Logo Hardware.com.br
athux
athux Novo Membro Registrado
4 Mensagens 0 Curtidas

Tenho que clicas 2 vezes para desligar o PC

#1 Por athux 28/07/2010 - 14:41
Toda vez que quero desligar meu PC, tenho que clicar duas vezes em desligar. Possuo um windows XP e meu log do HiJack mostra esses programas em execuçao:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Arquivos de programas\Toshiba\Toshiba Applet\thotkey.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Java\jre6\bin\jucheck.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\usuario\CONFIG~1\Temp\Adobelm_Cleanup.0001
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\usuario\CONFIG~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Arquivos de programas\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Arquivos de programas\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=080810 serial=DR12WEX-1504397-KTY lang=BP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Msn] rundll32.exe smll86.dll,network
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [12CFG214-K641-24SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.sbradesco.kit.net
O15 - Trusted Zone: http://www.santander.com.br
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225065592500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Arquivos de programas\Toshiba\TOSHIBA Applet\TAPPSRV.exe

Alguem sabe o que devo fazer para corrigir isso? Obrigado.
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
28/07/2010 - 16:29
smile.png Olá athux!

veja.png Siga, por gentileza, as dicas destes tutoriais:

Tutorial do USBFix

Tutorial do Malwarebytes Anti-Malware

Tutorial do Norman Malware Cleaner
___________________________

veja.png Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um novo log do Hijackthis, o log do Malwarebytes e o log do Norman Malware Cleaner e nos diga como está o PC após estes procedimentos.

Ficamos no aguardo.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
athux
athux Novo Membro Registrado
4 Mensagens 0 Curtidas
#3 Por athux
29/07/2010 - 11:24
Olá Antonio,
Nao consegui fazer o download do Usb.Fix nem do Norman Malware Anti-Cleaner, pois aparecia um erro de conexao. Fiz o download do Malwarebytes Anti-Malware e ele detectou 16 arquivos infectados que eu já mandei para a quarentena. O log ficou assim:

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
28/7/2010 23:32:39
mbam-log-2010-07-28 (23-32-39).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 197882
Tempo decorrido: 1 hora(s), 8 minuto(s), 37 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 1
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 3
Itens de Dados no Registro Infectados: 5
Pastas Infectadas: 1
Arquivos Infectados: 6
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
C:\WINDOWS\system32\smll86.dll (Trojan.Banker) -> Delete on reboot.
Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)
Valores de Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msn (Trojan.Banker) -> Quarantined and deleted successfully.
Itens de Dados no Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-3430119107-5877543081-523155675-1010\winmap32.exe,C:\RECYCLER\S-1-5-21-2632799190-1506614277-091460136-7603\winmap32.exe,C:\RECYCLER\S-1-5-21-0731360752-5932828591-216144529-6621\winmap32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-6620345897-3540794620-781259425-9744\winmap32.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Pastas Infectadas:
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859 (Worm.AutoRun) -> Quarantined and deleted successfully.
Arquivos Infectados:
C:\WINDOWS\system32\teste2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1859\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\usuario\Dados de aplicativos\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\win3ks\1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\win3ks\clk.wav (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smll86.dll (Trojan.Banker) -> Delete on reboot.

Acho que o problema estava aí né? Obrigado.
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#4 Por Power Max
29/07/2010 - 11:41
smile.png Vários problemas foram removidos pelo Malwarebytes.
____________________________

veja.png Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall

combofixejr8.gif

* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

53ff5f76951713510e7b9a4456f26f42

* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

31ab74d8d7332d4a8c903e1483cc4a6c

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>

O log do Combofix estará em C:\ComboFix.txt
____________________________

veja.png Siga também estas dicas:

Tutorial do Bankerfix

Tutorial do Flash Disinfector
___________________________

veja.png * Faça o download do PenClean:
https://dl.getdropbox.com/u/1035720/PenClean.zip

● Descompacte o Penclean.zip usando um descompactor (como o Winrar ou Winzip, por exemplo).
● Conecte o seu pendrive ou outra mídia que estiver infectada (se você tiver um) no computador e siga as etapas abaixo:
● Execute o arquivo PenClean.exe, e marque a opção: Verificar unidade > clique seta voltada para baixo e escolha a opção Todas as unidades. Depois disto clique no botão: Verificar.
● Se algo for detectado, o programa vai pedir para reiniciar o computador. Marque a opção para reiniciar e aguarde.

● Será salvo um log em C:\PenClean\PenClean.txt
_________________________

veja.png Na sua próxima resposta poste o conteúdo do relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt juntamente com um novo log do Hijackthis, o log que estará em C:\PenClean\PenClean.txt, o log que estará em C:\ComboFix.txt e nos diga como está o seu PC depois disto.

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
athux
athux Novo Membro Registrado
4 Mensagens 0 Curtidas
#5 Por athux
30/07/2010 - 11:24
O meu log do Combofix.txt diz o seguinte:

ComboFix 10-07-29.01 - usuario 29/07/2010 18:19:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1483 [GMT -3:00]
Executando de: C:\Documents and Settings\usuario\Menu Iniciar\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - drivers: deleted 304 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
C:\win3ks
C:\WINDOWS\system32\blomc20.txt
C:\WINDOWS\system32\VB6KO.DLL
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-28 to 2010-07-29 ))))))))))))))))))))))))))))
.
2010-07-29 14:59:05 . 2010-07-29 14:59:06 -------- dc----w- C:\Documents and Settings\usuario\Dados de aplicativos\Media Player Classic
2010-07-29 03:16:34 . 2008-09-04 17:16:10 1106944 -c----w- C:\WINDOWS\system32\dllcache\msxml3.dll
2010-07-29 02:42:06 . 2009-08-06 22:23:46 274288 -c--a-w- C:\WINDOWS\system32\mucltui.dll
2010-07-29 02:42:06 . 2009-08-06 22:23:46 215920 -c--a-w- C:\WINDOWS\system32\muweb.dll
2010-07-28 20:21:18 . 2010-07-28 20:21:18 -------- dc----w- C:\Documents and Settings\usuario\Dados de aplicativos\Malwarebytes
2010-07-28 20:20:49 . 2010-04-29 18:39:38 38224 -c--a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-28 20:20:47 . 2010-07-28 20:20:47 -------- dc----w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2010-07-28 20:20:40 . 2010-04-29 18:39:26 20952 -c--a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-28 20:20:39 . 2010-07-28 20:20:56 -------- dc----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2010-07-28 20:18:39 . 2010-07-28 20:19:54 6153352 -c--a-w- C:\Arquivos de programas\mbam-setup.exe
2010-07-27 16:37:36 . 2010-07-27 16:37:38 -------- dc----w- C:\Arquivos de programas\CCleaner
2010-07-27 16:34:11 . 2010-07-27 16:37:07 3420304 -c--a-w- C:\Arquivos de programas\ccsetup234.exe
2010-07-27 15:41:58 . 2010-07-27 15:42:03 388608 -c--a-w- C:\Arquivos de programas\HiJackThis.exe
2010-07-27 03:23:38 . 2010-07-27 03:23:38 2560 -c--a-w- C:\WINDOWS\_MSRSTRT.EXE
2010-07-10 01:08:19 . 2010-07-10 01:08:48 -------- dc----w- C:\Arquivos de programas\eMule5
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 21:15:23 . 2008-08-11 14:23:19 -------- dc----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2010-07-29 17:47:39 . 2009-03-20 00:32:03 -------- dc----w- C:\Documents and Settings\usuario\Dados de aplicativos\HPAppData
2010-07-28 17:38:18 . 2010-07-27 16:23:11 15144 -c--a-w- C:\Arquivos de programas\hijackthis.log
2010-07-27 14:05:50 . 2008-08-05 13:18:03 -------- dc----w- C:\Arquivos de programas\DAP
2010-07-19 09:37:37 . 2010-03-22 19:53:49 -------- dc----w- C:\Arquivos de programas\Microsoft Silverlight
2010-07-19 02:51:36 . 2008-08-15 18:35:34 -------- dc----w- C:\Documents and Settings\usuario\Dados de aplicativos\Skype
2010-07-14 09:34:38 . 2008-08-11 14:23:25 -------- dc----w- C:\Arquivos de programas\GbPlugin
2010-06-18 13:52:39 . 2008-08-05 15:53:24 -------- dc----w- C:\Arquivos de programas\Alwil Software
2010-06-18 13:50:50 . 2010-06-18 13:50:50 -------- dc----w- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software
2010-06-10 19:47:10 . 2009-04-30 22:16:26 45800 ----a-w- C:\WINDOWS\system32\drivers\GbpKm.sys
2010-05-06 20:59:57 . 2009-06-13 15:04:07 38848 ----a-w- C:\WINDOWS\system32\avastSS.scr
2010-05-06 20:59:36 . 2009-06-13 15:03:50 165032 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2010-05-06 20:39:23 . 2009-06-13 15:04:09 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-05-06 20:39:00 . 2009-06-13 15:04:06 164048 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2010-05-06 20:34:27 . 2009-06-13 15:04:09 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-05-06 20:33:59 . 2009-06-13 15:04:06 100432 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-05-06 20:33:55 . 2009-06-13 15:04:06 94800 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2010-05-06 20:33:47 . 2009-06-13 15:04:06 19024 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-05-06 20:33:29 . 2009-06-13 15:04:08 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-05-04 14:25:04 . 2010-04-22 13:58:00 256 -c--a-w- C:\WINDOWS\system32\pool.bin
2010-03-06 16:50:52 . 2010-03-06 16:50:11 98181416 -c--a-w- C:\Arquivos de programas\iTunesSetup.exe
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-07-29_21.00.42"]SnapShot@2010-07-29_21.00.42[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-29 21:15:46 . 2010-07-29 21:15:46 16384 C:\WINDOWS\Temp\Perflib_Perfdata_6d8.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 19:44:26 3883840]
"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 20:46:37 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="C:\Arquivos de programas\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 20:41:18 413696]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-05 15:34:48 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-05 15:34:28 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-05 15:34:38 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 19:47:50 16859648]
"TPSMain"="TPSMain.exe" [2007-10-12 17:16:46 266240]
"THotkey"="C:\Arquivos de programas\Toshiba\Toshiba Applet\thotkey.exe" [2008-03-04 15:12:04 360448]
"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 21:20:56 1024000]
"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 18:10:42 56928]
"LanguageShortcut"="C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 01:55:32 54832]
"SecurDisc"="C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 18:55:46 1628208]
"InCD"="C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 18:55:26 1057328]
"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 04:26:34 729088]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2008-11-10 07:43:42 136600]
"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2009-11-11 02:08:18 417792]
"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2010-02-15 21:07:02 141608]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 00:17:32 49152]
"hpqSRMon"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 13:54:08 150016]
"avast5"="C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 20:59:42 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:20:56 15360]
C:\Documents and Settings\usuario\Programas\Inicializar\
Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-5 113664]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-5 113664]
HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]
2010-06-10 19:48:44 332840 ------w- C:\ARQUIV~1\GbPlugin\gbiehabn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-05-26 13:47:02 335136 ------w- C:\Arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 05:12:02 483328 -c--a-w- C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57:24 153136 -c--a-w- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 07:27:04 144784 -c--a-w- C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"C:\\Arquivos de programas\\Media Player Classic\\mplayerc.exe"=
"C:\\Arquivos de programas\\eMule5\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\GbpKm.sys [30/4/2009 19:16:26 45800]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [13/6/2009 12:04:06 164048]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [13/6/2009 12:04:06 19024]
R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [11/8/2008 11:23:21 55400]
R3 FwLnk;FwLnk Driver;C:\WINDOWS\system32\drivers\FwLnk.sys [5/8/2008 11:04:58 5888]
R3 RTL8187B;Placa de rede sem fios Realtek RTL8187B, 802.11b/g, de 54 Mbps e USB 2.0;C:\WINDOWS\system32\drivers\RTL8187B.sys [5/8/2008 10:37:51 288000]
S2 byjkt;Installer Windows;C:\WINDOWS\system32\svchost.exe -k netsvcs [4/8/2004 00:45:44 14336]
S2 cayejj;zkifyzshn;C:\WINDOWS\system32\svchost.exe -k netsvcs [4/8/2004 00:45:44 14336]
S2 htihrbsk;Center Time;C:\WINDOWS\system32\svchost.exe -k netsvcs [4/8/2004 00:45:44 14336]
S2 iavqjzdsk;Update Monitor;C:\WINDOWS\system32\svchost.exe -k netsvcs [4/8/2004 00:45:44 14336]
S2 onedx;Driver Center;C:\WINDOWS\system32\svchost.exe -k netsvcs [4/8/2004 00:45:44 14336]
S2 Oqzkay;Oqzkay;C:\WINDOWS\System32\svchost.exe -k netsvcs [4/8/2004 00:45:44 14336]
S3 Cbibdv;Cbibdv; [x]
S3 eozgc;eozgc;\??\C:\WINDOWS\system32\0130.tmp --> C:\WINDOWS\system32\0130.tmp [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Oqzkay
byjkt
htihrbsk
iavqjzdsk
cayejj
onedx
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-07-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34:12 . 2008-07-30 14:34:12]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.msn.com.br/
IE: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
IE: Convert link target to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bancoreal.com.br\www
Trusted Zone: bb.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: secureweb.com.br\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 18:23:57
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eozgc]
"ImagePath"="\??\C:\WINDOWS\system32\0130.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\byjkt]
"ServiceDll"="C:\WINDOWS\system32\unxopri.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cayejj]
"ServiceDll"="C:\WINDOWS\system32\unxopri.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\htihrbsk]
"ServiceDll"="C:\WINDOWS\system32\unxopri.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iavqjzdsk]
"ServiceDll"="C:\WINDOWS\system32\unxopri.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\onedx]
"ServiceDll"="C:\WINDOWS\system32\unxopri.dll"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(872)
C:\ARQUIV~1\GbPlugin\gbiehabn.dll
C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
- - - - - - - > 'explorer.exe'(3196)
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
C:\ARQUIV~1\GbPlugin\gbiehabn.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\system32\TPwrCfg.DLL
C:\WINDOWS\system32\TPwrReg.dll
C:\WINDOWS\system32\TPSTrace.DLL
.
Tempo para conclusão: 2010-07-29 18:25:21
ComboFix-quarantined-files.txt 2010-07-29 21:25:18
Pré-execução: 11 pasta(s) 63.979.761.664 bytes disponíveis
Pós execução: 12 pasta(s) 63.975.342.080 bytes disponíveis
- - End Of File - - 856B483E2EFAD7C54F086FA6EA77CB60

E o log do HiJack diz o seguinte:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:23, on 30/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Arquivos de programas\Toshiba\Toshiba Applet\thotkey.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\usuario\CONFIG~1\Temp\Adobelm_Cleanup.0001
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\usuario\CONFIG~1\Temp\Adobelm_Cleanup.0001
C:\Arquivos de programas\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Arquivos de programas\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Arquivos de programas\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=080810 serial=DR12WEX-1504397-KTY lang=BP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: http://www.bancobrasil.com.br
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.santander.com.br
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225065592500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Cbibdv - Unknown owner - (no file)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Arquivos de programas\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 13999 bytes

Parece que agora o computador está funcionando bem melhor, inclusive até mais rápido.
Muito obrigado pela ajuda!
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#6 Por Power Max
30/07/2010 - 11:27
veja.png Ficou faltando você postar o conteúdo do relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt juntamente com o log que estará em C:\PenClean\PenClean.txt.
________________________

veja.png Você executou o Flash Disinfector? Caso não tenha executado, execute também ele, por gentileza.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
athux
athux Novo Membro Registrado
4 Mensagens 0 Curtidas
#7 Por athux
30/07/2010 - 11:41
Relatorio do BankerFix ficou assim:

BankerFix 3.1 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2010-07-30 - 11:29
-------------------------------------------------------
Lista de Definição: 2010-03-28-1 | CORE: 2010-01-14-1
=======================================================
Arquivo infectado detectado: C:\WINDOWS\system32\blomct.txt
Arquivo infectado removido com sucesso!

----- Fim -------------------------

E o log do PenClean só aparece isso no log:

Iniciando relatório do PenClean 2.0.6-20090606
Por Renato Victor Mejias
[EMAIL="renatomejias@yahoo.com.br"]renatomejias@yahoo.com.br[/EMAIL]
30/7/2010 11:36:40
-----------------------------------------------------------

Tambem executei o Flash Desinfector
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#8 Por Power Max
30/07/2010 - 11:47
smile.png Outro problema foi removido pelo Bankerfix.

veja.png Tente executar novamente o Norman Malware Cleaner e o Usbfix e veja se já é possível. Caso seja possível, poste os logs deles em sua próxima resposta.

Se não for possível, nos avise.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal