Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
albavss

tela com mensagem que não dá para Entender

Recommended Posts

Gostaria de saber se alguém sabe o que acontece quando ligo o micro, algum tempo após, aparece uma janelinha com a seguinte frase: Access violation at address 00401B in module'wmpnet exe'.Write of address 41414141, e só tem a opção de clicar em ok, então clicando em ok, aparece uma targinha cinza no canto superior esquerda do micro e fica alí até desligar e percebo que após isso o micro fica mais lento e trava toda hora, se não clicar em ok, a janelinha fica alí com a frase e não impede o trabalho no micro, será que isso é algum virus? Estou preocupada, sem alguem tiver noção do que seja, por favor me ajude:confused:

Grata

Editado por albavss

Compartilhar este post


Link para o post
Compartilhar em outros sites
 
Olá

Acesse o link e poste os logs solicitados: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

Abraços :D

Oi diego_moicano

Estou enviando conforme foi solicitado depois de muito apanhar, pois sou meio leiga no assunto mais está aí

Goataria de saber se estes arquivos que baixei, ou seja DDS e Gmer, tem necessidade de ficar no computador ou posso desinstalar?

Muito obrigada

Alba Valéria

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

Estou enviando conforme foi solicitado depois de muito apanhar, pois sou meio leiga no assunto mais está aí
Para onde você os enviou? É para postar aqui neste tópico!
Goataria de saber se estes arquivos que baixei, ou seja DDS e Gmer, tem necessidade de ficar no computador ou posso desinstalar?
Pode deixar até terminarmos...

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 
Cara albavss

Para onde você os enviou? É para postar aqui neste tópico!

Pode deixar até terminarmos...

Abraços :D

Oi, Diego,

Me desculpe na realidade digitei e enviei, quando ví, advinha, esquecí de postar, mais agora vai aí

Obrigadão mesmo hein!

DDS (Ver_09-10-26.01) - NTFSx86

Run by usuario at 15:43:33,73 on ter 03/11/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.397 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\Bandoo\Bandoo.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\DOCUME~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\winmgr\winmgr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe

C:\Documents and Settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\NitroPC\NitroPCService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\Bandoo\BndCore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wmpnet.exe

C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\WH5C20L6\dds[1].scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.shareazaweb.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSSRCAS.DLL

BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSSRCAS.DLL

BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSBAR.DLL

BHO: Microsoft C Runtime Library: {28a21d67-a6c7-4a14-a35c-ee0d16c3b906} - c:\windows\system32\msvcr92d.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\arquivos de programas\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: UrlHelper Class: {cfc4f59b-a2da-4e12-b337-52a4f871e10c} - c:\arquivos de programas\shareaza applications\shareaza\ShareazaIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\arquivos de programas\bandoo\plugins\ie\ieplugin.dll

TB: Shareaza MediaBar: {196c3a46-4758-433d-a600-802c804af39c} - c:\arquivos de programas\shareaza applications\shareaza mediabar\ShareazaMediaBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSBAR.DLL

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [NitroPC] "c:\arquivos de programas\nitropc\NitroPC.exe" -minimized

uRun: [swg] "c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MyWebSearch Email Plugin] c:\arquiv~1\mywebs~1\bar\2.bin\mwsoemon.exe

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [AudioDeck] c:\arquivos de programas\viaudioi\sbadeck\ADeck.exe 1

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [Motive SmartBridge] "c:\docume~1\usuario\meusdo~1\assist~1\smartb~1\MotiveSB.exe" /restart

mRun: [WindowsXP AutoUpdate] c:\documents and settings\usuario\dados de aplicativos\wuauct.exe

mRun: [WinMgr] c:\windows\winmgr\winmgr.exe /auto

mRun: [WinampAgent] "c:\documents and settings\usuario\meus documentos\winamp\winampa.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [MyWebSearch Plugin] rundll32 c:\arquiv~1\mywebs~1\bar\2.bin\M3PLUGIN.DLL,UPF

mRun: [My Web Search Bar Search Scope Monitor] "c:\arquiv~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

mRun: [MyWebSearch Email Plugin] c:\arquiv~1\mywebs~1\bar\2.bin\mwsoemon.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [<NO NAME>]

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\documents and settings\usuario\meus documentos\assistente tecnico speedy\bin\matcli.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe

uPolicies-explorer: NoSMHelp = 1 (0x1)

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-system: DisableTaskMgr = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm218YYBR

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: google.com\www

Trusted Zone: orkut.com.br

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.elancers.net/erv2/vagas/activex/smsx.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: c:\arquiv~1\bandoo\bndhook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-4 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-4 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-4 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2009-5-4 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-5-4 297752]

R2 Bandoo Coordinator;Bandoo Coordinator;c:\arquiv~1\bandoo\Bandoo.exe [2009-10-17 1516480]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-12 54752]

R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

R3 cpuz129;cpuz129;\??\c:\windows\temp\cpuz_x32.sys --> c:\windows\temp\cpuz_x32.sys [?]

R3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\nitropc\NitroPCService.exe [2009-5-29 847376]

S2 MyWebSearchService;My Web Search Service;c:\arquiv~1\mywebs~1\bar\2.bin\mwssvc.exe [2009-9-26 28762]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-11-02 17:19:53 0 d-----w- c:\docume~1\usuario\dadosd~1\AVG8

2009-11-02 14:39:17 0 d-----w- c:\arquivos de programas\CCleaner

2009-11-02 14:15:35 0 d-----w- c:\arquivos de programas\NitroPC

2009-10-25 17:01:01 0 d-----w- C:\Program Files

2009-10-25 17:00:33 0 d-----w- C:\users

2009-10-24 15:05:10 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-24 15:02:30 72 ----a-w- c:\windows\system32\msvcr92d.usr

2009-10-24 15:02:30 48 ----a-w- c:\windows\system32\msvcr92d.cfg

2009-10-24 15:02:29 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

2009-10-17 17:33:52 0 d-----w- c:\docume~1\usuario\dadosd~1\Bandoo

2009-10-17 17:33:21 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Bandoo

2009-10-17 17:32:55 0 d-----w- c:\arquivos de programas\Bandoo

2009-10-12 15:03:34 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-10-12 14:55:41 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-10-12 14:55:40 0 d-----w- c:\windows\system32\DirectX

2009-10-12 14:55:37 0 d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-10-12 14:53:05 0 d-----w- c:\arquivos de programas\Microsoft

2009-10-10 00:50:42 0 d-----w- c:\docume~1\usuario\dadosd~1\HpUpdate

2009-10-10 00:50:39 0 d-----w- c:\windows\Hewlett-Packard

==================== Find3M ====================

2009-10-12 16:40:30 67580 ----a-w- c:\windows\system32\perfc016.dat

2009-10-12 16:40:30 425404 ----a-w- c:\windows\system32\perfh016.dat

2009-09-26 21:28:08 28672 ----a-w- c:\windows\system32\f3PSSavr.scr

2009-05-04 18:06:02 32768 --sha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009050420090505\index.dat

2009-05-04 18:06:02 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 15:44:04,10 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/5/2009 15:04:38

System Uptime: 11/3/2009 13:52:18 (5690 hours ago)

Motherboard: | | P4M266A-8235

Processor: Intel® Celeron® CPU 2.26GHz | Socket 478 | 2260/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 29,724 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP10: 20/5/2009 20:42:20 - Ponto de verificação do sistema

RP11: 23/5/2009 12:46:43 - Ponto de verificação do sistema

RP12: 24/5/2009 17:27:11 - Ponto de verificação do sistema

RP13: 28/5/2009 08:37:07 - Avg8 Update

RP14: 28/5/2009 08:49:34 - Avg8 Update

RP15: 31/5/2009 19:04:28 - Ponto de verificação do sistema

RP16: 4/6/2009 19:37:24 - Ponto de verificação do sistema

RP17: 7/6/2009 13:41:51 - Ponto de verificação do sistema

RP18: 8/6/2009 20:25:41 - Ponto de verificação do sistema

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Shockwave Player 11.5

AiO_Scan_CDA

AiOSoftwareNPI

Assistente de Conexão do Windows Live

Assistente Técnico Speedy

AVG 8.5

Bandoo

BufferChm

C3100

c3100_Help

CCleaner

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Dirrect X11Beta

Discador iTelefonica

DocProc

DocProcQFolder

eSupportQFolder

Fax_CDA

Ferramenta de Carregamento do Windows Live

Google Toolbar for Internet Explorer

HP Customer Participation Program 7.0

HP Imaging Device Functions 7.0

HP Photosmart Essential

HP Photosmart, Officejet and Deskjet 7.0.A

HP Product Assistant

HP Solution Center 7.0

HP Update

HPPhotoSmartExpress

HPProductAssistant

InstantShareDevicesMFC

InterApp Control 1.50

Java 6 Update 15

Junk Mail filter update

MarketResearch

MediaBar 2.0

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edição 2003

Microsoft Search Enhancement Pack

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Motorola SM56 Speakerphone Modem

MSVCRT

My Web Search (Webfetti)

NewCopy_CDA

NitroPC

OCR Software by I.R.I.S 7.0

PanoStandAlone

Picasa 3

ProductContextNPI

QFolder

Readme

Scan

ScannerCopy

Segoe UI

Shareaza

SolutionCenter

Speedy

Spider-Man 2

Status

Toolbox

TrayApp

Unload

VIA Audio Driver Setup Program

WebFldrs XP

WebReg

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Proteção para a Família

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

==== End Of File ===========================

GMER 1.0.15.15163 - http://www.gmer.net

Rootkit scan 2009-11-03 17:41:32

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\usuario\CONFIG~1\Temp\uxtdapod.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\TEMP\cpuz_x32.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C49315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D1DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00D1DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D24832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C81CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E3E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E3DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E3DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E3DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E3DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E3E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E3DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 00D2488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C49315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D24832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E3E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E3DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E3DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E3DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E3DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E3E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E3DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] C:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 01008E60

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01008B50

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01001280

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01002620

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 01005CC0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01003800

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01002BD0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 01005000

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 01008030

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 01008070

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 010091B0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 01007C30

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 01005C20

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01004330

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01003400

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01003DB0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 01009730

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 01005350

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 01005A80

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 010066B0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 01006190

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 01006630

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 01007190

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 01006860

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01003000

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 010041E0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 01008150

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 010062D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 01005BC0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 01005780

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 01005DD0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 010091D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 010060D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 01009470

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 01009410

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 01009660

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 01009700

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 01009530

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A

Reg HKLM\SOFTWARE\Classes\Interface\{683130A6-2E50-11D2-98A5-00C04F8EE1C4}\@ {455ACF57-5345-11D2-99CF-00C04F797BC9}

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition@ Microsoft OLE DB Row Position Library

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CLSID

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CLSID@ {2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CurVer

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CurVer@ RowPosition.RowPosition.1

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites
 
Cara albavss

Para onde você os enviou? É para postar aqui neste tópico!

Pode deixar até terminarmos...

Abraços :D

Oi, Diego,

Me desculpe na realidade digitei e enviei, quando ví, advinha, esquecí de postar, mais agora vai aí

Obrigadão mesmo hein!

O arquivo: C:\Arquivos de programas\NitroPC\NitroPC.exe, não sabia que era tão grande assim, baixei, mais não estou usando, você acha que tem algum problema se desinstalar?

DDS (Ver_09-10-26.01) - NTFSx86

Run by usuario at 15:43:33,73 on ter 03/11/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.397 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\Bandoo\Bandoo.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\DOCUME~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\winmgr\winmgr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\ARQUIV~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe

C:\Documents and Settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\NitroPC\NitroPCService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\Bandoo\BndCore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wmpnet.exe

C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\WH5C20L6\dds[1].scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.shareazaweb.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSSRCAS.DLL

BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSSRCAS.DLL

BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSBAR.DLL

BHO: Microsoft C Runtime Library: {28a21d67-a6c7-4a14-a35c-ee0d16c3b906} - c:\windows\system32\msvcr92d.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\arquivos de programas\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: UrlHelper Class: {cfc4f59b-a2da-4e12-b337-52a4f871e10c} - c:\arquivos de programas\shareaza applications\shareaza\ShareazaIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\arquivos de programas\bandoo\plugins\ie\ieplugin.dll

TB: Shareaza MediaBar: {196c3a46-4758-433d-a600-802c804af39c} - c:\arquivos de programas\shareaza applications\shareaza mediabar\ShareazaMediaBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll

TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\arquivos de programas\mywebsearch\bar\2.bin\MWSBAR.DLL

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [NitroPC] "c:\arquivos de programas\nitropc\NitroPC.exe" -minimized

uRun: [swg] "c:\arquivos de programas\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MyWebSearch Email Plugin] c:\arquiv~1\mywebs~1\bar\2.bin\mwsoemon.exe

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [AudioDeck] c:\arquivos de programas\viaudioi\sbadeck\ADeck.exe 1

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [Motive SmartBridge] "c:\docume~1\usuario\meusdo~1\assist~1\smartb~1\MotiveSB.exe" /restart

mRun: [WindowsXP AutoUpdate] c:\documents and settings\usuario\dados de aplicativos\wuauct.exe

mRun: [WinMgr] c:\windows\winmgr\winmgr.exe /auto

mRun: [WinampAgent] "c:\documents and settings\usuario\meus documentos\winamp\winampa.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [MyWebSearch Plugin] rundll32 c:\arquiv~1\mywebs~1\bar\2.bin\M3PLUGIN.DLL,UPF

mRun: [My Web Search Bar Search Scope Monitor] "c:\arquiv~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

mRun: [MyWebSearch Email Plugin] c:\arquiv~1\mywebs~1\bar\2.bin\mwsoemon.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [<NO NAME>]

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\assist~1.lnk - c:\documents and settings\usuario\meus documentos\assistente tecnico speedy\bin\matcli.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe

uPolicies-explorer: NoSMHelp = 1 (0x1)

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-system: DisableTaskMgr = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm218YYBR

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: google.com\www

Trusted Zone: orkut.com.br

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.elancers.net/erv2/vagas/activex/smsx.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: c:\arquiv~1\bandoo\bndhook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-5-4 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-4 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-4 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2009-5-4 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-5-4 297752]

R2 Bandoo Coordinator;Bandoo Coordinator;c:\arquiv~1\bandoo\Bandoo.exe [2009-10-17 1516480]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-12 54752]

R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

R3 cpuz129;cpuz129;\??\c:\windows\temp\cpuz_x32.sys --> c:\windows\temp\cpuz_x32.sys [?]

R3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\nitropc\NitroPCService.exe [2009-5-29 847376]

S2 MyWebSearchService;My Web Search Service;c:\arquiv~1\mywebs~1\bar\2.bin\mwssvc.exe [2009-9-26 28762]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-11-02 17:19:53 0 d-----w- c:\docume~1\usuario\dadosd~1\AVG8

2009-11-02 14:39:17 0 d-----w- c:\arquivos de programas\CCleaner

2009-11-02 14:15:35 0 d-----w- c:\arquivos de programas\NitroPC

2009-10-25 17:01:01 0 d-----w- C:\Program Files

2009-10-25 17:00:33 0 d-----w- C:\users

2009-10-24 15:05:10 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-24 15:02:30 72 ----a-w- c:\windows\system32\msvcr92d.usr

2009-10-24 15:02:30 48 ----a-w- c:\windows\system32\msvcr92d.cfg

2009-10-24 15:02:29 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

2009-10-17 17:33:52 0 d-----w- c:\docume~1\usuario\dadosd~1\Bandoo

2009-10-17 17:33:21 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Bandoo

2009-10-17 17:32:55 0 d-----w- c:\arquivos de programas\Bandoo

2009-10-12 15:03:34 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-10-12 14:55:41 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-10-12 14:55:40 0 d-----w- c:\windows\system32\DirectX

2009-10-12 14:55:37 0 d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-10-12 14:53:05 0 d-----w- c:\arquivos de programas\Microsoft

2009-10-10 00:50:42 0 d-----w- c:\docume~1\usuario\dadosd~1\HpUpdate

2009-10-10 00:50:39 0 d-----w- c:\windows\Hewlett-Packard

==================== Find3M ====================

2009-10-12 16:40:30 67580 ----a-w- c:\windows\system32\perfc016.dat

2009-10-12 16:40:30 425404 ----a-w- c:\windows\system32\perfh016.dat

2009-09-26 21:28:08 28672 ----a-w- c:\windows\system32\f3PSSavr.scr

2009-05-04 18:06:02 32768 --sha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009050420090505\index.dat

2009-05-04 18:06:02 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 15:44:04,10 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/5/2009 15:04:38

System Uptime: 11/3/2009 13:52:18 (5690 hours ago)

Motherboard: | | P4M266A-8235

Processor: Intel® Celeron® CPU 2.26GHz | Socket 478 | 2260/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 29,724 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP10: 20/5/2009 20:42:20 - Ponto de verificação do sistema

RP11: 23/5/2009 12:46:43 - Ponto de verificação do sistema

RP12: 24/5/2009 17:27:11 - Ponto de verificação do sistema

RP13: 28/5/2009 08:37:07 - Avg8 Update

RP14: 28/5/2009 08:49:34 - Avg8 Update

RP15: 31/5/2009 19:04:28 - Ponto de verificação do sistema

RP16: 4/6/2009 19:37:24 - Ponto de verificação do sistema

RP17: 7/6/2009 13:41:51 - Ponto de verificação do sistema

RP18: 8/6/2009 20:25:41 - Ponto de verificação do sistema

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Shockwave Player 11.5

AiO_Scan_CDA

AiOSoftwareNPI

Assistente de Conexão do Windows Live

Assistente Técnico Speedy

AVG 8.5

Bandoo

BufferChm

C3100

c3100_Help

CCleaner

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

Dirrect X11Beta

Discador iTelefonica

DocProc

DocProcQFolder

eSupportQFolder

Fax_CDA

Ferramenta de Carregamento do Windows Live

Google Toolbar for Internet Explorer

HP Customer Participation Program 7.0

HP Imaging Device Functions 7.0

HP Photosmart Essential

HP Photosmart, Officejet and Deskjet 7.0.A

HP Product Assistant

HP Solution Center 7.0

HP Update

HPPhotoSmartExpress

HPProductAssistant

InstantShareDevicesMFC

InterApp Control 1.50

Java 6 Update 15

Junk Mail filter update

MarketResearch

MediaBar 2.0

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edição 2003

Microsoft Search Enhancement Pack

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Motorola SM56 Speakerphone Modem

MSVCRT

My Web Search (Webfetti)

NewCopy_CDA

NitroPC

OCR Software by I.R.I.S 7.0

PanoStandAlone

Picasa 3

ProductContextNPI

QFolder

Readme

Scan

ScannerCopy

Segoe UI

Shareaza

SolutionCenter

Speedy

Spider-Man 2

Status

Toolbox

TrayApp

Unload

VIA Audio Driver Setup Program

WebFldrs XP

WebReg

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Proteção para a Família

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

==== End Of File ===========================

GMER 1.0.15.15163 - http://www.gmer.net

Rootkit scan 2009-11-03 17:41:32

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\usuario\CONFIG~1\Temp\uxtdapod.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\TEMP\cpuz_x32.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C49315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D1DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 00D1DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D24832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C81CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E3E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E3DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E3DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E3DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E3DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E3E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E3DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 00D2488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 00C49315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 00D24832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 00E3E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 00E3DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 00E3DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 00E3DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 00E3DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 00E3E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[4352] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 00E3DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE[1836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009418FD] C:\Arquivos de programas\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 01008E60

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01008B50

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01001280

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01002620

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 01005CC0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01003800

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01002BD0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 01005000

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 01008030

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 01008070

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 010091B0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 01007C30

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 01005C20

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01004330

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01003400

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01003DB0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 01009730

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 01005350

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 01005A80

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 010066B0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 01006190

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 01006630

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 01007190

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 01006860

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01003000

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 010041E0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 01008150

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 010062D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 01005BC0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 01005780

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 01005DD0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 010091D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 010060D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 01009470

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 01009410

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 01009660

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 01009700

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[5544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 01009530

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\Interface\{66833FE7-8583-11D1-B16A

Reg HKLM\SOFTWARE\Classes\Interface\{683130A6-2E50-11D2-98A5-00C04F8EE1C4}\@ {455ACF57-5345-11D2-99CF-00C04F797BC9}

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition@ Microsoft OLE DB Row Position Library

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CLSID

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CLSID@ {2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CurVer

Reg HKLM\SOFTWARE\Classes\RowPosition.RowPosition\CurVer@ RowPosition.RowPosition.1

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

>>>> Encontra-se instalado em seu computador o Google Toolbar; toolbars recolhem informações do usuário sem consentimento, fazendo também downloads de plugins sem premissão... Caso opte pela desinstalação não a faça ainda, apenas me informe :)

# Etapa nº 1 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

# Etapa nº 2 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Olá Diego,

Aí vão as 2 etapas que você pediu. Só me tire uma dúvida, eu tenho o AVG, ele não protege contra esses virus nâo?

Um abraço e obrigada:D

1ª Etapa

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3104

Windows 5.1.2600 Service Pack 3

5/11/2009 10:31:07

mbam-log-2009-11-05 (10-31-07).txt

Tipo de Verificação: Rápida

Objetos verificados: 99205

Tempo decorrido: 6 minute(s), 48 second(s)

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 144

Valores do Registro infectados: 10

Ítens do Registro infectados: 2

Pastas infectadas: 20

Arquivos infectados: 114

Processos da Memória infectados:

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28a21d67-a6c7-4a14-a35c-ee0d16c3b906} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{28a21d67-a6c7-4a14-a35c-ee0d16c3b906} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28a21d67-a6c7-4a14-a35c-ee0d16c3b906} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsXP AutoUpdate (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:

C:\Documents and Settings\usuario\Dados de aplicativos\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\usuario\Dados de aplicativos\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\usuario\Dados de aplicativos\FunWebProducts\Data\usuario (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.

C:\Arquivos de programas\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.

C:\Arquivos de programas\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.

C:\Arquivos de programas\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\WINDOWS\system32\msvcr92d.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\usuario\Dados de aplicativos\FunWebProducts\Data\usuario\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\ScreenSaver\Images\004478EE.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\Shared\00F48828.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\0002C6C1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\00057B61 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\000769D3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\001232D0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\004528B6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\00453086.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\00453BB1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\0045443D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\00454844.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\logo_ZJ.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\logo_ZR.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtnbg.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtnn1.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtnn2.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtny1.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebbtny2.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebclose.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebut.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\rebut2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\reb_bg.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Arquivos de programas\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\usuario\Dados de aplicativos\wuauct.exe (Trojan.Agent) -> Quarantined and deleted successfully.

2ª Etapa

ComboFix 09-11-05.01 - usuario 05/11/2009 15:37.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.673 [GMT -3:00]

Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\usuario\Dados de aplicativos\bnin.sys

c:\recycler\S-1-5-21-1123561945-1343024091-839522115-500

c:\windows\system32\msconfig.exe

c:\windows\winmgr

c:\windows\winmgr\licença.txt

c:\windows\winmgr\winmgr.chm

c:\windows\winmgr\winmgr.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_NWCWORKSTATION

-------\Service_MyWebSearchService

-------\Service_NWCWorkstation

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-05 to 2009-11-05 ))))))))))))))))))))))))))))

.

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-04 17:24 . 2009-11-04 17:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\2632C

2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb

2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb

2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8

2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner

2009-11-02 14:15 . 2009-11-02 14:15 -------- d-----w- c:\arquivos de programas\NitroPC

2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files

2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users

2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo

2009-10-17 17:33 . 2009-10-17 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo

2009-10-17 17:32 . 2009-10-17 17:33 -------- d-----w- c:\arquivos de programas\Bandoo

2009-10-12 15:03 . 2009-10-12 15:03 -------- dc----w- c:\windows\system32\DRVSTORE

2009-10-12 15:03 . 2009-08-06 01:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework

2009-10-12 14:55 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft

2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-10 00:50 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate

2009-10-10 00:50 . 2009-10-10 00:50 -------- d-----w- c:\windows\Hewlett-Packard

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-05 18:46 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp

2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications

2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG

2009-10-12 16:40 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat

2009-10-12 16:40 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat

2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP

2009-10-02 21:19 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2009-09-12 20:00 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

.

------- Sigcheck -------

[-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\wscntfy.exe ... está faltando !!

c:\windows\system32\regsvc.dll ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]

2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]

2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]

2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2009-05-30 4699664]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-03 20:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\NitroPC\\NitroPC.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/5/2009 15:39 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/5/2009 15:39 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/5/2009 15:39 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [4/5/2009 15:39 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [4/5/2009 15:39 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752]

R3 cpuz129;cpuz129;\??\c:\windows\TEMP\cpuz_x32.sys --> c:\windows\TEMP\cpuz_x32.sys [?]

R3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\NitroPC\NitroPCService.exe [29/5/2009 23:29 847376]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - HELPSVC

*NewlyCreated* - MBR

*Deregistered* - mbr

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-05 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: google.com\www

Trusted Zone: orkut.com.br

TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)

HKCU-Run-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM-Run-WinMgr - c:\windows\winmgr\winmgr.exe

HKLM-Run-WinampAgent - c:\documents and settings\usuario\Meus documentos\Winamp\winampa.exe

AddRemove-DiscadorCompitelefonica - c:\arquivos de programas\Discador itelefonica\DiscadorCompitelefonica u

AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-05 15:46

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3884)

c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquiv~1\AVG\AVG8\avgam.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe

c:\arquiv~1\Bandoo\Bandoo.exe

c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-11-05 15:49 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-05 18:49

Pré-execução: 6 pasta(s) 31.737.815.040 bytes disponíveis

Pós execução: 10 pasta(s) 31.789.502.464 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F819C599F612683D4333351D05FE8BEC

:P

Editado por diego_moicano
Poluição visual

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

Não é preciso citar sempre minhas instruções, dependo do caso isto traz muita poluição visual ;)

Só me tire uma dúvida, eu tenho o AVG, ele não protege contra esses virus nâo?
MyWebSearch é um adware, talvez ele tenha sido adicionado em seu computador quando instalou algum programa, leia mais: http://www.linhadefensiva.org/2005/06/adwares/

>>>> Você conhece este programa: Bandoo

>>>> Você tem o CD de instalação do Windwos?

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

http://forum.clubedohardware.com.br/tela-mensagem-nao/733131

Collect::
c:\windows\system32\wmpnet.exe

MIA::
c:\windows\system32\sfcfiles.dll

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

**Nota**

  • Quando o ComboFix terminar, o log surgirá junto com uma caixa de mensagem. De acordo com o script acima, o ComboFix irá coletar os arquivos para serem analisados.
  • Certifique-se de estar conectado à internet e clique em OK na mensagem.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Caro Diego

Tenho sim o CD de instalação do windows

Bandoo é um programa com variedades de Smiles para msn e emails

Muito Obrigado:)

C:\ComboFix.txt.

ComboFix 09-11-05.05 - usuario 06/11/2009 11:15.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.656 [GMT -3:00]

Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.lnk

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_NWCWORKSTATION

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))

.

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-04 17:24 . 2009-11-04 17:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\2632C

2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb

2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb

2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8

2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner

2009-11-02 14:15 . 2009-11-02 14:15 -------- d-----w- c:\arquivos de programas\NitroPC

2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files

2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users

2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo

2009-10-17 17:33 . 2009-10-17 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo

2009-10-17 17:32 . 2009-10-17 17:33 -------- d-----w- c:\arquivos de programas\Bandoo

2009-10-12 15:03 . 2009-10-12 15:03 -------- dc----w- c:\windows\system32\DRVSTORE

2009-10-12 15:03 . 2009-08-06 01:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework

2009-10-12 14:55 . 2006-11-29 16:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft

2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-10 00:50 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate

2009-10-10 00:50 . 2009-10-10 00:50 -------- d-----w- c:\windows\Hewlett-Packard

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-06 14:26 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp

2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications

2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG

2009-10-12 16:40 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat

2009-10-12 16:40 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat

2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP

2009-10-02 21:19 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2009-09-12 20:00 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

.

------- Sigcheck -------

[-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\wscntfy.exe ... está faltando !!

c:\windows\system32\regsvc.dll ... está faltando !!

.

((((((((((((((((((((((((((((( SnapShot@2009-11-05_18.46.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-06 14:26 . 2009-11-06 14:26 16384 c:\windows\Temp\Perflib_Perfdata_a8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]

2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]

2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]

2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2009-05-30 4699664]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"combofix"="c:\combofix\CF19228.exe" [2009-11-06 400896]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-03 20:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\NitroPC\\NitroPC.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/5/2009 15:39 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/5/2009 15:39 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/5/2009 15:39 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [4/5/2009 15:39 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [4/5/2009 15:39 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752]

R3 cpuz129;cpuz129;\??\c:\windows\TEMP\cpuz_x32.sys --> c:\windows\TEMP\cpuz_x32.sys [?]

R3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\NitroPC\NitroPCService.exe [29/5/2009 23:29 847376]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - mbr

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: google.com\www

Trusted Zone: orkut.com.br

TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-06 11:26

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(4076)

c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquiv~1\AVG\AVG8\avgam.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe

c:\arquiv~1\Bandoo\Bandoo.exe

c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-11-06 11:30 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-06 14:30

ComboFix2.txt 2009-11-05 18:49

Pré-execução: 8 pasta(s) 31.751.753.728 bytes disponíveis

Pós execução: 10 pasta(s) 31.744.491.520 bytes disponíveis

- - End Of File - - 161CC5C26FB33A527B1804F90DFF7F67

Editado por diego_moicano

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

REPITO:

Cara albavss

Não é preciso CITAR sempre minhas instruções, dependo do caso isto traz muita poluição visual ;)

Etapa nº 1 #

1) Coloque o CD do Windows no drive;

2) Se abrir uma janela feche-a;

3) Reinicie o computador;

4) Entre no Console de Recuperação: tecle R quando for pedido;

5) No prompt digite:

a) O número da unidade do Windows: geralmente é 1.

B) Coloque a senha do Administrador caso peça.

6) Agora digite:

copy X:/i386/sfcfiles.dl_ c:/windows/system32 <Enter>

copy X:/i386/regsvc.dl_ c:/windows/system32 <Enter>

copy X:/i386/wscntfy.ex_ c:/windows/system32 <Enter>

Agora digite cd system32 <Enter>

Digite

expand sfcfiles.dl_ <Enter>

Confirme o pedido de substituição.

expand regsvc.dl_ <Enter>

Confirme o pedido de substituição.

expand wscntfy.ex_ <Enter>

Confirme o pedido de substituição.

Depois digite

del sfcfiles.dl_ <Enter>

del regsvc.dl_ <Enter>

del wscntfy.ex_ <Enter>

7) Por fim digite exit

8) Reinicie o computador.

Note1: sfcfiles.dl_ (não é .dll e sim .dl_ [underline]).

Note2: depois dl_ existe um espaço (um toque na barra de espaço).

Note3: X é a unidade de drive do CD.

Etapa nº 2 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\windows\system32\wmpnet.exe

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Oi Diego,:D

Não estou conseguindo realizar a primeira etapa, coloco o cd no dive e não acontece nada, então reinicio conforme citado, aparece uma tela preta e pede para clicar em qualquer tecla para iniciar do cd, então fiz isso, mais também não aconteceu nada e ficou parado, tive que desligar o computador pela CPU, pois nenhuma tecla respondia, agora ficou um pouco pior o computador está completamente lento e trava toda hora.

Você acha que devo trocar o AVG pelo Avast? Qual é o melhor?

Aguardo orientações

Grata

Alba:confused:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

Não estou conseguindo realizar a primeira etapa, coloco o cd no dive e não acontece nada, então reinicio conforme citado, aparece uma tela preta e pede para clicar em qualquer tecla para iniciar do cd, então fiz isso, mais também não aconteceu nada e ficou parado
Este é o CD que foi usado para a instalação do Windows em seu computador?
agora ficou um pouco pior o computador está completamente lento e trava toda hora.
Só o fato de não rodar o CD não justifica o que mencionou...
Você acha que devo trocar o AVG pelo Avast? Qual é o melhor?
Isso vai de cada usuário... só não pode ficar com os dois :)

E a 2º Etapa você fez?

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Oi Diego,

Quanto a etapa 1, o CD roda, mais não aparece aquilo que você mencionou,ou seja, o console de recuperação, não aparece onde devo digitar o número da unidade do Windows, enfim, aparece aquela tela que mencionei.

Quanto a etapa 2, posso fazer sem sem ter feito a 1?

Muito obrigado pela paciência!!!!!! :unsure:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

Peço que pare de ficar mandando MP para mim; lembrando que aqui é um trabalho voluntário!

Quanto a etapa 1, o CD roda, mais não aparece aquilo que você mencionou,ou seja, o console de recuperação, não aparece onde devo digitar o número da unidade do Windows, enfim, aparece aquela tela que mencionei.
De duas ou uma, ou você está fazendo algo errado ou o CD está danificado... mas vamos deixar esta parte para depois.

Prossiga com a 2º Etapa e poste o log aqui.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Caro Diego,

Quero me desculpar por te incomodado com MP, não tive a intenção te apressar, é que não tinha conseguido abrir o fórum, e a resposta na realidade já estava aquí!!!:(

Com relação a etapa 1 o CD que tenho, não é o mesmo que foi usado para a instalação em meu computador.Tentei novamente e conseguí, quando fui digitar sua orientação:copy X:/i386/sfcfiles.dl_ c:/windows/system32 <Enter>, apareceu escrito:O caminho ou ficheiro especificado é inválido, tentei várias vezes e não saiu disso, então desistí e passei para 2ª Etapa, e aí vai.

Muito obrigado!-_-

ComboFix 09-11-05.05 - usuario 15/11/2009 19:04.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.796 [GMT -3:00]

Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.lnk

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-15 to 2009-11-15 ))))))))))))))))))))))))))))

.

2009-11-15 19:40 . 2009-11-15 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\1B5D

2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan

2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan

2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-11-11 00:38 . 2009-11-11 00:28 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb

2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb

2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8

2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner

2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files

2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users

2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe

2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo

2009-10-17 17:33 . 2009-10-17 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo

2009-10-17 17:32 . 2009-10-17 17:33 -------- d-----w- c:\arquivos de programas\Bandoo

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat

2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat

2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp

2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications

2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG

2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework

2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft

2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate

2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP

2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

.

------- Sigcheck -------

[-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\wscntfy.exe ... está faltando !!

c:\windows\system32\regsvc.dll ... está faltando !!

.

((((((((((((((((((((((((((((( SnapShot@2009-11-05_18.46.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-15 21:14 . 2009-11-15 21:15 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat

+ 2009-11-15 21:52 . 2009-11-15 21:52 16384 c:\windows\Temp\Perflib_Perfdata_508.dat

+ 2008-04-14 07:00 . 2009-11-12 17:14 58910 c:\windows\system32\perfc009.dat

- 2008-04-14 07:00 . 2009-10-12 16:40 58910 c:\windows\system32\perfc009.dat

+ 2009-11-13 01:17 . 2009-11-13 01:17 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 13894 c:\windows\system32\dllcache\zonelibm.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 13894 c:\windows\system32\dllcache\zonelibm.dll

- 2009-05-04 17:46 . 2008-04-14 07:00 29760 c:\windows\system32\dllcache\znetm.dll

+ 2009-05-04 17:46 . 2001-10-28 17:07 29760 c:\windows\system32\dllcache\znetm.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 41029 c:\windows\system32\dllcache\zcorem.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 41029 c:\windows\system32\dllcache\zcorem.dll

+ 2009-05-04 17:46 . 2001-10-28 17:07 36937 c:\windows\system32\dllcache\zclientm.exe

- 2009-05-04 17:46 . 2008-04-14 07:00 36937 c:\windows\system32\dllcache\zclientm.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 32339 c:\windows\system32\dllcache\uniansi.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 32339 c:\windows\system32\dllcache\uniansi.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 42573 c:\windows\system32\dllcache\shvlzm.exe

+ 2009-05-04 17:47 . 2001-10-28 17:07 42573 c:\windows\system32\dllcache\shvlzm.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 66113 c:\windows\system32\dllcache\shvl.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 66113 c:\windows\system32\dllcache\shvl.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 42574 c:\windows\system32\dllcache\rvsezm.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 42574 c:\windows\system32\dllcache\rvsezm.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 48706 c:\windows\system32\dllcache\rvse.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 48706 c:\windows\system32\dllcache\rvse.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 42573 c:\windows\system32\dllcache\hrtzzm.exe

+ 2009-05-04 17:47 . 2001-10-28 17:06 42573 c:\windows\system32\dllcache\hrtzzm.exe

+ 2009-05-04 17:47 . 2001-10-28 17:06 57409 c:\windows\system32\dllcache\hrtz.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 57409 c:\windows\system32\dllcache\hrtz.dll

+ 2009-05-04 17:47 . 2001-10-28 17:06 42575 c:\windows\system32\dllcache\chkrzm.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 42575 c:\windows\system32\dllcache\chkrzm.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 40515 c:\windows\system32\dllcache\chkr.dll

+ 2009-05-04 17:47 . 2001-10-28 17:06 40515 c:\windows\system32\dllcache\chkr.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 42577 c:\windows\system32\dllcache\bckgzm.exe

+ 2009-05-04 17:47 . 2001-10-28 17:06 42577 c:\windows\system32\dllcache\bckgzm.exe

- 2009-05-04 17:47 . 2008-04-14 07:00 82501 c:\windows\system32\dllcache\bckg.dll

+ 2009-05-04 17:47 . 2001-10-28 17:06 82501 c:\windows\system32\dllcache\bckg.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 4677 c:\windows\system32\dllcache\zeeverm.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 4677 c:\windows\system32\dllcache\zeeverm.dll

+ 2008-04-14 07:00 . 2009-11-12 17:14 392610 c:\windows\system32\perfh009.dat

- 2008-04-14 07:00 . 2009-10-12 16:40 392610 c:\windows\system32\perfh009.dat

- 2009-05-04 17:46 . 2008-04-14 07:00 113222 c:\windows\system32\dllcache\zoneclim.dll

+ 2009-05-04 17:46 . 2001-10-28 17:07 113222 c:\windows\system32\dllcache\zoneclim.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 753236 c:\windows\system32\dllcache\rvseres.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 753236 c:\windows\system32\dllcache\rvseres.dll

- 2009-05-04 17:46 . 2008-04-14 07:00 217160 c:\windows\system32\dllcache\cmnclim.dll

+ 2009-05-04 17:46 . 2001-10-28 17:06 217160 c:\windows\system32\dllcache\cmnclim.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 781397 c:\windows\system32\dllcache\chkrres.dll

+ 2009-05-04 17:47 . 2001-10-28 17:06 781397 c:\windows\system32\dllcache\chkrres.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 2178131 c:\windows\system32\dllcache\shvlres.dll

+ 2009-05-04 17:47 . 2001-10-28 17:07 2178131 c:\windows\system32\dllcache\shvlres.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 1175635 c:\windows\system32\dllcache\hrtzres.dll

+ 2009-05-04 17:47 . 2001-10-28 17:06 1175635 c:\windows\system32\dllcache\hrtzres.dll

- 2009-05-04 17:46 . 2008-04-14 07:00 1042003 c:\windows\system32\dllcache\cmnresm.dll

+ 2009-05-04 17:46 . 2001-10-28 17:06 1042003 c:\windows\system32\dllcache\cmnresm.dll

- 2009-05-04 17:47 . 2008-04-14 07:00 1817687 c:\windows\system32\dllcache\bckgres.dll

+ 2009-05-04 17:47 . 2001-10-28 17:06 1817687 c:\windows\system32\dllcache\bckgres.dll

+ 2009-11-10 13:04 . 2009-11-10 13:04 3957760 c:\windows\Installer\14c524.msi

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - mbr

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-15 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: google.com\www

Trusted Zone: orkut.com.br

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-NitroPC - c:\arquivos de programas\NitroPC\NitroPC.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-15 19:05

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2076)

c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-11-15 19:08

ComboFix-quarantined-files.txt 2009-11-15 22:08

ComboFix2.txt 2009-11-06 14:30

ComboFix3.txt 2009-11-05 18:49

Pré-execução: 8 pasta(s) 31.979.659.264 bytes disponíveis

Pós execução: 10 pasta(s) 32.042.979.328 bytes disponíveis

- - End Of File - - 255111D636B48985F8AF1B79F14C3D03

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

não é o mesmo que foi usado para a instalação em meu computador.
Então não adianta, não vai nos servir...

Delete o ComboFix.exe de seu desktop. Baixe um outro, do site indicado anteriormente, e execute-o siguindo as instruções abaixo:

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

SRPeek::
c:\windows\system32\sfcfiles.dll
c:\windows\system32\wscntfy.exe
c:\windows\system32\regsvc.dll

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Oi Diego,

Aí está o que me pediu!:D

Grata

ComboFix 09-11-16.05 - usuario 16/11/2009 14:51.4.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.778 [GMT -3:00]

Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Sites possivelmente infectados -----

hxxp://armmf.adobe.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_NWCWORKSTATION

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-16 to 2009-11-16 ))))))))))))))))))))))))))))

.

2009-11-16 00:26 . 2009-11-16 00:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zylom

2009-11-15 19:40 . 2009-11-15 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\1B5D

2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan

2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan

2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-11-11 00:38 . 2009-11-11 00:28 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb

2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb

2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8

2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner

2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files

2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users

2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat

2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat

2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp

2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications

2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG

2009-10-17 17:35 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo

2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo

2009-10-17 17:33 . 2009-10-17 17:32 -------- d-----w- c:\arquivos de programas\Bandoo

2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework

2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft

2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate

2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP

2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

------- Sigcheck -------

[-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\wscntfy.exe ... está faltando !!

c:\windows\system32\regsvc.dll ... está faltando !!

.

((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.05.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-16 17:59 . 2009-11-16 17:59 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat

+ 2009-11-16 17:59 . 2009-11-16 17:59 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat

+ 2006-08-29 17:17 . 2006-08-29 17:17 161976 c:\windows\Downloaded Program Files\zylomgamesplayer.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A464A080-080E-4296-A8FF-A77E1F1AD410}]

2009-11-11 00:28 2591744 ----a-w- c:\windows\system32\msvcr92d.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]

2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]

2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]

2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - mbr

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: google.com\www

Trusted Zone: orkut.com.br

TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-16 15:00

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(1688)

c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\arquiv~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\1046\OWCI10.DLL

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\msls31.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquiv~1\Bandoo\Bandoo.exe

c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe

c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE

c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE

c:\arquivos de programas\Alwil Software\Avast4\setup\avast.setup

.

**************************************************************************

.

Tempo para conclusão: 2009-11-16 15:04 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-16 18:04

ComboFix2.txt 2009-11-15 22:08

ComboFix3.txt 2009-11-06 14:30

ComboFix4.txt 2009-11-05 18:49

Pré-execução: 8 pasta(s) 32.015.253.504 bytes disponíveis

Pós execução: 10 pasta(s) 31.997.784.064 bytes disponíveis

- - End Of File - - 1AF5C2FBF9C76693394FC8FA4294DB72

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

Etapa nº 1 #

>>>> Por acaso você está utilizando pendrive ou semelhante?

Etapa nº 2 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\windows\system32\wmpnet.exe
c:\windows\system32\msvcr92d.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A464A080-080E-4296-A8FF-A77E1F1AD410}]

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Etapa nº 3 #

Abra o MalwareBytes, atualize-o, faça um novo scan e poste o resultado aqui.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Olá Diego_moicano

Aí vão as 3 etapas solicitada.

Meu micro está um tormento preciso fazer logoff várias vezes por está travando muito, até os ícones na área de trabalho, as vezes não responde, quando não é necessario reiniciar!:confused:

Obrigada pela orientação e colaboração;)

Etapa 1

Não estou usando pendrive ou semelhante

Etapa 2

ComboFix 09-11-16.05 - usuario 16/11/2009 19:14.6.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.776 [GMT -3:00]

Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.lnk

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-16 to 2009-11-16 ))))))))))))))))))))))))))))

.

2009-11-16 00:26 . 2009-11-16 00:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zylom

2009-11-15 19:40 . 2009-11-15 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\1B5D

2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan

2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan

2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb

2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb

2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe

2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8

2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner

2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files

2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users

2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat

2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat

2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp

2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications

2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG

2009-10-17 17:35 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo

2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo

2009-10-17 17:33 . 2009-10-17 17:32 -------- d-----w- c:\arquivos de programas\Bandoo

2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live

2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework

2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft

2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate

2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP

2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

.

------- Sigcheck -------

[-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\system32\wscntfy.exe ... está faltando !!

c:\windows\system32\regsvc.dll ... está faltando !!

.

((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.05.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-16 22:06 . 2009-11-16 22:06 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat

+ 2009-11-16 22:06 . 2009-11-16 22:06 16384 c:\windows\Temp\Perflib_Perfdata_14c.dat

+ 2006-08-29 17:17 . 2006-08-29 17:17 161976 c:\windows\Downloaded Program Files\zylomgamesplayer.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}]

2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]

2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}]

2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584]

[HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.shareazaweb.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: google.com\www

Trusted Zone: orkut.com.br

TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-16 19:20

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2009-11-16 19:23

ComboFix-quarantined-files.txt 2009-11-16 22:23

ComboFix2.txt 2009-11-16 21:12

ComboFix3.txt 2009-11-16 18:04

ComboFix4.txt 2009-11-15 22:08

ComboFix5.txt 2009-11-16 21:53

Pré-execução: 8 pasta(s) 31.939.653.632 bytes disponíveis

Pós execução: 10 pasta(s) 31.916.146.688 bytes disponíveis

- - End Of File - - B661DE2BF17C680F9D04FFA2CE24F827

Etapa 3

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3181

Windows 5.1.2600 Service Pack 3

16/11/2009 18:40:52

mbam-log-2009-11-16 (18-40-52).txt

Tipo de Verificação: Rápida

Objetos verificados: 99866

Tempo decorrido: 2 minute(s), 47 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 1

Chaves do Registro infectadas: 3

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

C:\WINDOWS\system32\msvcr92d.dll (Trojan.Vundo.H) -> Delete on reboot.

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a464a080-080e-4296-a8ff-a77e1f1ad410} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a464a080-080e-4296-a8ff-a77e1f1ad410} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a464a080-080e-4296-a8ff-a77e1f1ad410} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\WINDOWS\system32\msvcr92d.dll (Trojan.Vundo.H) -> Delete on reboot.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Tenho o CD do Windows, com já citei, mais não é o mesmo que foi instalado no micro:p

Abraços

Alba

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

Tenho o CD do Windows, com já citei,
:hehehe:

Abra o Bloco de Notas, copie (CTRL + C) e copie (CTRL + V) o texto que abaixo está no "CODE":

@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\wscntfy.exe C:\WINDOWS\regsvc.dll >Log.txt
START Log.txt
DEL %0

1) Escolha salvar como colocando em tipo de arquivo: todos os arquivos.

2) Salve o arquivo com o nome Peek.bat no desktop.

3) Ficará um ícone como este 2657868585_482ca05315_o.jpg

4) Clique duas vezes em Peek.bat e deixe o programa ser rodado.

5) Será criado no desktop um arquivo chamado log.txt;

6) Abra-o e poste o resultado em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Caro Diego,

Aí vai o que você solicitou

Grata:D

O volume na unidade C nÆo tem nome.

O n£mero de s‚rie do volume ‚ 8CB5-2FA9

Pasta de C:\WINDOWS\ERDNT\cache

14/04/2008 04:00 184.832 scecli.dll

1 arquivo(s) 184.832 bytes

Pasta de C:\WINDOWS\system32

14/04/2008 04:00 184.832 scecli.dll

1 arquivo(s) 184.832 bytes

Pasta de C:\WINDOWS\system32\dllcache

14/04/2008 04:00 184.832 scecli.dll

1 arquivo(s) 184.832 bytes

Total de arquivos na lista:

3 arquivo(s) 554.496 bytes

0 pasta(s) 31.888.277.504 bytes dispon¡veis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara albavss

Faça o download do BankerFix e salve em seu desktop.

  • Importante:A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que precisar antes de executá-la.
  • Clique duas vezes no ícone instalador do BankerFix.
  • Na janela que abrir clique em Executar. Depois clique em Sim.
  • Abrirá uma janela de aviso, certifique que seu computador esteja conectado a Internet. Clique em Ok
  • Vai perceber uma "movimentação" na barra de tarefas... Na janela que abrir em Ok para executar a ferramenta.
  • Abrirá um prompt. Pressione qualquer tecla para continuar.
  • Aguarde...
  • Novamente, pressione qualquer tecla para continuar.
  • Quando terminar, cole o conteúdo do arquivo C:\LinhaDefensiva\relatorio.txt em sua próxima resposta.

Depois de fazer sua resposta você pode apagar a pasta: C:\LinhaDefensiva

>>>> Por favor, me passe seu e-mail por MP para poder lhe enviar um arquivo!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×