7 replies to this topic

[Thiago Siqueira]

Não sei como lidar com esses vírus, mas sei que mataram meu antivirus e desativaram a restauração de sistema.
Nem o hijack consegui rodar, só no modo de segurança, espero que basta:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:39, on 16/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\NiwradSoft Shell Pack\Software\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Arquivos de programas\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
O4 - HKLM\..\RunOnce: [ GbPluginBb] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbieh.dll,Gbieh
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (file missing)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom....gamesplayer.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 6628 bytes

[Leone Fernandes]

Selecione as entradas abaixo e clique no botão Fix Checked.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

- Faça o download do Malwarebytes Anti-Malware
http://www.besttechi.../mbam-setup.exe

• Faça a instalação dando um duplo clique em "mbam-setup.exe";
• Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
• Marque "Verificação Completa" e depois clique em Verificar;
• Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
• Se algo for detectado, veja se tudo está marcado e clique em "Remover";
• O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
• Copie e cole o conteúdo desse log na sua próxima resposta.

- Gere novo log do HijackThis e cole na sua resposta.

[Thiago Siqueira]

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3 (Safe Mode)

17/9/2009 23:45:34
mbam-log-2009-09-17 (23-45-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 158679
Time elapsed: 49 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-01we-aax2-5657qca554112} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\SALU\KNOW\taN.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\viss132.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Explorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully.


=======================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:14, on 18/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\acer\Wireless\Utility\WlanUtil.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\ARQUIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Intel\Wireless\Bin\OProtSvc.exe
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (file missing)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\NiwradSoft Shell Pack\Software\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Arquivos de programas\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (file missing)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom....gamesplayer.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8157 bytes

[Leone Fernandes]

Olá Thiago,
É necessário que você dê o fix checked nas entradas abaixo:

[X] - R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
[X] - O4 - HKLM\..\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
[X] - O4 - HKLM\..\Policies\Explorer\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
[X] - O4 - HKCU\..\Policies\Explorer\Run: [Windows Login Assistance] "C:\Documents and Settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
[X] - O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Baixe o ComboFix em: Combofix

1) Acesse a guia a seguir para saber como usar o Combofix:

http://www.bleepingc...usar-o-combofix
2) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

[Thiago Siqueira]

ComboFix 09-09-17.04 - thiago 18/09/2009 14:18.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.552 [GMT -3:00]
Executando de: c:\documents and settings\thiago\Meus documentos\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ADS - drivers: deleted 250 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\thiago\CONFIG~1\Temp\install_flash_player.exe
c:\documents and settings\thiago\Dados de aplicativos\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\thiago\Dados de aplicativos\Microsoft\Clip Organizer\Offic10.MGC
c:\documents and settings\thiago\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
c:\documents and settings\thiago\jl.exe
c:\documents and settings\thiago\jlo.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\AutoRun.inf

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))
.

2009-09-18 16:56 . 2009-09-18 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zbshareware Lab
2009-09-18 16:56 . 2009-09-18 16:56 -------- d-----w- c:\arquivos de programas\USB Disk Security
2009-09-18 00:49 . 2009-09-18 00:49 -------- d-----w- c:\documents and settings\Administrador.NOTE-THIAGO\Dados de aplicativos\Malwarebytes
2009-09-18 00:45 . 2009-09-18 00:45 -------- d-----w- c:\documents and settings\thiago\Dados de aplicativos\Malwarebytes
2009-09-18 00:45 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 00:45 . 2009-09-18 00:45 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-09-18 00:45 . 2009-09-18 00:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-09-18 00:45 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 00:38 . 2009-09-18 17:03 -------- d-----w- C:\backups
2009-09-16 12:43 . 2009-09-16 12:43 -------- d-----w- C:\Hijack This
2009-09-16 12:38 . 2007-06-28 17:36 401720 ----a-w- C:\HijackThis.exe
2009-09-15 20:42 . 2009-09-15 20:42 -------- d-----r- C:\SALU
2009-09-15 16:35 . 2009-09-18 02:45 -------- d-sh--w- c:\documents and settings\thiago\Dados de aplicativos\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH
2009-09-09 23:07 . 2009-09-09 23:07 -------- d-----r- C:\NNITEDN
2009-09-03 03:39 . 2009-09-03 03:39 -------- d-----w- c:\arquivos de programas\Ivory

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 20:04 . 2009-02-20 14:21 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-07 21:04 . 2009-08-11 01:15 -------- d-----w- c:\documents and settings\thiago\Dados de aplicativos\U3
2009-08-28 16:47 . 2009-03-17 18:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-08-28 16:46 . 2009-03-17 18:22 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-08-24 17:24 . 2009-07-11 17:51 -------- d-----w- c:\arquivos de programas\Claro 3G
2009-08-17 17:43 . 2009-03-17 18:22 26632 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-08-12 13:39 . 2009-02-14 05:32 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-08-08 17:05 . 2009-08-08 15:43 -------- d-----w- c:\arquivos de programas\Claro
2009-07-25 22:00 . 2009-06-30 01:58 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SynTPLpr"="c:\arquivos de programas\Synaptics\SynTP\SynTPLpr.exe" [2006-01-05 82010]
"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-01-05 761946]
"acerWireless"="c:\arquivos de programas\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"IntelWireless"="c:\arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"USB Antivirus"="c:\arquivos de programas\USB Disk Security\USBGuard.exe" [2009-09-18 815104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-08-17 17:36 304520 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 14:27 110592 ----a-w- c:\arquivos de programas\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^thiago^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=c:\documents and settings\thiago\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk
backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [17/3/2009 15:22 26632]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [17/3/2009 15:22 53128]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/4/2008 17:06 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{TY45T244-U7U6-4F4T-YBRJ-B56Y546VYE45V}]
c:\nnitedn\LODGI\NintenD.exe
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-08-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-30 01:18]
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {9143FA26-0B5E-4B24-997E-696829D60E90} = 200.169.118.22 200.169.117.22
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
.
- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-HijackThis - c:\docume~1\thiago\CONFIG~1\Temp\Rar$EX00.953\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 14:22
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="c:\\ARQUIV~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,c:\\ARQUIV~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(1448)
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\windows\system32\Ati2evxx.dll
c:\arquivos de programas\Intel\Wireless\Bin\LgNotify.dll
.
Tempo para conclusão: 2009-09-18 14:23
ComboFix-quarantined-files.txt 2009-09-18 17:23

Pré-execução: 21 pasta(s) 15.158.165.504 bytes disponíveis
Pós execução: 27 pasta(s) 15.887.478.784 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

154 --- E O F --- 2009-07-17 02:08



===============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:14, on 18/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\ARQUIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\acer\Wireless\Utility\WlanUtil.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Intel\Wireless\Bin\OProtSvc.exe
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Claro\Claro.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\thiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\thiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\thiago\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\NiwradSoft Shell Pack\Software\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [acerWireless] C:\Arquivos de programas\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Arquivos de programas\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [USB Antivirus] C:\Arquivos de programas\USB Disk Security\USBGuard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom....gamesplayer.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancob...gin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9143FA26-0B5E-4B24-997E-696829D60E90}: NameServer = 200.169.118.22 200.169.117.22
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 7642 bytes

[Leone Fernandes]

- Parabéns, seu logfile está limpo!

- A última coisa a fazer e a manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro.

Faça o download do CCleaner:

• Clique em Salvar e quando terminado o download, faça a instalação;
• Abra o programa e clique em Executar Limpeza;
• Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema.

Edição feita por: Leone Fernandes, 19/09/2009, 00:45.

[Thiago Siqueira]

Obrigado pela ajuda!

[Leone Fernandes]

Problema Resolvido!

Caso o autor necessite que seu tópico seja reaberto, entrar em contato com a equipe de moderação.