Ir ao conteúdo
  • Cadastre-se

albavss

Membros Plenos
  • Total de itens

    23
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre albavss

  • Data de Nascimento 17-05-1968 (50 anos)

Informações gerais

  • Cidade e Estado
    São Paulo
  1. Sim só mais uma coisa, Quando inicio o computador, o Virus Removal Tool, abre junto e pergunta em inglês se quero desisntalar, não pretendo, mais gostaria de saber se tem uma maneira de ele não abrir, junto, no momento que o micro liga Só esta dúvida, no mais, agradeço pela paciencia e profissionalismo Abraços:D Alba
  2. Olá Diego, Fiz todas as etapas que você orientou, queria saber se há mais alguma coisa a ser feita. Uma observação: após fazer o download do OTCleanIt by OldTimer, após clicar no cleanUp!, o computador, reiniciou, mais o ícone não apareceu mais no desktop, é isso mesmo? Se já chegamos ao final, também gostaria de saber se posso deletar o attach, DDS e Gmer. Aguardo orientações Muito obrigado Alba:D
  3. Caro Diego, Aquí está o que você solicitou E gostaria de saber o que faço com o outro tópico que abrí? Abraços Alba Scan ---- Scanned: 5012 Detected: 0 Untreated: 0 Start time: 21/11/2009 11:10:10 Duration: 00:03:52 Finish time: 21/11/2009 11:14:02 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ 21/11/2009 11:10:25 Running module: smss.exe\smss.exe ok scanned 21/11/2009 11:10:26 File: C:\WINDOWS\System32\smss.exe ok scanned 21/11/2009 11:10:26 Running module: smss.exe\ntdll.dll ok scanned Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ----
  4. Oi Diego,´ Aí vai mais esta etapa. Com relação a sua pergunta da extensão lnk, realmente não sei, por que sigo fielmente aquilo que você me orienta, até por que não sei mexer sozinha e como não entendo, nem percebí Obrigado Alba:D ComboFix 09-11-19.05 - usuario 20/11/2009 8:39.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.770 [GMT -3:00] Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.txt file zipped: c:\windows\system32\wmpnet.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\msvcr92d.cfg c:\windows\system32\msvcr92d.usr c:\windows\system32\wmpnet.exe A cópia de c:\windows\system32\sfcfiles.dll foi encontrada e desinfectada Cópia restaurada de - c:\windows\ERDNT\cache\sfcfiles.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))) . 2009-11-19 12:57 . 2009-11-18 15:26 -------- d-----w- C:\arquivos1 2009-11-19 00:14 . 2009-11-19 00:16 -------- d-----w- C:\LinhaDefensiva 2009-11-16 00:26 . 2009-11-16 00:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zylom 2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan 2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb 2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb 2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe 2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8 2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner 2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files 2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat 2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat 2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica 2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp 2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications 2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG 2009-10-17 17:35 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:32 -------- d-----w- c:\arquivos de programas\Bandoo 2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live 2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft 2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate 2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP 2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll . ((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.05.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-20 11:50 . 2009-11-20 11:50 16384 c:\windows\Temp\Perflib_Perfdata_598.dat + 2009-11-20 11:50 . 2009-11-20 11:50 16384 c:\windows\Temp\Perflib_Perfdata_130.dat + 2009-04-17 21:21 . 2008-04-14 07:00 184832 c:\windows\system32\sfcfiles.dll + 2006-08-29 17:17 . 2006-08-29 17:17 161976 c:\windows\Downloaded Program Files\zylomgamesplayer.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] 2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}] 2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584] [HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-20 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: google.com\www Trusted Zone: orkut.com.br TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-20 08:51 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(2672) c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\arquiv~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\1046\OWCI10.DLL c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquiv~1\Bandoo\Bandoo.exe c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system32\wbem\wmiapsrv.exe c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . Tempo para conclusão: 2009-11-20 08:55 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-11-20 11:55 ComboFix2.txt 2009-11-19 15:51 ComboFix3.txt 2009-11-19 13:26 ComboFix4.txt 2009-11-16 22:23 ComboFix5.txt 2009-11-20 11:36 Pré-execução: 10 pasta(s) 31.806.218.240 bytes disponíveis Pós execução: 12 pasta(s) 31.782.051.840 bytes disponíveis - - End Of File - - E314AD751413BEC5D0C7A5744DDE199B
  5. Oi Diego, Aí está o ComboFix executado novamente. Abraço:D ComboFix 09-11-18.07 - usuario 19/11/2009 12:35.8.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.763 [GMT -3:00] Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . A cópia de c:\windows\system32\sfcfiles.dll foi encontrada e desinfectada Cópia restaurada de - c:\windows\ERDNT\cache\sfcfiles.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))) . 2009-11-19 12:57 . 2009-11-18 15:26 -------- d-----w- C:\arquivos1 2009-11-19 00:14 . 2009-11-19 00:16 -------- d-----w- C:\LinhaDefensiva 2009-11-16 00:26 . 2009-11-16 00:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zylom 2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan 2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb 2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb 2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe 2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8 2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner 2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files 2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users 2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat 2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat 2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica 2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp 2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications 2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG 2009-10-17 17:35 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:32 -------- d-----w- c:\arquivos de programas\Bandoo 2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live 2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft 2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate 2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP 2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll . ((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.05.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-19 15:46 . 2009-11-19 15:46 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat + 2009-11-19 15:46 . 2009-11-19 15:46 16384 c:\windows\Temp\Perflib_Perfdata_590.dat + 2009-04-17 21:21 . 2008-04-14 07:00 184832 c:\windows\system32\sfcfiles.dll + 2006-08-29 17:17 . 2006-08-29 17:17 161976 c:\windows\Downloaded Program Files\zylomgamesplayer.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] 2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}] 2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584] [HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] --- =Outros Serviços/Drivers Na Memória --- *Deregistered* - mbr . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-19 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: google.com\www Trusted Zone: orkut.com.br TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-19 12:47 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(2800) c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquiv~1\Bandoo\Bandoo.exe c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE c:\arquivos de programas\Alwil Software\Avast4\setup\avast.setup . ************************************************************************** . Tempo para conclusão: 2009-11-19 12:51 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-11-19 15:51 ComboFix2.txt 2009-11-19 13:26 ComboFix3.txt 2009-11-16 22:23 ComboFix4.txt 2009-11-16 21:12 ComboFix5.txt 2009-11-19 15:33 Pré-execução: 10 pasta(s) 31.809.241.088 bytes disponíveis Pós execução: 12 pasta(s) 31.795.294.208 bytes disponíveis - - End Of File - - B1D92C365CCA1D7586ED178B3377C1A0
  6. Caro Diego, Aí vai o que você solicitou. Quando estava rodando o Combofix, apareceu uma janela escrita: No seu computador existe um arquivo em C: que pode danificar alguns aplicativos, se renomear em C:\arquivo 1, resolve o problema, deseja renomeá- lo. Então eu cliquei em Sim (Tudo bem?). Acho que foi o arquivo que você mandou.... Um abraço Alba:D ComboFix 09-11-18.07 - usuario 19/11/2009 10:13.7.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.741 [GMT -3:00] Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.txt * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Sites possivelmente infectados ----- hxxp://armmf.adobe.com c:\windows\system32\sfcfiles.dll . . . está infectado!! . --------------- FCopy --------------- c:\windows\system32\dllcache\scecli.dll --> c:\windows\system32\sfcfiles.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))) . 2009-11-19 12:57 . 2009-11-18 15:26 -------- d-----w- C:\arquivos1 2009-11-19 00:14 . 2009-11-19 00:16 -------- d-----w- C:\LinhaDefensiva 2009-11-16 00:26 . 2009-11-16 00:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zylom 2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan 2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb 2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb 2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe 2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8 2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner 2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files 2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users 2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat 2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat 2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica 2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp 2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications 2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG 2009-10-17 17:35 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:32 -------- d-----w- c:\arquivos de programas\Bandoo 2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live 2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft 2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate 2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP 2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll . ((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.05.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-19 13:22 . 2009-11-19 13:22 16384 c:\windows\Temp\Perflib_Perfdata_5d0.dat + 2009-11-19 13:21 . 2009-11-19 13:21 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat - 2009-11-15 21:14 . 2009-11-15 21:15 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat + 2006-08-29 17:17 . 2006-08-29 17:17 161976 c:\windows\Downloaded Program Files\zylomgamesplayer.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] 2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}] 2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584] [HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] --- =Outros Serviços/Drivers Na Memória --- *Deregistered* - mbr . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-19 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: google.com\www Trusted Zone: orkut.com.br TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-19 10:22 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(4040) c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\arquiv~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\1046\OWCI10.DLL c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE c:\arquiv~1\Bandoo\Bandoo.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system32\wbem\wmiapsrv.exe c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE c:\arquivos de programas\Alwil Software\Avast4\setup\avast.setup . ************************************************************************** . Tempo para conclusão: 2009-11-19 10:26 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-11-19 13:26 ComboFix2.txt 2009-11-16 22:23 ComboFix3.txt 2009-11-16 21:12 ComboFix4.txt 2009-11-16 18:04 ComboFix5.txt 2009-11-19 13:11 Pré-execução: 10 pasta(s) 31.799.525.376 bytes disponíveis Pós execução: 12 pasta(s) 31.833.493.504 bytes disponíveis - - End Of File - - BE5E7C179760841B80384BAA06AAF5F1
  7. Caro Diego, Seguí suas orientações com relação aos arquivos, baixei, descompactei, salvei os 2 arquivos, e agora faço alguma coisa? E o Peek.bat, que não conseguí posso removê- lo? Um abraço Alba:D
  8. Caro Diego, fiz o que voê solicitou, só que aparece um prompt após a execução com este texto, aí quando pressiono qualquer tecla para continuar, desaparece, e não acontece mais nada, Não aparece contúdo C:\LinhaDefensiva\relatorio.txt, que você mencionou, Aguardo orientações Grata Alba Execucao concluida com exito!! Nenhum problema foi encontrado no seu computador. Isso nao significa que o seu computador esta realmente livre de Bankers, pois novos arquivos maliciosos surgem toda semana. Caso ainda tenha problemas ou duvidas, visite o Forum Linha Defensiva: http://forum.linhadefensiva.org Pressione qualquer tecla para continuar. . .
  9. Caro Diego, Aí vai o que você solicitou Grata:D O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 8CB5-2FA9 Pasta de C:\WINDOWS\ERDNT\cache 14/04/2008 04:00 184.832 scecli.dll 1 arquivo(s) 184.832 bytes Pasta de C:\WINDOWS\system32 14/04/2008 04:00 184.832 scecli.dll 1 arquivo(s) 184.832 bytes Pasta de C:\WINDOWS\system32\dllcache 14/04/2008 04:00 184.832 scecli.dll 1 arquivo(s) 184.832 bytes Total de arquivos na lista: 3 arquivo(s) 554.496 bytes 0 pasta(s) 31.888.277.504 bytes dispon¡veis
  10. Tenho o CD do Windows, com já citei, mais não é o mesmo que foi instalado no micro:p Abraços Alba
  11. Olá Diego_moicano Aí vão as 3 etapas solicitada. Meu micro está um tormento preciso fazer logoff várias vezes por está travando muito, até os ícones na área de trabalho, as vezes não responde, quando não é necessario reiniciar! Obrigada pela orientação e colaboração;) Etapa 1 Não estou usando pendrive ou semelhante Etapa 2 ComboFix 09-11-16.05 - usuario 16/11/2009 19:14.6.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.776 [GMT -3:00] Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.lnk . (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))) . 2009-11-16 00:26 . 2009-11-16 00:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zylom 2009-11-15 19:40 . 2009-11-15 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\1B5D 2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan 2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb 2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb 2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe 2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8 2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner 2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files 2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users 2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat 2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat 2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica 2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp 2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications 2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG 2009-10-17 17:35 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:32 -------- d-----w- c:\arquivos de programas\Bandoo 2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live 2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft 2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate 2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP 2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll . ------- Sigcheck ------- [-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\wscntfy.exe ... está faltando !! c:\windows\system32\regsvc.dll ... está faltando !! . ((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.05.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-16 22:06 . 2009-11-16 22:06 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat + 2009-11-16 22:06 . 2009-11-16 22:06 16384 c:\windows\Temp\Perflib_Perfdata_14c.dat + 2006-08-29 17:17 . 2006-08-29 17:17 161976 c:\windows\Downloaded Program Files\zylomgamesplayer.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] 2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}] 2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584] [HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] --- =Outros Serviços/Drivers Na Memória --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: google.com\www Trusted Zone: orkut.com.br TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-16 19:20 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2009-11-16 19:23 ComboFix-quarantined-files.txt 2009-11-16 22:23 ComboFix2.txt 2009-11-16 21:12 ComboFix3.txt 2009-11-16 18:04 ComboFix4.txt 2009-11-15 22:08 ComboFix5.txt 2009-11-16 21:53 Pré-execução: 8 pasta(s) 31.939.653.632 bytes disponíveis Pós execução: 10 pasta(s) 31.916.146.688 bytes disponíveis - - End Of File - - B661DE2BF17C680F9D04FFA2CE24F827 Etapa 3 Malwarebytes' Anti-Malware 1.41 Versão do banco de dados: 3181 Windows 5.1.2600 Service Pack 3 16/11/2009 18:40:52 mbam-log-2009-11-16 (18-40-52).txt Tipo de Verificação: Rápida Objetos verificados: 99866 Tempo decorrido: 2 minute(s), 47 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 1 Chaves do Registro infectadas: 3 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 1 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: C:\WINDOWS\system32\msvcr92d.dll (Trojan.Vundo.H) -> Delete on reboot. Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a464a080-080e-4296-a8ff-a77e1f1ad410} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a464a080-080e-4296-a8ff-a77e1f1ad410} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a464a080-080e-4296-a8ff-a77e1f1ad410} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\WINDOWS\system32\msvcr92d.dll (Trojan.Vundo.H) -> Delete on reboot.
  12. Oi Diego, Aí está o que me pediu! Grata ComboFix 09-11-16.05 - usuario 16/11/2009 14:51.4.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.778 [GMT -3:00] Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Sites possivelmente infectados ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_NWCWORKSTATION (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))) . 2009-11-16 00:26 . 2009-11-16 00:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zylom 2009-11-15 19:40 . 2009-11-15 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\1B5D 2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan 2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-11 00:38 . 2009-11-11 00:28 2591744 ----a-w- c:\windows\system32\msvcr92d.dll 2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb 2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb 2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe 2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8 2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner 2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files 2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users 2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat 2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat 2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica 2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp 2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications 2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG 2009-10-17 17:35 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:32 -------- d-----w- c:\arquivos de programas\Bandoo 2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live 2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft 2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate 2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP 2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\wscntfy.exe ... está faltando !! c:\windows\system32\regsvc.dll ... está faltando !! . ((((((((((((((((((((((((((((( SnapShot_2009-11-15_22.05.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-16 17:59 . 2009-11-16 17:59 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat + 2009-11-16 17:59 . 2009-11-16 17:59 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat + 2006-08-29 17:17 . 2006-08-29 17:17 161976 c:\windows\Downloaded Program Files\zylomgamesplayer.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A464A080-080E-4296-A8FF-A77E1F1AD410}] 2009-11-11 00:28 2591744 ----a-w- c:\windows\system32\msvcr92d.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}] 2009-06-30 11:03 398784 ----a-w- c:\arquivos de programas\Shareaza Applications\Shareaza\ShareazaIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] 2009-09-29 07:24 1863616 ----a-w- c:\arquivos de programas\Bandoo\Plugins\IE\ieplugin.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE9A4208-64EC-11DE-8440-204256D89593}] 2009-08-10 14:07 91584 ----a-w- c:\arquivos de programas\ShareazaTb\ShareazaDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EE9A4208-64EC-11DE-8440-204256D89593}"= "c:\arquivos de programas\ShareazaTb\ShareazaDx.dll" [2009-08-10 91584] [HKEY_CLASSES_ROOT\clsid\{ee9a4208-64ec-11de-8440-204256d89593}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] --- =Outros Serviços/Drivers Na Memória --- *Deregistered* - mbr . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: google.com\www Trusted Zone: orkut.com.br TCP: {408DF4D7-5FAF-4E44-9B2C-F2C13A4CDEB4} = 200.204.0.10 200.204.0.138 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-16 15:00 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(1688) c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\arquiv~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\1046\OWCI10.DLL c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquiv~1\Bandoo\Bandoo.exe c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\mad.exe c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\system32\wbem\wmiapsrv.exe c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE c:\arquivos de programas\Internet Explorer\IEXPLORE.EXE c:\arquivos de programas\Alwil Software\Avast4\setup\avast.setup . ************************************************************************** . Tempo para conclusão: 2009-11-16 15:04 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-11-16 18:04 ComboFix2.txt 2009-11-15 22:08 ComboFix3.txt 2009-11-06 14:30 ComboFix4.txt 2009-11-05 18:49 Pré-execução: 8 pasta(s) 32.015.253.504 bytes disponíveis Pós execução: 10 pasta(s) 31.997.784.064 bytes disponíveis - - End Of File - - 1AF5C2FBF9C76693394FC8FA4294DB72
  13. Caro Diego, Quero me desculpar por te incomodado com MP, não tive a intenção te apressar, é que não tinha conseguido abrir o fórum, e a resposta na realidade já estava aquí!!! Com relação a etapa 1 o CD que tenho, não é o mesmo que foi usado para a instalação em meu computador.Tentei novamente e conseguí, quando fui digitar sua orientação:copy X:/i386/sfcfiles.dl_ c:/windows/system32 <Enter>, apareceu escrito:O caminho ou ficheiro especificado é inválido, tentei várias vezes e não saiu disso, então desistí e passei para 2ª Etapa, e aí vai. Muito obrigado! ComboFix 09-11-05.05 - usuario 15/11/2009 19:04.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1119.796 [GMT -3:00] Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.lnk . - MODO DE FUNCIONALIDADE REDUZIDA - . (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))) . 2009-11-15 19:40 . 2009-11-15 19:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\1B5D 2009-11-13 12:24 . 2009-11-13 12:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan 2009-11-13 01:17 . 2009-11-13 01:17 -------- d-----w- c:\arquivos de programas\McAfee Security Scan 2009-11-12 18:03 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-12 18:03 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-12 18:03 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-12 18:03 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-12 18:03 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-12 18:03 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-12 18:03 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-12 18:03 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-12 18:02 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-12 18:02 . 2009-11-12 18:02 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-11-11 00:38 . 2009-11-11 00:28 2591744 ----a-w- c:\windows\system32\msvcr92d.dll 2009-11-10 12:55 . 2009-11-10 13:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2009-11-07 12:17 . 2009-10-23 12:27 2064152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgcorex.dll 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-11-05 13:20 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 13:20 . 2009-11-05 13:20 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-11-04 17:23 . 2009-11-04 19:09 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\ShareazaTb 2009-11-04 17:23 . 2009-11-04 17:23 -------- d-----w- c:\arquivos de programas\ShareazaTb 2009-11-03 12:05 . 2009-10-23 12:27 2025752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgtray.exe 2009-11-02 17:19 . 2009-11-02 17:19 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\AVG8 2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\arquivos de programas\CCleaner 2009-10-25 17:01 . 2009-10-28 02:27 -------- d-----w- C:\Program Files 2009-10-25 17:00 . 2009-10-25 17:00 -------- d-----w- C:\users 2009-10-24 15:05 . 2009-10-24 15:05 711680 ----a-w- c:\windows\system32\wmpnet.exe 2009-10-17 17:33 . 2009-10-17 17:33 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\Bandoo 2009-10-17 17:33 . 2009-10-17 17:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bandoo 2009-10-17 17:32 . 2009-10-17 17:33 -------- d-----w- c:\arquivos de programas\Bandoo . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 21:06 . 2009-05-04 18:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8 2009-11-12 17:14 . 2008-04-14 07:00 67580 ----a-w- c:\windows\system32\perfc016.dat 2009-11-12 17:14 . 2008-04-14 07:00 425404 ----a-w- c:\windows\system32\perfh016.dat 2009-11-10 21:56 . 2009-10-02 20:48 -------- d-----w- c:\arquivos de programas\Discador itelefonica 2009-11-09 18:21 . 2009-05-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-11-05 17:31 . 2009-06-13 01:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InterApp 2009-11-04 17:23 . 2009-08-25 01:26 -------- d-----w- c:\arquivos de programas\Shareaza Applications 2009-11-02 17:24 . 2009-05-04 18:38 -------- d-----w- c:\arquivos de programas\AVG 2009-10-12 15:03 . 2009-05-04 17:58 -------- d-----w- c:\arquivos de programas\Windows Live 2009-10-12 14:56 . 2009-10-12 14:56 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-10-12 14:55 . 2009-10-12 14:55 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-10-12 14:53 . 2009-10-12 14:53 -------- d-----w- c:\arquivos de programas\Microsoft 2009-10-10 01:04 . 2009-10-10 00:50 -------- d-----w- c:\documents and settings\usuario\Dados de aplicativos\HpUpdate 2009-10-10 01:04 . 2009-10-10 01:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant 2009-10-10 00:50 . 2009-05-04 19:14 -------- d-----w- c:\arquivos de programas\HP 2009-08-26 14:15 . 2009-08-26 14:15 152576 ----a-w- c:\documents and settings\usuario\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll . ------- Sigcheck ------- [-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\wscntfy.exe ... está faltando !! c:\windows\system32\regsvc.dll ... está faltando !! . ((((((((((((((((((((((((((((( SnapShot@2009-11-05_18.46.33 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-15 21:14 . 2009-11-15 21:15 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat + 2009-11-15 21:52 . 2009-11-15 21:52 16384 c:\windows\Temp\Perflib_Perfdata_508.dat + 2008-04-14 07:00 . 2009-11-12 17:14 58910 c:\windows\system32\perfc009.dat - 2008-04-14 07:00 . 2009-10-12 16:40 58910 c:\windows\system32\perfc009.dat + 2009-11-13 01:17 . 2009-11-13 01:17 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2009-05-04 17:47 . 2008-04-14 07:00 13894 c:\windows\system32\dllcache\zonelibm.dll + 2009-05-04 17:47 . 2001-10-28 17:07 13894 c:\windows\system32\dllcache\zonelibm.dll - 2009-05-04 17:46 . 2008-04-14 07:00 29760 c:\windows\system32\dllcache\znetm.dll + 2009-05-04 17:46 . 2001-10-28 17:07 29760 c:\windows\system32\dllcache\znetm.dll + 2009-05-04 17:47 . 2001-10-28 17:07 41029 c:\windows\system32\dllcache\zcorem.dll - 2009-05-04 17:47 . 2008-04-14 07:00 41029 c:\windows\system32\dllcache\zcorem.dll + 2009-05-04 17:46 . 2001-10-28 17:07 36937 c:\windows\system32\dllcache\zclientm.exe - 2009-05-04 17:46 . 2008-04-14 07:00 36937 c:\windows\system32\dllcache\zclientm.exe - 2009-05-04 17:47 . 2008-04-14 07:00 32339 c:\windows\system32\dllcache\uniansi.dll + 2009-05-04 17:47 . 2001-10-28 17:07 32339 c:\windows\system32\dllcache\uniansi.dll - 2009-05-04 17:47 . 2008-04-14 07:00 42573 c:\windows\system32\dllcache\shvlzm.exe + 2009-05-04 17:47 . 2001-10-28 17:07 42573 c:\windows\system32\dllcache\shvlzm.exe - 2009-05-04 17:47 . 2008-04-14 07:00 66113 c:\windows\system32\dllcache\shvl.dll + 2009-05-04 17:47 . 2001-10-28 17:07 66113 c:\windows\system32\dllcache\shvl.dll + 2009-05-04 17:47 . 2001-10-28 17:07 42574 c:\windows\system32\dllcache\rvsezm.exe - 2009-05-04 17:47 . 2008-04-14 07:00 42574 c:\windows\system32\dllcache\rvsezm.exe - 2009-05-04 17:47 . 2008-04-14 07:00 48706 c:\windows\system32\dllcache\rvse.dll + 2009-05-04 17:47 . 2001-10-28 17:07 48706 c:\windows\system32\dllcache\rvse.dll - 2009-05-04 17:47 . 2008-04-14 07:00 42573 c:\windows\system32\dllcache\hrtzzm.exe + 2009-05-04 17:47 . 2001-10-28 17:06 42573 c:\windows\system32\dllcache\hrtzzm.exe + 2009-05-04 17:47 . 2001-10-28 17:06 57409 c:\windows\system32\dllcache\hrtz.dll - 2009-05-04 17:47 . 2008-04-14 07:00 57409 c:\windows\system32\dllcache\hrtz.dll + 2009-05-04 17:47 . 2001-10-28 17:06 42575 c:\windows\system32\dllcache\chkrzm.exe - 2009-05-04 17:47 . 2008-04-14 07:00 42575 c:\windows\system32\dllcache\chkrzm.exe - 2009-05-04 17:47 . 2008-04-14 07:00 40515 c:\windows\system32\dllcache\chkr.dll + 2009-05-04 17:47 . 2001-10-28 17:06 40515 c:\windows\system32\dllcache\chkr.dll - 2009-05-04 17:47 . 2008-04-14 07:00 42577 c:\windows\system32\dllcache\bckgzm.exe + 2009-05-04 17:47 . 2001-10-28 17:06 42577 c:\windows\system32\dllcache\bckgzm.exe - 2009-05-04 17:47 . 2008-04-14 07:00 82501 c:\windows\system32\dllcache\bckg.dll + 2009-05-04 17:47 . 2001-10-28 17:06 82501 c:\windows\system32\dllcache\bckg.dll + 2009-05-04 17:47 . 2001-10-28 17:07 4677 c:\windows\system32\dllcache\zeeverm.dll - 2009-05-04 17:47 . 2008-04-14 07:00 4677 c:\windows\system32\dllcache\zeeverm.dll + 2008-04-14 07:00 . 2009-11-12 17:14 392610 c:\windows\system32\perfh009.dat - 2008-04-14 07:00 . 2009-10-12 16:40 392610 c:\windows\system32\perfh009.dat - 2009-05-04 17:46 . 2008-04-14 07:00 113222 c:\windows\system32\dllcache\zoneclim.dll + 2009-05-04 17:46 . 2001-10-28 17:07 113222 c:\windows\system32\dllcache\zoneclim.dll - 2009-05-04 17:47 . 2008-04-14 07:00 753236 c:\windows\system32\dllcache\rvseres.dll + 2009-05-04 17:47 . 2001-10-28 17:07 753236 c:\windows\system32\dllcache\rvseres.dll - 2009-05-04 17:46 . 2008-04-14 07:00 217160 c:\windows\system32\dllcache\cmnclim.dll + 2009-05-04 17:46 . 2001-10-28 17:06 217160 c:\windows\system32\dllcache\cmnclim.dll - 2009-05-04 17:47 . 2008-04-14 07:00 781397 c:\windows\system32\dllcache\chkrres.dll + 2009-05-04 17:47 . 2001-10-28 17:06 781397 c:\windows\system32\dllcache\chkrres.dll - 2009-05-04 17:47 . 2008-04-14 07:00 2178131 c:\windows\system32\dllcache\shvlres.dll + 2009-05-04 17:47 . 2001-10-28 17:07 2178131 c:\windows\system32\dllcache\shvlres.dll - 2009-05-04 17:47 . 2008-04-14 07:00 1175635 c:\windows\system32\dllcache\hrtzres.dll + 2009-05-04 17:47 . 2001-10-28 17:06 1175635 c:\windows\system32\dllcache\hrtzres.dll - 2009-05-04 17:46 . 2008-04-14 07:00 1042003 c:\windows\system32\dllcache\cmnresm.dll + 2009-05-04 17:46 . 2001-10-28 17:06 1042003 c:\windows\system32\dllcache\cmnresm.dll - 2009-05-04 17:47 . 2008-04-14 07:00 1817687 c:\windows\system32\dllcache\bckgres.dll + 2009-05-04 17:47 . 2001-10-28 17:06 1817687 c:\windows\system32\dllcache\bckgres.dll + 2009-11-10 13:04 . 2009-11-10 13:04 3957760 c:\windows\Installer\14c524.msi . -- Snapshot resetado para data atual -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Motive SmartBridge"="c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-07-05 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Assistente Tecnico Speedy.lnk - c:\documents and settings\usuario\Meus documentos\Assistente Tecnico Speedy\bin\matcli.exe [2009-6-6 217088] HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] McAfee Security Scan.lnk - c:\arquivos de programas\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\arquiv~1\Bandoo\BndHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Arquivos de programas\\Shareaza Applications\\Shareaza\\Shareaza.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/11/2009 15:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2009 15:03 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/10/2009 12:03 54752] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] --- =Outros Serviços/Drivers Na Memória --- *Deregistered* - mbr . Conteúdo da pasta 'Tarefas Agendadas' 2009-11-15 c:\windows\Tasks\User_Feed_Synchronization-{27C45A3A-C136-450A-A895-7F74630E4270}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.shareazaweb.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: google.com\www Trusted Zone: orkut.com.br . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-NitroPC - c:\arquivos de programas\NitroPC\NitroPC.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-15 19:05 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(2076) c:\docume~1\usuario\MEUSDO~1\ASSIST~1\SMARTB~1\SBHook.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2009-11-15 19:08 ComboFix-quarantined-files.txt 2009-11-15 22:08 ComboFix2.txt 2009-11-06 14:30 ComboFix3.txt 2009-11-05 18:49 Pré-execução: 8 pasta(s) 31.979.659.264 bytes disponíveis Pós execução: 10 pasta(s) 32.042.979.328 bytes disponíveis - - End Of File - - 255111D636B48985F8AF1B79F14C3D03
  14. Oi Diego, Quanto a etapa 1, o CD roda, mais não aparece aquilo que você mencionou,ou seja, o console de recuperação, não aparece onde devo digitar o número da unidade do Windows, enfim, aparece aquela tela que mencionei. Quanto a etapa 2, posso fazer sem sem ter feito a 1? Muito obrigado pela paciência!!!!!!
  15. Oi Diego, Não estou conseguindo realizar a primeira etapa, coloco o cd no dive e não acontece nada, então reinicio conforme citado, aparece uma tela preta e pede para clicar em qualquer tecla para iniciar do cd, então fiz isso, mais também não aconteceu nada e ficou parado, tive que desligar o computador pela CPU, pois nenhuma tecla respondia, agora ficou um pouco pior o computador está completamente lento e trava toda hora. Você acha que devo trocar o AVG pelo Avast? Qual é o melhor? Aguardo orientações Grata Alba:confused:

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×