Banhoterapia

Oi pessoal,
Acredito que o meu pc esteja infectado porque eu tento entrar num bankline e como eu não tenho certeza se posso mencionar o nome do banco colocarei assim:
http://www.banco.com.br eu digito assim o endereço e ele muda para isso
http://www.banco.com.br/.html/banco.html
eu percebi que tinha algo errado pois ele pediu que eu colocasse as chaves (todas elas e não somente uma) de segurança que estavam no meu cartão, sendo que eu não tenho cartão e sim um aparelho que fornece a tal chave para que eu possa realizar os precedimentos no bankline. Liguei pra minha gerente e ela disse que eu não fizesse mais nada porque isso era virus. A questão é que quando digito o endereço do banco no meu computador ele é redirecionado para esse site que é uma fraude, porem isso só acontece com meu pc, pois eu fui em outro computador e digitei o site do banco e o link aparece certinho sem as extenções /.html/banco.html que aparece quando eu acesso o meu micro. O pior é que quando eu digito www.hotmail.com aparece assim http://www.hotmail.com/.html/hotmail.html e só esta acontecendo com esses dois sites o que me faz desconfiar que pode ser aguma coisa que se instalou através do msn. Os outros links e links de site de busca por exemplo estão entrando normalmente. Meu antivirus avast não detectou...eu estou passado o activescan da panda, vamos ver se ele detecta alguma coisa.
Mas caso alguém já tenha passado por isso ou saiba como resolver me ajude por favor. Ah eu desinstalei o messenger do meu pc.

brando lee

vamos fazer um analize

1: faça o download do ((RunScanner)) e salve no desktop, e extraia o conteudo que vem compactado em zip
http://superdownloads.uol.com.br/dow...anner-windows/

2: executa-o, e selecione ((expert mode)) e clique em ok.

3: em seguida clique no botão ((scan computer)) aguarde o termino aparecerá os arquivos listados.

4: ao termino do scan, clique em ((save. log file)), salve com qualquer nome que voce quiser, quando salvar abrirá um log automatico copia ele todo e cola aqui.

Banhoterapia

Runscanner logfile
* = signed file
- = file not found
General info
------------
Computer name : MARCOS
Creation time : 17/6/2009 16:52:11
Hosts <> 127.0.0.1 : 19
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.8.1.0
User Language : Português (Brasil)
User rights : Administrator
Windows folder : C:\WINDOWS
Running processes
-----------------
* C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
* C:\ARQUIV~1\MI3AA1~1\rapimgr.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
* C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
* C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
* C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
* C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Apple Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
* C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
* C:\ARQUIV~1\GbPlugin\GbpSv.exe ( )
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
C:\Arquivos de programas\palmOne\Hotsync.exe (PalmSource, Inc)
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
* C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
* C:\Arquivos de programas\iPod\bin\iPodService.exe (Apple Inc.)
* C:\Arquivos de programas\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
* C:\WINDOWS\system32\SearchFilterHost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\SearchIndexer.exe (Microsoft Corporation)
* C:\WINDOWS\system32\SearchProtocolHost.exe (Microsoft Corporation)
* C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
* C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
* C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe (Nero AG)
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
* C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
* C:\Documents and Settings\Marcos e Alexandra\Desktop\runscanner\RunScanner.exe (Runscanner.net)
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
* C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Unrated items
-------------
002 * C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
002 C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
002 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe (InstallShield Software Corporation)
002 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
002 C:\WINDOWS\system32\NvCpl.dll (NVIDIA Corporation)
002 C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Corporation)
002 C:\WINDOWS\system32\nwiz.exe
002 C:\Arquivos de programas\QuickTime\qttask.exe (Apple Inc.)
004 C:\Arquivos de programas\palmOne\Hotsync.exe (PalmSource, Inc)
004 C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
004 C:\Arquivos de programas\palmOne\register.exe (palmOne/Leader Technologies)
005 C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
005 C:\Arquivos de programas\palmOne\Hotsync.exe (PalmSource, Inc)
005 C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
010 C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe LM Service)
010 * C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 * C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (FLEXnet Licensing Service)
010 * C:\ARQUIV~1\GbPlugin\GbpSv.exe (Gbp Service)
010 C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)
010 C:\WINDOWS\system32\IoctlSvc.exe (PLFlash DeviceIoControl Service)
010 C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe (ProtexisLicensing)
010 C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace)
011 C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile USB Driver)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 C:\WINDOWS\System32\DLA\DLABOIOM.SYS (DLABOIOM)
011 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (DLACDBHM)
011 C:\WINDOWS\System32\DLA\DLADResN.SYS (DLADResN)
011 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (DLAIFS_M)
011 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (DLAOPIOM)
011 C:\WINDOWS\System32\DLA\DLAPoolM.SYS (DLAPoolM)
011 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (DLARTL_N)
011 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (DLAUDF_M)
011 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (DLAUDFAM)
011 C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (DRVMCDB)
011 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (DRVNDDM)
011 * C:\WINDOWS\system32\drivers\GbpKm.sys (Gbp KernelMode)
011 * C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR ASPI Filter Driver)
011 C:\WINDOWS\System32\Drivers\SPCA561.SYS (ICatch (VI) PC Camera)
011 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (nv)
011 * C:\WINDOWS\system32\drivers\pavboot.sys (pavboot)
011 C:\WINDOWS\system32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS (WAN Miniport (PPP over Ethernet Protocol))
050 * C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
050 C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) {56F9679E-7826-4C84-81F3-532071A8BCC5}
051 * C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda) {A3717295-941D-416F-9384-ED1736729F1C}
052 C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
052 * C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil) {C41A1C0E-EA6C-11D4-B1B8-444553540000}
052 C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9}
052 C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
052 * C:\Arquivos de programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda) {2E3C3651-B19C-4DD9-A979-901EC3E930AF}
060 * C:\Arquivos de programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda) {A3717295-941D-416F-9384-ED1736729F1C}
061 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {DE902992-61FC-4A01-8091-53E1895C9775}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {F9633464-9E18-4C06-9D3A-E131C036A9FA}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {7DDDBFE0-09C4-4680-9E13-8CE7D00EDE57}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {DE902994-61FC-4A01-8091-53E1895C9775}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {7DDDBFE2-09C4-4680-9E13-8CE7D00EDE57}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {DE902993-61FC-4A01-8091-53E1895C9775}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {F9633465-9E18-4C06-9D3A-E131C036A9FA}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {7DDDBFE1-09C4-4680-9E13-8CE7D00EDE57}
061 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF}
061 C:\WINDOWS\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
061 C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 * C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
061 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
061 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
061 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
061 C:\Arquivos de programas\SWF.max\Media\3AE733\Binary\shellex.dll (.max) {2BAA9D4E-F9A4-40B5-A78B-D4FD327015C2}
061 C:\Arquivos de programas\SWF.max\Media\3AE733\Binary\shellex.dll (.max) {24BB90B3-F3B3-4FE9-9E87-57801F7D3418}
061 C:\Arquivos de programas\SWF.max\Media\3AE733\Binary\shellex.dll (.max) {B58CCE75-7F83-4825-9E6C-EEF3CB0AA88B}
061 C:\Arquivos de programas\Windows Desktop Search\msnlExt.dll (Microsoft Corporation) {13E7F612-F261-4391-BEA2-39DF4F3FA311}
062 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) {8EF5DC20-419C-4E43-A088-DE5B5625CA47}
067 * C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Banco do Brasil)
100 Start Page HKCU : http://www.google.com.br/
104 C:\WINDOWS\Downloaded Program Files\iestm32.dll (Learn.com, Inc.) {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB}
104 C:\Progra~1\Citrix\icaweb32\WFICA.OCX (Citrix Systems, Inc.) {238F6F83-B8B4-11CF-8771-00A024541EE3}
104 * C:\WINDOWS\Downloaded Program Files\as2stubie.dll (Panda Security) {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
104 * C:\WINDOWS\Downloaded Program Files\IEGetPlugin.ocx (NOS Microsystems Ltd.) {459E93B6-150E-45D5-8D4B-45C66FC035FE}
104 C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX (Akamai Technologies, Inc.) {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
104 * C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx (Aurigma, Inc.) {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 * C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbpdist.dll {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931}
105 Download all by YouTube Robot : res://C:\Arquivos de programas\YouTubeRobot\RobotExt.ocx/ALL.HTM
105 Download by YouTube Robot : res://C:\Arquivos de programas\YouTubeRobot\RobotExt.ocx/LINK.HTM
105 E&xportar para o Microsoft Excel : res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
107 C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)
120 NameServer {EE1AA09D-E89E-4729-BD87-EA95D635CB5D} : 200.149.55.140 200.165.132.147
170 {4374967a-59c6-11dd-a1ff-001bb99f4a54} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
170 {8068e49f-31c7-11dd-a1ad-001bb99f4a54} : RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
170 {c1f5c019-396b-11dd-a1ce-001bb99f4a54} : H:\laucher.exe
170 {ce8ac926-4eaf-11de-96b0-001bb99f4a54} : H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
173 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
229 C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
229 C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
231 * c:\Arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll (Corel Corporation) CDR Column Info
Missing files
-------------
002 C:\Windows\kys7r.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
063 helpwin
104 C:\WINDOWS\system32\Adobe\Director\SwDir.dll
214

brando lee

seu pendriver ou mp3 esta contaminado por virus.

*Baixe o programa USBFIX http://www.cijoint.fr/cjlink.php?fil...cijIF2X98T.zip

e salve-o no desktop
*Desative temporariamente seu antivírus
*Instale o programa (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter)
*Duplo clique no ícone criado no desktop
*Espete o Pendrive no PC e não remova-o até o final do procedimento!
*Aguarde o PC ser reiniciado.
*Ao reiniciar o PC a ferramenta será executada automaticamente. Clique em [Continue] e aguarde...
*Ao receber a mensagem "Nettoyage effectue!", tecle [ENTER]
*Cole o relatório criado em C:\UsbFix.txt.

************************************************** **

e depois faça esse procedimento.

1: baixe essa ferramenta ((mawarebytis)), no link abaixo
http://www.baixaki.com.br/download/m...ti-malware.htm

2: instale-o e atualisa o banco de dados de vírus, quando termina executa-o seleciona ((scan completo))
e clique em ((verificar agora))

3: quando termina o scam clique em ((exibir relatório)) e abrira um log automatico copia esse log e cola aqui no fórum.


4: e se detectou algum virus clique em ((remover selecionados)) esses virus serão mandado para quarentena. ser for preciso ele pedira pra renicia o pc abrira uma janela clique em ((sim)) pra renicia o pc e completar a remoção dos virus.

Banhoterapia

Oi brando,
Que coisa hein?! Você sabe que esses dias uma amiga trouxe pra mim um arquivo no pendrive e assim que espetei no pc o avast detectou o virus, e eu mandei remover, mas pelo jeito não foi o que aconteceu. Eu liguei pra ela e pedi pra trazer o pendrive aqui, vou fazer o procedimento que você disse, e assim que tiver terminado copio o log aqui pra você ver.
Obrigada um abraço Alexandra.

brando lee

então por enquanto faça um scan com esse programa no seu PC.

**********************************************

1: baixe essa ferramenta ((mawarebytis)), no link abaixo
http://www.baixaki.com.br/download/m...ti-malware.htm

2: instale-o e atualisa o banco de dados de vírus, quando termina executa-o seleciona ((scan completo))
e clique em ((verificar agora))

3: quando termina o scam clique em ((exibir relatório)) e abrira um log automatico copia esse log e cola aqui no fórum.


4: e se detectou algum virus clique em ((remover selecionados)) esses virus serão mandado para quarentena. ser for preciso ele pedira pra renicia o pc abrira uma janela clique em ((sim)) pra renicia o pc e completar a remoção dos virus.

Banhoterapia

Tá fazendo o scan e assim que terminar eu posto o log, obrigada!

Banhoterapia

TERMINOU O SCAN E O RESULTADO FOI ESSE:
Malwarebytes' Anti-Malware 1.38
Versão do banco de dados: 2299
Windows 5.1.2600 Service Pack 3
17/6/2009 20:54:26
RELATORIO
Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|F:\|G:\|)
Objetos verificados: 326262
Tempo decorrido: 1 hour(s), 49 minute(s), 46 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 3
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
c:\WINDOWS\Fonts\Acquaintance.zip (Worm.Archive) -> No action taken.
c:\WINDOWS\Fonts\gabriele-magurno_steiner.zip (Worm.Archive) -> No action taken.
c:\WINDOWS\Fonts\steiner-ligth.zip (Worm.Archive) -> No action taken.

brando lee

abra o malwarebytes e clique na aba quarentena verifique se tem algu lá se tiver, clique em remover todos.


se não tiver nada na quarentena os virus não foi removidos, vc tem que reniciar o PC para remover os virus.

Banhoterapia

Consegui scanear com o USBfix o resultado foi esse:

-------------- UsbFix V2.414 ---------------
* User : Marcos e Alexandra - MARCOS
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 23:35:34 le qua 17/06/2009
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE

--------------- [ Informations lecteurs ] ----------------

C: - Unidade de disco fixo
D: - Unidade de disco fixo
F: - Unidade de disco fixo
G: - Unidade de disco fixo
H: - Unidade de disco remov¡vel

+- Contenu de l'autorun : C:\autorun.inf


+- Contenu de l'autorun : D:\autorun.inf


+- Contenu de l'autorun : F:\autorun.inf


+- Contenu de l'autorun : G:\autorun.inf


+- Contenu de l'autorun : H:\autorun.inf

--------------- [ Lecteur C ] ----------------
C: - Unidade de disco fixo

+- Listing des fichiers présents :
[03/06/2008 19:58][--a--c---] C:\AUTOEXEC.BAT
[02/03/2006 09:00][-rahs----] C:\NTDETECT.COM
[06/01/2009 13:45][--a--c---] C:\avg_free_stf_pb_8_176a1399.exe
[03/06/2008 19:54][---hsc---] C:\boot.ini
[17/06/2009 21:04][d--h-c---] C:\autorun.inf
[17/06/2009 23:35][--a--c---] C:\UsbFix.txt
[17/06/2009 23:35][--a--c---] C:\Vaccin.txt
[03/06/2008 19:58][--a--c---] C:\CONFIG.SYS
[03/06/2008 19:58][--a--c---] C:\IO.SYS
[03/06/2008 19:58][--a--c---] C:\MSDOS.SYS
[03/06/2008 19:58][--a--c---] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Unidade de disco fixo

+- Listing des fichiers présents :
[11/02/2004 06:56][--a------] D:\AUTOEXEC.BAT
[04/08/2004 02:38][-rahs----] D:\NTDETECT.COM
[01/06/2009 00:30][--a------] D:\dvdarchitectstudio45d_enu.exe
[01/06/2009 00:30][--a------] D:\mbam-setup.exe
[09/03/2007 10:45][---hs----] D:\boot.ini
[17/06/2009 21:04][d--h-----] D:\autorun.inf
[11/02/2004 06:56][--a------] D:\CONFIG.SYS
[11/02/2004 06:56][--a------] D:\IO.SYS
[11/02/2004 06:56][--a------] D:\MSDOS.SYS
--------------- [ Lecteur F ] ----------------
F: - Unidade de disco fixo

+- Listing des fichiers présents :
[17/06/2009 21:04][d--h-----] F:\autorun.inf
--------------- [ Lecteur G ] ----------------
G: - Unidade de disco fixo

+- Listing des fichiers présents :
[17/06/2009 21:04][d--h-----] G:\autorun.inf
--------------- [ Lecteur H ] ----------------
H: - Unidade de disco remov¡vel

+- Listing des fichiers présents :
[17/06/2009 21:04][d--h-----] H:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com.br/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\run]
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
H/PC Connection Agent="C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run\AdobeUpdater=
<NO NAME>=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SoundMan=SOUNDMAN.EXE
DLA=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
NeroFilterCheck=C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
NBKeyScan="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
avast!=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
EPSON Stylus C43 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ E_S08IC1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
ISUSPM Startup=C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISU SPM.exe -startup
ISUSScheduler="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
SunJavaUpdateSched="C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSN=C:\Windows\kys7r.exe
AppleSyncNotifier=C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Arquivos de programas\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------


-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [17/06/2009 23:44] C:\autorun.inf
Supprimé ! - [17/06/2009 23:44][d----c---] C:\autorun.inf
Echec de la supression !! - [17/06/2009 23:44] D:\autorun.inf
Supprimé ! - [17/06/2009 23:44][d--------] D:\autorun.inf
Echec de la supression !! - [17/06/2009 23:44] F:\autorun.inf
Supprimé ! - [17/06/2009 23:44][d--------] F:\autorun.inf
Echec de la supression !! - [17/06/2009 23:44] G:\autorun.inf
Supprimé ! - [17/06/2009 23:44][d--------] G:\autorun.inf
Echec de la supression !! - [17/06/2009 21:04] H:\autorun.inf
Supprimé ! - [17/06/2009 21:04][d--------] H:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[03/06/2008 19:58][--a--c---] C:\AUTOEXEC.BAT
[02/03/2006 09:00][-rahs----] C:\NTDETECT.COM
[06/01/2009 13:45][--a--c---] C:\avg_free_stf_pb_8_176a1399.exe
[03/06/2008 19:54][---hsc---] C:\boot.ini
[11/02/2004 06:56][--a------] D:\AUTOEXEC.BAT
[04/08/2004 02:38][-rahs----] D:\NTDETECT.COM
[01/06/2009 00:30][--a------] D:\dvdarchitectstudio45d_enu.exe
[01/06/2009 00:30][--a------] D:\mbam-setup.exe
[09/03/2007 10:45][---hs----] D:\boot.ini

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
G:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

Banhoterapia

Entrei no malwarebytes e tinham 3 virus removi todos e agora?

Banhoterapia

Oi Bramdo, tudo bem? Então agora fui acessar o site do hotmail, e apareceu da seguinte forma: primeiro apareceu aquele mesmo link http://www.hotmail.com/.html/hotmail.html e logo em seguida trocou pra esse:
http://pinguinparadise.fweibel.com/.h5dv/ e com o site do bankline tá acontecendo a mesma coisa.
Vou passar o antivirus novamente e vou procurar um especifico para trojan também.

brando lee

1: baixe essa ferramenta hijackthis
http://baixaki.ig.com.br/download/hijackthis.htm

2: salve no desktop extraia o conteudo que vem compactado em ZIP em uma pasta.

3: depois executa-o clicando no primeiro botão ((do a system scan and a save logfile)) abrira um log automatico copia e cola aqui.

Banhoterapia

Segue o log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:25, on 18/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe
C:\Arquivos de programas\palmOne\Hotsync.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Marcos e Alexandra\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 71.18.138.20 www.bancodobrasil.com.br
O1 - Hosts: 71.18.138.20 www.bancoreal.com.br
O1 - Hosts: 71.18.138.20 www.banrisul.com.br
O1 - Hosts: 71.18.138.20 www.itau.com.br
O1 - Hosts: 71.18.138.20 www.bradesco.com.br
O1 - Hosts: 71.18.138.20 www.santander.com.br
O1 - Hosts: 71.18.138.20 www.americanexpress.com.br
O1 - Hosts: 71.18.138.20 bancoreal.com.br
O1 - Hosts: 71.18.138.20 bancodobrasil.com.br
O1 - Hosts: 71.18.138.20 banrisul.com.br
O1 - Hosts: 71.18.138.20 bb.com.br
O1 - Hosts: 71.18.138.20 bradesco.com.br
O1 - Hosts: 71.18.138.20 santander.com.br
O1 - Hosts: 71.18.138.20 itau.com.br
O1 - Hosts: 71.18.138.20 americanexpress.com.br
O1 - Hosts: 71.18.138.20 unibanco.com.br
O1 - Hosts: 71.18.138.20 www.unibanco.com.br
O1 - Hosts: 71.18.138.20 hotmail.com
O1 - Hosts: 71.18.138.20 www.hotmail.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC 1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSN] C:\Windows\kys7r.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: HotSync Manager.LNK = C:\Arquivos de programas\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = C:\Arquivos de programas\palmOne\register.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Arquivos de programas\palmOne\Hotsync.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all by YouTube Robot - res://C:\Arquivos de programas\YouTubeRobot\RobotExt.ocx/ALL.HTM
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Arquivos de programas\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www3.ecurso.com.br/plugin/streetnoagent7.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send3/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212543757235
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE1AA09D-E89E-4729-BD87-EA95D635CB5D}: NameServer = 200.149.55.140 200.165.132.147
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
--
End of file - 13861 bytes

brando lee

1)
*Baixe o HostsXpert, salve-o no desktop
*Extraia o seu conteúdo para o desktop e execute-o. Clique em [Make ReadOnly] > [Restore Microsoft's Hosts File]

Banhoterapia

Baixei o hostsxpert executei e fiz o procedimento e quando cliquei em restore MS host file ele deu uma mesagem de erro e fechou o programa, aí eu abri novamente e agora tem a opção do botão make writeable, e aparece a mesma relação com vários nomes de banco como está no log acima.

brando lee

hum.
faça um novo scan do hijackthis e post o novo log

e deicha o hijackthis aberto.

Banhoterapia

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:50, on 18/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe
C:\Arquivos de programas\palmOne\Hotsync.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Marcos e Alexandra\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S08IC 1.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSN] C:\Windows\kys7r.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: HotSync Manager.LNK = C:\Arquivos de programas\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = C:\Arquivos de programas\palmOne\register.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Arquivos de programas\Arquivos comuns\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Arquivos de programas\palmOne\Hotsync.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all by YouTube Robot - res://C:\Arquivos de programas\YouTubeRobot\RobotExt.ocx/ALL.HTM
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Arquivos de programas\YouTubeRobot\RobotExt.ocx/LINK.HTM
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www3.ecurso.com.br/plugin/streetnoagent7.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.oifotos.com/custom/send3/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212543757235
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
--
End of file - 13568 bytes

brando lee

deu, esta limpo tenta agora acessar o site da hotmail

*************************************************

vamos analizar um aquivo no virus total

1) faça o seguinte, copia esse caminho que esta em vermelho,
C:\Windows\kys7r.exe

2) e agora entra nesse site www.virustotal.com abrindo vc clica no botão ((arquivo)) e abrirá uma janela, depois cola o caminho na janela e clique em ((abrir)) e depois clique no botão ((enviar arquivo))


aquarde o arquivo será verifido por varios antivirus, finalizando o resuntado poste o link do site aqui.

Banhoterapia

tá vou tentar