Logfile of HijackThis v1.99.1
Scan saved at 16:54:22, on 11/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Arquivos de programas\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Sandboxie\SbieCtrl.exe
C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\NETO\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Arquivos de programas\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Arquivos de programas\WOT\WOT.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Office XP crack (não remover)] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [USBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [C:\Arquivos de programas\NetMeter\NetMeter.exe] C:\Arquivos de programas\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Arquivos de programas\Sandboxie\SbieCtrl.exe"
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Arquivos de programas\WOT\WOT.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EnterpriseDB ApachePHP (EnterpriseDBApachePHP) - Unknown owner - C:\Arquivos de programas\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe" -k runservice (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Arquivos de programas\WildGames\Game Console - WildGames\GameConsoleService.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c99501113c423c) (gupdate1c99501113c423c) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Arquivos de programas\Sandboxie\SbieSvc.exe

- Faça o download do Malwarebytes Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe

• Faça a instalação dando um duplo clique em "mbam-setup.exe";
• Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
• Marque "Verificação Completa" e depois clique em Verificar;
• Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
• Se algo for detectado, veja se tudo está marcado e clique em "Remover";
• O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
• Copie e cole o conteúdo desse log na sua próxima resposta.

- Gere novo log do HijackThis e cole na sua resposta.

log do mbam

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4096

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/5/2010 14:46:42
mbam-log-2010-05-13 (14-46-42).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 252776
Tempo decorrido: 2 hora(s), 16 minuto(s), 54 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 1

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc46.2-ROR\rorfmp7e\ror\keygen.exe (Worm.Autorun. -> Quarantined and deleted successfully.


LOG DO HIJACKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 14:54:10, on 13/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Arquivos de programas\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Arquivos de programas\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
C:\Arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
C:\Arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
C:\Arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
C:\Arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
C:\Arquivos de programas\PostgreSQL\8.4\bin\postgres.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\NETO\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Arquivos de programas\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Arquivos de programas\WOT\WOT.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Office XP crack (não remover)] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Office10\zera_oxp.exe
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [USBFW] C:\Arquivos de programas\Net Studio\USB FireWall\USB FireWall.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [C:\Arquivos de programas\NetMeter\NetMeter.exe] C:\Arquivos de programas\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Arquivos de programas\Sandboxie\SbieCtrl.exe"
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Arquivos de programas\WOT\WOT.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll (file missing)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EnterpriseDB ApachePHP (EnterpriseDBApachePHP) - Unknown owner - C:\Arquivos de programas\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe" -k runservice (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Arquivos de programas\WildGames\Game Console - WildGames\GameConsoleService.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c99501113c423c) (gupdate1c99501113c423c) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Arquivos de programas\Sandboxie\SbieSvc.exe

Baixe o Kaspersky AVP Tool:
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Salve-o em sua área de trabalho.

Execute o arquivo e vá seguindo os prompts. Quando terminar, entre na pasta Virus Removal Tool, que foi criada no mesmo diretório onde você salvou o arquivo de instalação.

Para abrir o programa, faça duplo clique sobre o atalho

Marque a caixa ao lado de:

• Meu Computador
• Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houver.

Clique no botão

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.
Clique em Skip All (queremos apenas o log).

Enquanto durar o exame, o botão Scan será substituído por um quadrado vermelho, com a mensagem Stop Scan

Quando o exame terminar, o botão Scan aparecerá novamente.

Caso a ferramenta tenha encontrado algo, este botão ficará vermelho

Quando terminar, clique no botão Report, no rodapé da janela.

Clique no sinal + ao lado do último Autoscan da lista (o mais recente)



Clique uma vez sobre Task Started para selecionar a linha, segure a tecla shift pressionada e depois clique uma vez sobre Task Completed

Clique com o direito sobre a seleção, depois clique em Copy

Vá em Iniciar > Executar e digite notepad

Quando o bloco de notas abrir, clique com o botão direito do mouse em qualquer lugar vazio e escolha a opção colar
Salve o log com o nome log.txt, em algum local de fácil acesso.

Copie todo o conteúdo deste log e cole na sua próxima resposta.

Segue log.

13/5/2010 21:44:20 Task started
13/5/2010 22:11:50 Detected: Trojan.Win32.Genome.brji C:\Arquivos de programas\Power MP3 WMA Converter\skssetup-112-SkserCS.exe/data0000.res/data0006
13/5/2010 22:22:44 Detected: Trojan.Win32.Genome.brji C:\Documents and Settings\JOSY\Meus documentos\Downloads\PowerConvertor.EXE/data0029/data0000.res/data0006
13/5/2010 22:25:19 Untreated: Trojan.Win32.Genome.brji C:\Arquivos de programas\Power MP3 WMA Converter\skssetup-112-SkserCS.exe/data0000.res/data0006 Write not supported
13/5/2010 22:25:22 Detected: not-a-virus:AdWare.Win32.Zwangi.d C:\Arquivos de programas\Power MP3 WMA Converter\skssetup-112-SkserCS.exe/data0000.res/data0009
13/5/2010 22:25:34 Untreated: Trojan.Win32.Genome.brji C:\Documents and Settings\JOSY\Meus documentos\Downloads\PowerConvertor.EXE/data0029/data0000.res/data0006 Write not supported
13/5/2010 22:25:36 Detected: not-a-virus:AdWare.Win32.Zwangi.d C:\Documents and Settings\JOSY\Meus documentos\Downloads\PowerConvertor.EXE/data0029/data0000.res/data0009
13/5/2010 22:46:19 Detected: Trojan-Dropper.Win32.Delf.dyi C:\Documents and Settings\NETO\Desktop\TextAloud v2.237\TA2237.exe/data0000
13/5/2010 23:01:01 Untreated: Trojan-Dropper.Win32.Delf.dyi C:\Documents and Settings\NETO\Desktop\TextAloud v2.237\TA2237.exe/data0000 Write not supported
13/5/2010 23:04:26 Detected: not-a-virus:AdWare.Win32.Rabio.hw C:\Documents and Settings\NETO\Meus documentos\PROGRAMAS\AMVStudio4_Install.exe
13/5/2010 23:04:40 Untreated: not-a-virus:AdWare.Win32.Rabio.hw C:\Documents and Settings\NETO\Meus documentos\PROGRAMAS\AMVStudio4_Install.exe Skipped by user
13/5/2010 23:08:25 Processing error C:\Documents and Settings\NETO\Meus documentos\PROGRAMAS\postgresql-8.2.6-2\postgresql-8.2-int.msi/postgresql.cab Read error
13/5/2010 23:08:50 Task stopped
14/5/2010 07:48:57 Task started
14/5/2010 08:00:45 Task stopped
14/5/2010 08:07:22 Task started
14/5/2010 08:12:51 Detected: not-a-virus:AdWare.Win32.MyWay.j C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0003
14/5/2010 08:13:09 Detected: MultiPacked.Multi.Generic C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc70.exe/ExeStealth
14/5/2010 08:13:28 Untreated: not-a-virus:AdWare.Win32.MyWay.j C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0003 Write not supported
14/5/2010 08:13:39 Detected: not-a-virus:AdWare.Win32.WurldMedia.c C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0004/WISE0015.BIN
14/5/2010 08:13:40 Detected: not-a-virus:AdWare.Win32.WurldMedia.b C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0004/WISE0017.BIN
14/5/2010 08:13:40 Detected: not-a-virus:AdWare.Win32.Gator.1050 C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc20\GetRight v4.5 (Final).exe/GetRight v4.5 (Final)/getrt450.exe/WISE0087.BIN
14/5/2010 08:13:45 Untreated: MultiPacked.Multi.Generic C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc70.exe/ExeStealth Skipped by user
14/5/2010 08:13:45 Untreated: not-a-virus:AdWare.Win32.Gator.1050 C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc20\GetRight v4.5 (Final).exe/GetRight v4.5 (Final)/getrt450.exe/WISE0087.BIN Write not supported
14/5/2010 08:15:26 Detected: not-a-virus:AdWare.Win32.NewDotNet C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0010
14/5/2010 08:15:27 Untreated: not-a-virus:AdWare.Win32.NewDotNet C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0010 Write not supported
14/5/2010 08:15:28 Detected: not-a-virus:AdWare.Win32.SaveNow.aa C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0011/SaveNow.exe
14/5/2010 08:15:29 Detected: not-a-virus:AdWare.Win32.SaveNow.au C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0011/Uninst.exe
14/5/2010 08:49:14 Task stopped
14/5/2010 13:11:31 Task started
14/5/2010 13:18:40 Task stopped
14/5/2010 14:13:56 Task started
14/5/2010 14:30:44 Task stopped
14/5/2010 14:38:25 Task started
14/5/2010 14:43:17 Detected: Trojan.Win32.Genome.brji C:\Arquivos de programas\Power MP3 WMA Converter\skssetup-112-SkserCS.exe/data0000.res/data0006
14/5/2010 14:43:44 Untreated: Trojan.Win32.Genome.brji C:\Arquivos de programas\Power MP3 WMA Converter\skssetup-112-SkserCS.exe/data0000.res/data0006 Write not supported
14/5/2010 14:43:48 Detected: not-a-virus:AdWare.Win32.Zwangi.d C:\Arquivos de programas\Power MP3 WMA Converter\skssetup-112-SkserCS.exe/data0000.res/data0009
14/5/2010 14:52:32 Detected: Trojan.Win32.Genome.brji C:\Documents and Settings\JOSY\Meus documentos\Downloads\PowerConvertor.EXE/data0029/data0000.res/data0006
14/5/2010 14:52:32 Untreated: Trojan.Win32.Genome.brji C:\Documents and Settings\JOSY\Meus documentos\Downloads\PowerConvertor.EXE/data0029/data0000.res/data0006 Write not supported
14/5/2010 14:52:34 Detected: not-a-virus:AdWare.Win32.Zwangi.d C:\Documents and Settings\JOSY\Meus documentos\Downloads\PowerConvertor.EXE/data0029/data0000.res/data0009
14/5/2010 14:59:56 Detected: Trojan-Dropper.Win32.Delf.dyi C:\Documents and Settings\NETO\Desktop\TextAloud v2.237\TA2237.exe/data0000
14/5/2010 14:59:56 Untreated: Trojan-Dropper.Win32.Delf.dyi C:\Documents and Settings\NETO\Desktop\TextAloud v2.237\TA2237.exe/data0000 Write not supported
14/5/2010 15:06:59 Detected: not-a-virus:AdWare.Win32.Rabio.hw C:\Documents and Settings\NETO\Meus documentos\PROGRAMAS\AMVStudio4_Install.exe
14/5/2010 15:07:20 Detected: MultiPacked.Multi.Generic C:\Documents and Settings\NETO\Meus documentos\PROGRAMAS\cd\PROGRAMAS DIVERSOS\100 keyGens\Auto ShutDown Pro 4.25.exe/ExeStealth
14/5/2010 15:09:08 Detected: not-a-virus:AdWare.Win32.MyWay.j C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0003
14/5/2010 15:20:05 Untreated: not-a-virus:AdWare.Win32.MyWay.j C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0003 Write not supported
14/5/2010 15:20:05 Untreated: not-a-virus:AdWare.Win32.Rabio.hw C:\Documents and Settings\NETO\Meus documentos\PROGRAMAS\AMVStudio4_Install.exe Skipped by user
14/5/2010 15:20:06 Detected: MultiPacked.Multi.Generic C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc70.exe/ExeStealth
14/5/2010 15:20:07 Detected: not-a-virus:AdWare.Win32.WurldMedia.c C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0004/WISE0015.BIN
14/5/2010 15:20:08 Detected: not-a-virus:AdWare.Win32.WurldMedia.b C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc37.exe/UPX/data0004/WISE0017.BIN
14/5/2010 15:20:12 Untreated: MultiPacked.Multi.Generic C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc70.exe/ExeStealth Skipped by user
14/5/2010 15:20:12 Untreated: MultiPacked.Multi.Generic C:\Documents and Settings\NETO\Meus documentos\PROGRAMAS\cd\PROGRAMAS DIVERSOS\100 keyGens\Auto ShutDown Pro 4.25.exe/ExeStealth Skipped by user
14/5/2010 15:20:17 Detected: not-a-virus:AdWare.Win32.Gator.1050 C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc20\GetRight v4.5 (Final).exe/GetRight v4.5 (Final)/getrt450.exe/WISE0087.BIN
14/5/2010 15:20:17 Untreated: not-a-virus:AdWare.Win32.Gator.1050 C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc20\GetRight v4.5 (Final).exe/GetRight v4.5 (Final)/getrt450.exe/WISE0087.BIN Write not supported
14/5/2010 15:20:19 Detected: not-a-virus:AdWare.Win32.NewDotNet C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0010
14/5/2010 15:20:19 Untreated: not-a-virus:AdWare.Win32.NewDotNet C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0010 Write not supported
14/5/2010 15:20:19 Detected: not-a-virus:AdWare.Win32.SaveNow.aa C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0011/SaveNow.exe
14/5/2010 15:20:20 Detected: not-a-virus:AdWare.Win32.SaveNow.au C:\RECYCLER\S-1-5-21-1993962763-1580818891-839522115-1004\Dc48\codec-som-ac3.exe/data0011/Uninst.exe
14/5/2010 15:23:28 Task completed

- Clique na aba Detected Threats e em "delete all";

- No mais, o log está limpo

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

• Clique em Salvar e quando terminado o download, faça a instalação;
• Abra o programa e clique em Executar Limpeza;
• Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leitura recomendada:
http://www.linhadefensiva.org/forum/index....showtopic=75646

- Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

- Se não tiver mais problema, clique no botão e diga que o seu caso foi resolvido.

Desculpe, mas não localizei a aba Detected Threats.

é no kaspersky VRT?

Poderia dar mais detalhes?

Grato

É no Kaspersky.

Problema Resolvido!

Caso o autor necessite que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação.