Logo Hardware.com.br
suporte.ara
suporte.ara Novo Membro Registrado
30 Mensagens 0 Curtidas

[Resolvido] Log do Hijackthis

#1 Por suporte.ara 27/04/2009 - 08:37
Sou novo aqui, mas já conheço um pouco o forum. Queria que voçês me ajudassem com este log do hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36:52, on 27/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\xpgscrts.exe
C:\WINDOWS\system32\gread32.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\usuario\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [MeAll] C:\WINDOWS\system32\xpgscrts.exe
O4 - HKLM\..\Policies\Explorer\Run: [Inside] C:\WINDOWS\system32\gread32.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB90ADD9-22E0-4A97-9E2C-0B0BE37A61C7}: NameServer = 200.225.197.37,200.225.197.34
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5513 bytes
micro forum conheco log trend v202 hijackthis logfile ajudassem
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
27/04/2009 - 08:58
bom_trabalho.gif Olá suporte.ara! Seja bem-vindo ao Fórum Guia do Hardware.

veja.png A versão que você está usando do Avira Antivir está desatualizada. Desinstale-o e baixe o novo Avira Antivir Personal 9 Free.

Para instalar, configurar e usar corretamente o Avira antivir é só seguir as dicas destes tutoriais:

Tutorial do Avira Antivir 9 free (instalação e configuração)

Tutorial do Avira Antivir 9 free (como usá-lo corretamente)
_______________________________________________________________

veja.png Depois de instalar e configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, faça um escaneamento completo com o Avira Antivir e à medida em que forem sendo achados vírus e programas espiões vá enviando eles para a quarentena. Depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.
_______________________________________________________________

veja.png Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados.

Ficamos no aguardo de sua resposta.
suporte.ara
suporte.ara Novo Membro Registrado
30 Mensagens 0 Curtidas
#3 Por suporte.ara
27/04/2009 - 11:35
Obrigado pela ajuda.


Avira AntiVir Personal
Report file date: segunda-feira, 27 de abril de 2009 09:58
Scanning for 1366100 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Save mode
Username : Administrador
Computer name : CASA2
Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/aaaa 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/aaaa 12:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/aaaa 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/aaaa 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/aaaa 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/aaaa 16:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/aaaa 00:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 4/16/aaaa 12:39:47
ANTIVIR3.VDF : 7.1.3.114 160256 Bytes 4/27/aaaa 12:39:50
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/aaaa 21:36:42
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 4/27/aaaa 12:40:09
AESCN.DLL : 8.1.1.10 127348 Bytes 4/27/aaaa 12:40:07
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/aaaa 22:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 4/27/aaaa 12:40:05
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/aaaa 00:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 4/27/aaaa 12:40:01
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/aaaa 00:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 4/27/aaaa 12:39:54
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/aaaa 18:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 4/27/aaaa 12:39:52
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/aaaa 18:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/aaaa 12:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/aaaa 14:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/aaaa 18:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/aaaa 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/aaaa 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/aaaa 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/aaaa 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/aaaa 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/aaaa 14:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/aaaa 15:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/aaaa 14:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: segunda-feira, 27 de abril de 2009 09:58
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
C:\WINDOWS\system32\xpgscrts.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
C:\WINDOWS\system32\gread32.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
The registry was scanned ( '55' files ).

Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\bed4b8f1570b95005887590ffb4da0\admparse.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\advpack.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\browseui.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\corpol.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\custsat.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\dxtmsft.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\dxtrans.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\extmgr.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\hmmapi.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\icardie.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieakeng.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieaksie.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieakui.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieapfltr.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\iedkcs32.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\iedw.exe
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieencode.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieframe.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\iepeers.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieproxy.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\iernonce.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\iertutil.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\iesetup.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\ieui.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\iexplore.exe
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\imgutil.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\inseng.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\jscript.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\jsproxy.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\licmgr10.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\msfeeds.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\msfeedsbs.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\mshtml.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\mshtmled.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\mshtmler.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\msls31.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\msrating.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\mstime.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\occache.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\pngfilt.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\shdocvw.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\shlwapi.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\spmsg.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\spuninst.exe
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\url.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\urlmon.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\vbscript.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\vgx.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\webcheck.dll
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\winfxdocobj.exe
[WARNING] The file could not be opened!
C:\bed4b8f1570b95005887590ffb4da0\wininet.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Documentos\yivpyh.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
C:\Documents and Settings\usuario\Desktop\bkp ana maria\abvtad.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
C:\WINDOWS\SoftwareDistribution\Download\b7c41e8037fa5a48ba02c3c217ed362c\BIT7.tmp
[0] Archive type: CAB (Microsoft)
--> nv4_disp.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\gread32.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
C:\WINDOWS\system32\xpgscrts.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
Beginning disinfection:
C:\WINDOWS\system32\xpgscrts.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
[NOTE] The file was deleted!
C:\WINDOWS\system32\gread32.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Documentos\yivpyh.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
[NOTE] The file was deleted!
C:\Documents and Settings\usuario\Desktop\bkp ana maria\abvtad.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
[NOTE] The file was deleted!
C:\WINDOWS\system32\gread32.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
[NOTE] The file was deleted!
C:\WINDOWS\system32\xpgscrts.exe
[DETECTION] Contains recognition pattern of the SPR/AutoIt.Gen program
[NOTE] The file was deleted!

End of the scan: segunda-feira, 27 de abril de 2009 11:27
Used time: 1:24:14 Hour(s)
The scan has been done completely.
4669 Scanned directories
349062 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
6 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
52 Files cannot be scanned
349004 Files not concerned
1402 Archives were scanned
54 Warnings
7 Notes
_________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:41, on 27/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\arquivos de programas\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\usuario\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [MeAll] C:\WINDOWS\system32\xpgscrts.exe
O4 - HKLM\..\Policies\Explorer\Run: [Inside] C:\WINDOWS\system32\gread32.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB90ADD9-22E0-4A97-9E2C-0B0BE37A61C7}: NameServer = 200.225.197.37,200.225.197.34
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5391 bytes
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#4 Por Power Max
27/04/2009 - 12:03
bom_trabalho.gif 6 problemas foram removidos pelo Avira.

veja.png Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

- Faça o download do Malwarebytes Anti-Malware.
* Faça a instalação dando um duplo clique em "mbam-setup.exe";
*Selecione a linguagem Português (Brasil)
*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"
*Se alguma atualização existir, o download será automático
*Não faça ainda scan!!!
*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).
* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal
*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"
*Clique no botão: "Verificar"
* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”
*Ao término do scan, clique em "OK" > "Mostrar Resultados"
*Selecione todas as entradas e clique em "Remover Selecionados"
*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"
*Um log será apresentado com o resultado das ações
*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.
*Ao término do processo, reinicie o PC em Modo Normal.
* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.
*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

Ficamos no aguardo de sua resposta.
suporte.ara
suporte.ara Novo Membro Registrado
30 Mensagens 0 Curtidas
#5 Por suporte.ara
27/04/2009 - 14:21
Malwarebytes' Anti-Malware 1.36
Database version: 2047
Windows 5.1.2600 Service Pack 3
4/27/aaaa 14:10:27
mbam-log-2009-04-27 (14-10-27).txt
Scan type: Full Scan (C:\|)
Objects scanned: 150941
Time elapsed: 55 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__gbpluginbb (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Inside (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbieh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\MEGATRON.ini (Malware.Trace) -> Quarantined and deleted successfully.


_____________________



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:48, on 27/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\usuario\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [MeAll] C:\WINDOWS\system32\xpgscrts.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB90ADD9-22E0-4A97-9E2C-0B0BE37A61C7}: NameServer = 200.225.197.37,200.225.197.34
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5136 bytes
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#6 Por Power Max
27/04/2009 - 19:13
bom_trabalho.gif Mais outros problemas foram removidos pelo Malwarebytes.

veja.png Baixe o programa Avenger no link abaixo e extraia o conteúdo para o desktop (área de trabalho):
http://swandog46.geekstogo.com/avenger2/download.php

*Selecione e copie (Ctrl+C) todo o texto dentro do Código (caixa cinza) abaixo:

Files to delete:

C:\WINDOWS\system32\xpgscrts.exe
*Execute o programa Avenger
*Clique em [Load Script] > [Paste from Clipboard]
*Clique em [Execute] > [OK]
*O PC será reiniciado
*Um relatório será criado em C:\avenger.txt
________________________________________________________________

veja.png Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

O4 - HKLM\..\Policies\Explorer\Run: [MeAll] C:\WINDOWS\system32\xpgscrts.exe
________________________________________________________________

veja.png Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

Tutorial do antivirus Nod32 Online

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\EsetOnlineScanner\log

Na sua próxima resposta poste este log do Nod32 Online juntamente com o relatório que estará em C:\avenger.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir todos estes procedimentos.

Ficamos no aguardo de sua resposta.
suporte.ara
suporte.ara Novo Membro Registrado
30 Mensagens 0 Curtidas
#7 Por suporte.ara
28/04/2009 - 11:03
Muito obrigado pela ajuda que me vem prestando. Fiz os procedimentos citados e a maquina melhorou muito o desempenho, consideravelmente.

Segue os outros logs:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4039 (20090428)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=71fb16a4c8a2a140ab93d42e2964319d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-28 01:34:30
# local_time=2009-04-28 10:34:30 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=5.1.2600 NT Service Pack 3
# scanned=351481
# found=3
# scan_time=1334631
C:\Arquivos de programas\GbPlugin\gbieh.dll probably a variant of Win32/Genetik trojan (deleted (after the next restart)) 1D5FA9FD81D9E4BBD075DC83FD57BBE9
C:\Arquivos de programas\GbPlugin\gbieh.dll »PECompact v2.xx probably a variant of Win32/Genetik trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\system32\autorun.inf INF/Autorun.gen trojan (unable to clean - deleted) 00000000000000000000000000000000


_______________________


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\xpgscrts.exe" not found!
Deletion of file "C:\WINDOWS\system32\xpgscrts.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.
*******************
Finished! Terminate.


________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:37, on 28/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\DOCUME~1\usuario\CONFIG~1\Temp\Rar$EX00.828\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uai.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB90ADD9-22E0-4A97-9E2C-0B0BE37A61C7}: NameServer = 200.225.197.37,200.225.197.34
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4451 bytes
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#8 Por Power Max
28/04/2009 - 15:39
bom_trabalho.gif Mais outros problemas foram removidos pelo Nod32 Online.
___________________________________________________

veja.png Faça um escaneamento com o Spyware Doctor seguindo as dicas deste tutorial:

Tutorial do Spyware Doctor Starter Edition

Depois disto poste o log do Spyware Doctor juntamente com um novo log do Hijackthis e o log do Avenger em C:\avenger.txt e nos diga como está o seu PC depois disto.

Ficamos no aguardo.
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#9 Por Wings
28/04/2009 - 17:08
Antonio Vieira S disse:
bom_trabalho.gif Mais outros problemas foram removidos pelo Nod32 Online.
___________________________________________________

veja.png Exclua o log do Avenger que está em C:\avenger.txt

*Selecione e copie (Ctrl+C) todo o texto dentro do Código (caixa cinza) abaixo:

Files to delete:

C:\Arquivos de programas\GbPlugin\gbieh.dll
*Execute o programa Avenger
*Clique em [Load Script] > [Paste from Clipboard]
*Clique em [Execute] > [OK]
*O PC será reiniciado
*Um relatório será criado em C:\avenger.txt
___________________________________________________



Plugin bancário!!

Tem certeza que deseja remover?
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal