ff906a-3a42-11de-8b6a-0016ecc90263}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{a92e4c87-f184-11dd-bb78-0016ecc90263}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ae55feee-1870-11de-bc6e-0016ecc90263}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c5b0f538-f1f8-11dd-bb79-0016ecc90263}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c5b0f539-f1f8-11dd-bb79-0016ecc90263}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{ee4cbba8-2b9b-11de-bcc2-0016ecc90263}\Shell\AutoRun\Command

################## [ Listing des fichiers présent ]

[02/02/2009 19:03|--a------|0] - C:\AUTOEXEC.BAT
[16/05/2009 10:26|---hs----|211] - C:\boot.ini
[28/10/2001 12:06|-rahs----|4952] - C:\Bootfont.bin
[02/02/2009 19:03|--a------|0] - C:\CONFIG.SYS
[29/12/2004 02:57|-ra------|17505] - C:\DBI.EXE
[02/02/2009 19:03|-rahs----|0] - C:\IO.SYS
[07/04/2009 11:01|-rahs----|0] - C:\khs
[07/04/2009 12:09|-rahs----|0] - C:\kht
[02/02/2009 19:03|-rahs----|0] - C:\MSDOS.SYS
[13/04/2008 09:43|-rahs----|47564] - C:\NTDETECT.COM
[13/04/2008 11:31|-rahs----|251696] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[16/05/2009 11:09|--a------|3810] - C:\UsbFix.txt
[25/02/2009 20:20|--a------|398] - C:\www5.exe
[25/02/2009 20:08|--a------|398] - C:\www_dialer.exe

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.021 ! ]
Clique para expandir...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:34, on 16/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{E050D8E8-0BA0-4591-86D8-70647C8E32C0}: NameServer = 200.165.132.155 200.149.55.140
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--
End of file - 5194 bytes
Clique para expandir...
 
Olá Mr. Wolf, estou com o pc aqui de casa, que estava dando o mesmo problema... não tinha conseguido acessar o site da microsoft e o link com as figuras, não via a primeira e a terceira. Segui todos os passos, passei a ferramenta da microsoft, porém ele não encontrou nada, mas depois disso tudo voltou a funcionar.
Segue o log para ver se tem mais alguma coisa...
Obrigada... Carol!!!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nanda at 2009-05-16 13:21:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (12%) free of 15 GB
Total RAM: 1280 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:47, on 16/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Documents and Settings\Nanda\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nanda\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nanda\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nanda\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nanda\Desktop\RSIT.exe
C:\Arquivos de programas\trend micro\Nanda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AutoLock] C:\Arquivos de programas\Justsoft WinPolicy\AutoLock.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1231535316093
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll
O23 - Service: WinPolicy AutoLock (AutoLock) - Unknown owner - C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

--
End of file - 7701 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-09 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 1803720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2009-01-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-03-25 271152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]
GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-03-27 264776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]
GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-01-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 1803720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2009-01-09 185872]
"SpywareTerminator"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2009-03-29 2233856]
"ISUSPM Startup"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"AutoLock"=C:\Arquivos de programas\Justsoft WinPolicy\AutoLock.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-03-25 271152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]
C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-03-27 264776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]
C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-03-25 271152]
"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-03-27 264776]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\ARQUIV~1\GbPlugin\gbiehuni.dll [2009-03-25 414624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"RestrictRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster"
"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\CABAL Online (BRAZIL)2\launcher\update\ESTdnheadless.exe"="D:\CABAL Online (BRAZIL)2\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\SopCast\adv\SopAdver.exe"="C:\Arquivos de programas\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Arquivos de programas\Internet Explorer\iexplore.exe"="C:\Arquivos de programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Arquivos de programas\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Arquivos de programas\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:programa de transferência de arquivos"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Combat Arms\CombatArms.exe"="D:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Combat Arms\Engine.exe"="D:\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12bc74e9-de98-11dd-af8a-000c6ef7bfcd}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a93194e-de96-11dd-af89-000c6ef7bfcd}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0c857df-e7af-11dd-afa7-000c6ef7bfcd}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======List of files/folders created in the last 2 months======

2009-05-16 13:21:38 ----D---- C:\rsit
2009-05-16 13:21:38 ----D---- C:\Arquivos de programas\trend micro
2009-05-16 13:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-16 11:46:45 ----A---- C:\report.txt
2009-05-16 11:19:29 ----A---- C:\KK.exe
2009-05-14 11:48:26 ----D---- C:\Arquivos de programas\Justsoft WinPolicy
2009-05-11 18:33:28 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-05-07 13:25:22 ----SHD---- C:\Config.Msi
2009-05-03 22:22:02 ----A---- C:\WINDOWS\SYMGAMES.INI
2009-04-26 11:09:06 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\teamspeak2
2009-04-24 22:40:48 ----A---- C:\WINDOWS\casino1.ini
2009-04-22 11:45:00 ----D---- C:\Arquivos de programas\MSECache
2009-04-22 11:29:42 ----A---- C:\WINDOWS\MegaManager.INI
2009-04-22 11:20:09 ----D---- C:\Arquivos de programas\MegauploadToolbar
2009-04-22 11:20:08 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\MegauploadToolbar
2009-04-22 10:02:05 ----D---- C:\downloads
2009-04-22 10:02:05 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\GrabPro
2009-04-22 10:01:58 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\Orbit
2009-04-18 20:22:21 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\Corel
2009-04-18 19:00:23 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield
2009-04-18 18:56:46 ----D---- C:\Arquivos de programas\Corel
2009-04-18 18:56:46 ----D---- C:\Arquivos de programas\Arquivos comuns\Corel
2009-04-18 16:13:54 ----A---- C:\WINDOWS\HEARTS.INI
2009-04-18 15:56:38 ----A---- C:\WINDOWS\EntPack.ini
2009-04-18 15:43:08 ----A---- C:\WINDOWS\EmSoft.ini
2009-04-12 22:32:02 ----D---- C:\Arquivos de programas\Jufsoft
2009-04-12 22:23:20 ----D---- C:\Arquivos de programas\Runtime Software
2009-04-12 22:17:30 ----D---- C:\Arquivos de programas\PowerDataRecovery
2009-04-12 22:02:47 ----D---- C:\Arquivos de programas\PC Inspector File Recovery
2009-04-04 14:50:53 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS
2009-04-03 08:57:14 ----D---- C:\Arquivos de programas\TVUPlayer
2009-04-03 08:56:26 ----D---- C:\Arquivos de programas\SopCast
2009-04-02 23:04:21 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\VistaCodecs
2009-04-02 18:06:24 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\GRETECH
2009-04-02 18:05:40 ----D---- C:\Arquivos de programas\GRETECH
2009-03-29 09:27:15 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\Spyware Terminator
2009-03-29 09:27:12 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator
2009-03-29 09:27:11 ----D---- C:\Arquivos de programas\Spyware Terminator
2009-03-29 09:01:13 ----D---- C:\Arquivos de programas\Arquivos comuns\EZB Systems
2009-03-29 09:01:12 ----D---- C:\Arquivos de programas\UltraISO
2009-03-23 22:46:57 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\Desktopicon
2009-03-23 22:46:55 ----D---- C:\Arquivos de programas\Unlocker
2009-03-19 08:15:09 ----A---- C:\Documents and Settings\Nanda\Dados de aplicativos\inst.exe
2009-03-19 08:15:08 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\Vso
2009-03-19 08:14:47 ----A---- C:\WINDOWS\system32\sipr3260.dll
2009-03-19 08:14:47 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-03-19 08:14:47 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-03-19 08:14:47 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-03-19 08:14:47 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-03-19 08:14:46 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-03-19 08:14:46 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-03-19 08:14:43 ----D---- C:\Arquivos de programas\VSO

======List of files/folders modified in the last 2 months======

2009-05-16 13:21:45 ----D---- C:\WINDOWS\Prefetch
2009-05-16 13:21:38 ----RD---- C:\Arquivos de programas
2009-05-16 13:16:33 ----SHD---- C:\System Volume Information
2009-05-16 13:12:00 ----D---- C:\WINDOWS\Temp
2009-05-16 13:11:16 ----AD---- C:\WINDOWS\system32\drivers
2009-05-16 13:10:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-16 13:06:33 ----D---- C:\WINDOWS
2009-05-16 13:06:06 ----D---- C:\WINDOWS\system32
2009-05-16 13:04:53 ----HD---- C:\WINDOWS\inf
2009-05-16 13:04:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-16 13:04:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-16 13:04:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-16 13:03:26 ----D---- C:\WINDOWS\system32\Restore
2009-05-16 12:01:03 ----D---- C:\WINDOWS\Debug
2009-05-16 11:48:08 ----D---- C:\WINDOWS\system32\config
2009-05-15 11:42:07 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2009-05-09 23:05:13 ----SHD---- C:\WINDOWS\Installer
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-06 19:00:13 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-27 18:10:01 ----D---- C:\Arquivos de programas\GbPlugin
2009-04-26 23:33:08 ----D---- C:\Arquivos de programas\Foxit Software
2009-04-25 14:41:43 ----SD---- C:\Documents and Settings\Nanda\Dados de aplicativos\Microsoft
2009-04-22 11:45:23 ----RSD---- C:\WINDOWS\Fonts
2009-04-22 11:45:16 ----D---- C:\Arquivos de programas\Microsoft Office
2009-04-22 11:45:13 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
2009-04-22 11:19:57 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2009-04-18 19:00:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-18 19:00:14 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield
2009-04-18 18:59:53 ----D---- C:\Arquivos de programas\Arquivos comuns\DESIGNER
2009-04-18 18:56:46 ----D---- C:\Arquivos de programas\Arquivos comuns
2009-04-12 18:41:01 ----SD---- C:\WINDOWS\Tasks
2009-04-02 18:18:15 ----D---- C:\WINDOWS\system
2009-03-31 00:52:28 ----A---- C:\WINDOWS\win.ini
2009-03-18 11:49:12 ----D---- C:\Documents and Settings\Nanda\Dados de aplicativos\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Arquivos de programas\UltraISO\drivers\ISODrive.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-19 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 achxadc;achxadc; \??\C:\WINDOWS\system32\02.tmp []
S3 aq7oawft;aq7oawft; C:\WINDOWS\system32\drivers\aq7oawft.sys []
S3 bzwrmjo;bzwrmjo; \??\C:\WINDOWS\system32\02.tmp []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 kidvqse;kidvqse; \??\C:\WINDOWS\system32\02.tmp []
S3 ktvnfhsxi;ktvnfhsxi; \??\C:\WINDOWS\system32\02.tmp []
S3 tgzky;tgzky; \??\C:\WINDOWS\system32\02.tmp []
S3 ucybbc;ucybbc; \??\C:\WINDOWS\system32\02.tmp []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 whocq;whocq; \??\C:\WINDOWS\system32\02.tmp []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva224;XDva224; \??\C:\WINDOWS\system32\XDva224.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-03-27 52808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-01-09 152984]
R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2009-03-29 540672]
S3 AutoLock;WinPolicy AutoLock; C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe [2006-09-27 93132]
S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

e o info
info.txt logfile of random's system information tool 1.06 2009-05-16 13:22:48

======Uninstall list======

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Arquivos de programas\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Advanced SystemCare 3-->"C:\Arquivos de programas\IObit\Advanced SystemCare 3\unins000.exe"
Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Atualização para Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
BadCopy Pro-->C:\ARQUIV~1\Jufsoft\BadCopy\UNWISE.EXE C:\ARQUIV~1\Jufsoft\BadCopy\INSTALL.LOG
BR-->MsiExec.exe /I{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}
CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"
Celestia 1.4.1-->"C:\Arquivos de programas\Celestia\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.5.1.135-->"C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe"
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Foxit PDF IFilter-->MsiExec.exe /I{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}
Foxit Reader-->C:\Arquivos de programas\Foxit Software\Foxit Reader\Uninstall.exe
GetDataBack for FAT-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}\setup.exe" -l0x9 -removeonly
GOM Player-->"C:\Arquivos de programas\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Los Sims 2-->C:\Arquivos de programas\EA GAMES\Los Sims 2\EAUninstall.exe
MegaUpload Toolbar-->C:\Arquivos de programas\MegauploadToolbar\uninstall.exe
Messenger Plus! 3-->"C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MV RegClean 5.5-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.5\unins000.exe"
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1046}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Pando Media Booster-->C:\Arquivos de programas\Pando Networks\Media Booster\uninst.exe
PC Inspector File Recovery-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
Power Data Recovery 4.0.0-->"C:\Arquivos de programas\PowerDataRecovery\unins000.exe"
RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SopCast 3.0.3-->C:\Arquivos de programas\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spyware Terminator-->"C:\Arquivos de programas\Spyware Terminator\unins000.exe"
TeamSpeak 2 RC2-->D:\Matheus\Teamspeak2_RC2\unins000.exe
The Sims 2 - Aberto Para Negócios-->C:\Arquivos de programas\EA GAMES\The Sims 2 - Aberto Para Negócios\EAUninstall.exe
Tomb Raider II-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Core Design\Tomb Raider II\Uninst.isu"
UltraISO Premium V9.33-->"C:\Arquivos de programas\UltraISO\unins000.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}
Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}
Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======System event log======

Computer Name: NANDA-333D03935
Event Code: 7036
Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.

Record Number: 301
Source Name: Service Control Manager
Time Written: 20090516113920.000000-180
Event Type: Informações
User:

Computer Name: NANDA-333D03935
Event Code: 7035
Message: O serviço Gerenciador de conexão de acesso remoto recebeu com êxito um controle Iniciar.

Record Number: 300
Source Name: Service Control Manager
Time Written: 20090516113919.000000-180
Event Type: Informações
User: NANDA-333D03935\Nanda

Computer Name: NANDA-333D03935
Event Code: 7036
Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado interrompido.

Record Number: 299
Source Name: Service Control Manager
Time Written: 20090516113915.000000-180
Event Type: Informações
User:

Computer Name: NANDA-333D03935
Event Code: 7036
Message: O serviço IMAPI CD-Burning COM Service entrou no estado interrompido.

Record Number: 298
Source Name: Service Control Manager
Time Written: 20090516113815.000000-180
Event Type: Informações
User:

Computer Name: NANDA-333D03935
Event Code: 7036
Message: O serviço WinPolicy AutoLock entrou no estado executando.

Record Number: 297
Source Name: Service Control Manager
Time Written: 20090516113813.000000-180
Event Type: Informações
User:

=====Application event log=====

Computer Name: NANDA-333D03935
Event Code: 0
Message:
Record Number: 436
Source Name: NMIndexingService
Time Written: 20090117220256.000000-120
Event Type: Informações
User:

Computer Name: NANDA-333D03935
Event Code: 1800
Message: O Serviço da Central de Segurança do Windows foi iniciado.

Record Number: 435
Source Name: SecurityCenter
Time Written: 20090117220252.000000-120
Event Type: Informações
User:

Computer Name: NANDA-333D03935
Event Code: 4096
Message:
Record Number: 434
Source Name: Avira AntiVir
Time Written: 20090117220250.000000-120
Event Type: Informações
User: AUTORIDADE NT\SYSTEM

Computer Name: NANDA-333D03935
Event Code: 0
Message:
Record Number: 433
Source Name: Nero BackItUp Scheduler 3
Time Written: 20090117220247.000000-120
Event Type: Informações
User:

Computer Name: NANDA-333D03935
Event Code: 101
Message: msnmsgr (3324) O mecanismo de banco de dados parou.

Record Number: 432
Source Name: ESENT
Time Written: 20090117182544.000000-120
Event Type: Informações
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

desde já te agradeço....
 
Oi Mr.Woooolf tdo bem contigo??

Migo fiz tdo q me passou certinho sem pular nenhuma parte, primeiro usei aquele primeiro programa normal e nao sei se ele achou virus pq fechou sozinho msm como vc disse e depois fui em modo de segurança e passei o outro programa q achou mais de 20 virus aKééee hauahauahauahaua :eek: meu pc ta um campo minado de virus em Mr.Wolf???? ABAAAAFAAA o caso kkkkkkkkkkk :)

Bom depois de fazer isso tdo fiz um novo log como vc me orientou e saiu esse daqui agora.......i ai meu pc ta reagindo bem ou ta uma porcaria como sempre foi hauahauahauahaua :fun:

Brigadaaaaaaaa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01:09, on 16/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Home\CONFIG~1\Temp\Rar$EX00.192\Hijack This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.35 72\swg.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WS Codecs] C:\Arquivos de programas\Codecs Pack
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SafestMail - {B0494CB9-A494-4218-8558-798F8BBAF4B0} - www.sa4o.com (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{672B438C-95CE-49DD-91FA-9A061C15DE76}: NameServer = 200.216.52.58 200.216.52.60
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7987 bytes



BJUSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS

Mari :wave:
 
Putz, este topico aki a tanto tempo e eu só o li agora, muito bom cara, parabens, pegarei este programa para ver como esta aki !

Valeeeu!
 
xxxAKIRAxxx disse:
Intao kara acontece assim.

To mexeno aki normal ai do nada ele desliga(n reinicia).
Ai eu ligo de novo ele da uns 5 seg desliga de novo.
Ai ligo de novo da uns 15 seg desliga.
Ai ligo ele funciona normal.

Tipo qdo to sÓ na net ele demora pta desliga
as vezes fika o dia todo sem desliga.(mesmo assim ema hora deslig)

se eu abri un jogo ai passa uns 10 min ele desliga.

Tenhu esse pc a 2 anos nunka akonteceu isso.

Eu axei q era virus pois eu nao tava usano antivirus >.<

espero q possa me ajudar.
Clique para expandir...

Amigo xxxAKIRAxxx,
antes de mais nada verifica a temperatura do seu processador, é muito provável que seja isso. Vc pode checar isso de diversas formas, existem vários programas para isso ou até mesmo pela própria BIOS (SETUP) da máquina (Hardware Monitor). Nunca vi caso de um vírus fazer o computador desligar totalmente sem prévio aviso, já vi reiniciar. Outra opção seria testar com outra fonte, pois é ela quem fornece energia para seu PC todo, e se ela estiver com algum defeito intermitente ela pode apresentar defeito ora sim, ora não. O caso do vírus o Mr Wolf irá dar o veredito se é ou não, eu só percebi mesmo o ASKTOOLBAR, mas fica aí a dica.
 
Ahhh Mr.Wolf disculpa ta te encomodando dinovo mais é q ate entao nao to entrando em meu orkut desde aquele problema da comu falsa e dos virus....sera q ja posso entrar, gostaria de saber de vc q sabe concerteza sabera se ja posso ou nao??? pq tipo assim, nao vivo sem orkut sabe??? hauahauahauahauahua

Eu tbm troquei a senha dele como vc falou antes pra mim trocar depois q passei aquele bankerfix lembra??

Ahh e soh mais uma duvidasinha plissss?? eu tenho q trocar as senhas do msn, facebook, my space e outras coisas q eu tenho tbm, tipo uns sites de pintura, de desenhar e etc???

Mto obrigado por tdo q tem feito por mim

Vc é 10000000000000000000000000000000000000000000000000000

Te love hauahaua

Bjusssssssssssssssss
 
Mr. Wolf os logs q eu mandei foi pra ver se tem mais alguma coisa, tá?
Alias, quando eu executei o msconfig eu vi os itens: Rundll 32 e ctfmon, isso é vírus ou é do sistema?:p
 
Olá pessoal, boa tarde!

healer disse:
Sim está tudo aqui, eu pensei em algo, veja se concordas comigo...

Eu tenho 2 partições com Windows Seven e Windows Vista, eu poderia entrar na partição do Windows Vista no qual o GBPluguin não esta ativo e deletar os arquivos na mão mesmo, já que o mesmo não criou chaves em meu registro.

O que achas?
Clique para expandir...
healer, não sabia que você possuía um dual boot no computador. Boa idéia a sua, pode tentar isso sim. Não sei se já tentou isso, mas caso não tenha tentado ainda, tente, e me diga depois. Se não der certo continuaremos fazendo a remoção por ferramentas.

O Avenger não rodou, provavelmente foi um bug da ferramenta. O que não nos impede de tentar com outras.

__________________________________


vimed, é normal o computador não reiniciar sim. Isso realmente pode ou não acontecer. Siga a instrução no spoiler abaixo vimed:

Selecione e copie o texto abaixo. Cole-o no Bloco de Notas e salve-o no desktop como CFScript.txt

Código: 
Folder::
C:\FindyKill
File::
c:\windows\Downloaded Program Files\w4sgeen9.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc12d83c-3195-11de-8729-001e90c33f11}]
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Como está o PC vimed, houve melhora?
_________________________________


luisednardo, abra o log do Autoruns e adicione as seguintes linhas dentro do spoiler no começo do log:

Open registry:: /s /r /i [Y] /8/9 GB

Open folders string's:: /d /g /f -> IIII [O]

Nature / AcT -> Remove line -> HKEY_CURRENT_USER/Software/*.reg.exe -> infection présent <- line out {7}

BACKDOORS < category R2 >

Close
Clique para expandir...
Salve a modificação e rode novamente o Autoruns.

Poste o novo log dele juntamente com um novo log do HijackThis.
_________________________________


Marcus FX, o log está limpo :)

Algum problema?

_________________________________


Urso, o arquivo GbpSv.exe não é vírus. É um plugin de segurança instalado por bancos online para garantir a transação dos dados do cliente e etc, caso acesse-os.

Execute novamente o FindyKill. Tecle E + Enter;
Na outra tela tecle 2 + Enter para a remoção.

Poste o novo log que será gerado em sua proxima resposta Urso, e siga também as instruções do spoiler abaixo:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
_________________________________


karolz, Rundll32 e ctfmon fazem parte do sistema sim, não são vírus. Siga as instruções dentro do spoiler abaixo amiga Karol:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.
_________________________________


carolgsn, em seus logs não há entradas relacionadas ao Conficker. Porém, há outras infecções. Uma recomendação amiga Carol: Não utilize aquele comando do KidoKiller que lhe passei anteriormente para a remoção do Conficker em todos os computadores. Pois aquele comando não serve e não é eficaz para qualquer computador, é um script especial para cada computador, ou seja, deve ser elaborado para o PC em questão. ;)

Siga as instruções do spoiler abaixo Carol:

- Faça o download do OTMoveIt3 e salve no desktop;

● Dê um duplo clique no ícone do programa (OTMoveIt3) para executá-lo;
● Selecione e copie todo este conteúdo aqui abaixo:

Código: 
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12bc74e9-de98-11dd-af8a-000c6ef7bfcd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a93194e-de96-11dd-af89-000c6ef7bfcd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0c857df-e7af-11dd-afa7-000c6ef7bfcd}]

:Services
aq7oawft
bzwrmjo
kidvqse
ktvnfhsxi
tgzky

:Files
C:\Documents and Settings\Nanda\Dados de aplicativos\inst.exe
C:\WINDOWS\system32\drivers\aq7oawft.sys
C:\WINDOWS\system32\02.tmp

:Commands
[emtytemp]
[reboot]

● Cole o que você copiou no programa (no espaço em branco da janela);
● Clique no botão MoveIt;
● Se aparecer uma mensagem para reiniciar o computador, reinicie-o;
● Na sua proxima resposta, copie e cole o todo o conteúdo que está em Results;
● Se o computador reiniciou, vá na pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Poste um novo log do RSIT.
_________________________________


Mariana SMS, já pode acessar seu Orkut sim. E troque também as senhas do MSN, Facebook, MySpace e outros. Siga as instruções abaixo amiga Mariana:

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.
 
Não nada, o computador está normal, o problema é que aqueles três arquivos que ficavam lá que você falou que era normal apareceu mais um.

Não sei se tem nada haver. E se eu apago ele ele cria de novo

avast.jpg
 
A última atualização do Avast incluiu mais este arquivo mesmo no sistema do antivirus amigo Marcus. Não há com que se preocupar com isso.

Outro detalhe: Quando o Avast encontra vírus/malwares eles não vão para este local de sua imagem. Vão para Arquivos Infectados. Não há como adicionar ou remover arquivos deste local aí.

Não aconselho a você forçar a remoção destes arquivos Marcus. Afinal eles estão aí para o seu próprio bem. Diria que estes arquivos são um dos mais cruciais do Windows.
 
Então não há nada de errado? Até porque na parte ARQUIVOS INFECTADOS não tem nada!
 
Não, é necessário?
 
Mais Problemas...

_________________________________


vimed, é normal o computador não reiniciar sim. Isso realmente pode ou não acontecer. Siga a instrução no spoiler abaixo vimed:

Selecione e copie o texto abaixo. Cole-o no Bloco de Notas e salve-o no desktop como CFScript.txt

Código: 
Folder::
C:\FindyKill
File::
c:\windows\Downloaded Program Files\w4sgeen9.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc12d83c-3195-11de-8729-001e90c33f11}]
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

CFScript.gif


● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Como está o PC vimed, houve melhora?

-----------Mr. Wolf......

Tivemos um pequeno probleminha....:ranting3::nugget::no:
Tentei de tudo para desativar totalmente o antivírus(Avira) mas mesmo assim o Combofix acusou q ele estava ativo ainda....:eek:
Fiquei com receio de rodá-lo e dar algum problema na máquina....:cry:
Tentei entender alguma coisa no "help" do Avira, mas é tudo em inglês, tentei desativa-lo via propt de comando mas tb não consegui...então? o q fazer?:confused:
Em relação ao funcionamento, a internet continua lenta, não sei o q há, até na Net já liguei...:mad::no:
Obrigada!:wave:


____________________________________
 

Attachments

  • Tela Mr Wolf.jpg
    Tela Mr Wolf.jpg
    117.9 KB · Visitas: 163
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 2 (membros: 0, visitantes: 2)
Voltar
Topo