[Resolvido!] Várias telas abrindo em meu pc com o endereço C:&#09

[Roseane 0]

Será que podem me ajudar?

Quando abro uma pasta do meu computador ou a página da internet, abrem várias telas com o endereço C:\WINDOWS\TEMP\...

Já passei Antivírus (AVAST) e também Malwarebytes (Anti-Malware), e depois reiniciei mas continua aparecendo o erro.

[wings 22]

*Desative seu antivírus temporariamente

 

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o RSIT e salve-o no desktop

*Execute o RSIT e clique [Continue]

*Ao finalizar, cole o relatório C:\rsit\log.txt

[Roseane 0]

Olá Quote,

 

Ontem fiz o seguinte download: ComboFix Download Link

Mandei executar e ficou tudo certo. O computador voltou a funcionar normal.

Porém, hoje pela manhã depois de eu navegar em várias páginas e também utilizar o note normalmente, entrei na página do Banco do Brasil (www.bb.com.br)e começaram os mesmos problemas de ontem.

 

Estou achando que pode ser algum vírus de copiar senhas de bancos, só que que não está saindo.

Baixei e executei novamente o ComboFix e até agora está tudo certo, mas nem tive mais coragem de abrir a página do banco do brasil.

Mas sei que vou precisar entrar novamente e acho que dará o mesmo erro. Estou com medo de entrar e clonarem minha senha.

 

Vou colar os resultados dos relatórios (1o. e 2o. relatórios) do ComboFix para você ver:

 

1o. Relatório

 

ComboFix 10-08-31.01 - ROSEANE 31/08/2010 21:54:19.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.2037.948 [GMT -3:00]

Executando de: c:\users\ROSEANE\Desktop\ComboFix.exe

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\pdfforge Toolbar\SearchSettings.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))

.

 

2010-09-01 01:03 . 2010-09-01 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-31 19:51 . 2010-08-31 19:51 -------- d-----w- c:\users\ROSEANE\AppData\Roaming\Malwarebytes

2010-08-31 19:51 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-31 19:51 . 2010-08-31 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-31 19:51 . 2010-08-31 19:51 -------- d-----w- c:\programdata\Malwarebytes

2010-08-31 19:51 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-26 17:43 . 2008-01-02 19:37 180224 ----a-w- c:\windows\system32\igfxres.dll

2010-08-26 01:26 . 2010-08-29 11:47 17920 ----a-w- c:\windows\system32\Soundupkd.dll

2010-08-26 01:26 . 2010-08-29 11:47 174080 ----a-w- c:\windows\system32\shdoflash.dll

2010-08-12 13:14 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 13:14 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 13:14 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-12 13:14 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-12 13:14 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-01 01:03 . 2010-03-09 12:29 -------- d-----w- c:\program files\pdfforge Toolbar

2010-08-31 22:11 . 2007-09-19 14:26 -------- d-----w- c:\programdata\GbPlugin

2010-08-31 17:44 . 2009-11-30 02:15 -------- d-----w- c:\program files\Windows Live Safety Center

2010-08-13 10:19 . 2007-03-13 20:48 -------- d-----w- c:\programdata\Microsoft Help

2010-08-13 09:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-02 14:30 . 2008-03-18 00:27 -------- d-----w- c:\program files\GbPlugin

2010-07-27 23:47 . 2010-07-21 15:38 -------- d-----w- c:\program files\VIVO INTERNET

2010-07-27 11:20 . 2009-07-09 12:28 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-06-28 20:57 . 2010-06-29 20:36 38848 ----a-w- c:\windows\avastSS.scr

2010-06-28 20:57 . 2010-02-01 17:36 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-02-01 17:38 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-02-01 17:38 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-02-01 17:38 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-02-01 17:38 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-28 20:32 . 2010-02-01 17:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-26 06:05 . 2010-08-12 13:15 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-08-12 13:15 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-12 13:15 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-12 13:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-12 13:15 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-12 13:15 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-16 16:04 . 2010-08-12 13:15 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-11 16:16 . 2010-08-12 13:15 274944 ----a-w- c:\windows\system32\schannel.dll

2010-06-03 13:37 . 2007-10-31 19:04 680 ----a-w- c:\users\ROSEANE\AppData\Local\d3d9caps.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B5E975-8976-4943-AA0B-272B628D802C}]

2010-08-29 11:47 17920 ----a-w- c:\windows\System32\Soundupkd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91ED7996-EB0A-4ECD-9CFE-775EE686CC72}]

2010-08-29 11:47 174080 ----a-w- c:\windows\System32\shdoflash.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"CertificateRegistration"="aetcrss1.exe" [2007-10-17 163840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GBPLUGIN\gbiehcef.dll" [2009-07-01 293928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-07-27 11:18 335136 ------w- c:\program files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-07-01 18:08 293928 ------w- c:\program files\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"VistaSp2"=hex(B):e3,5a,86,5a,a0,3e,ca,01

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 133104]

R3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\DRIVERS\D301bus.sys [2007-07-06 83328]

R3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\DRIVERS\D301mdfl.sys [2007-07-06 14976]

R3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\DRIVERS\D301mdm.sys [2007-07-06 109824]

R3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\DRIVERS\d301nd5.sys [2007-07-06 24832]

R3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\DRIVERS\d301unic.sys [2007-07-06 105728]

R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2008-04-04 87424]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 WSDPrintDevice;Suporte de Impressão WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-07-27 45472]

S1 aswSP;aswSP; [x]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-07-27 55072]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 73344]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 43904]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]

2007-10-18 16:06 77824 ----a-w- c:\windows\System32\aetsprov.dll

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]

 

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]

 

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{5A7F5423-81A0-48F2-A857-65CC3954BD9F}.job

- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.globo.com/

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br\www

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-31 22:04

Windows 6.0.6002 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant]

"ImagePath"="a"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(700)

c:\program files\GBPLUGIN\gbieh.dll

 

- - - - - - - > 'lsass.exe'(604)

c:\windows\system32\aetsprov.dll

.

Tempo para conclusão: 2010-08-31 22:08:33

ComboFix-quarantined-files.txt 2010-09-01 01:08

 

Pré-execução: 39.780.700.160 bytes disponíveis

Pós execução: 41.889.792.000 bytes disponíveis

 

Current=2 Default=2 Failed=1 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - D95043957C806F12382A800C0A341AD6

 

 

 

2o. Relatório

 

ComboFix 10-08-31.02 - ROSEANE 01/09/2010 9:42.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.2037.797 [GMT -3:00]

Executando de: c:\users\ROSEANE\Desktop\ComboFix.exe

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))

.

 

2010-09-01 12:51 . 2010-09-01 12:51 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-01 12:51 . 2010-09-01 12:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-31 19:51 . 2010-08-31 19:51 -------- d-----w- c:\users\ROSEANE\AppData\Roaming\Malwarebytes

2010-08-31 19:51 . 2010-09-01 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-31 19:51 . 2010-08-31 19:51 -------- d-----w- c:\programdata\Malwarebytes

2010-08-26 17:43 . 2008-01-02 19:37 180224 ----a-w- c:\windows\system32\igfxres.dll

2010-08-26 01:26 . 2010-08-29 11:47 17920 ----a-w- c:\windows\system32\Soundupkd.dll

2010-08-26 01:26 . 2010-08-29 11:47 174080 ----a-w- c:\windows\system32\shdoflash.dll

2010-08-12 13:14 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 13:14 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 13:14 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-12 13:14 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-12 13:14 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-01 12:33 . 2010-09-01 12:33 -------- d-----w- c:\users\ROSEANE\AppData\Roaming\HPAppData

2010-09-01 12:06 . 2007-09-19 14:26 -------- d-----w- c:\programdata\GbPlugin

2010-09-01 01:03 . 2010-03-09 12:29 -------- d-----w- c:\program files\pdfforge Toolbar

2010-08-31 17:44 . 2009-11-30 02:15 -------- d-----w- c:\program files\Windows Live Safety Center

2010-08-13 10:19 . 2007-03-13 20:48 -------- d-----w- c:\programdata\Microsoft Help

2010-08-13 09:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-02 14:30 . 2008-03-18 00:27 -------- d-----w- c:\program files\GbPlugin

2010-07-27 23:47 . 2010-07-21 15:38 -------- d-----w- c:\program files\VIVO INTERNET

2010-07-27 11:20 . 2009-07-09 12:28 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-06-28 20:57 . 2010-06-29 20:36 38848 ----a-w- c:\windows\avastSS.scr

2010-06-28 20:57 . 2010-02-01 17:36 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-02-01 17:38 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-02-01 17:38 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-02-01 17:38 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-02-01 17:38 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-28 20:32 . 2010-02-01 17:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-26 06:05 . 2010-08-12 13:15 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-08-12 13:15 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-12 13:15 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-12 13:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-12 13:15 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-12 13:15 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-16 16:04 . 2010-08-12 13:15 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-11 16:16 . 2010-08-12 13:15 274944 ----a-w- c:\windows\system32\schannel.dll

2010-06-03 13:37 . 2007-10-31 19:04 680 ----a-w- c:\users\ROSEANE\AppData\Local\d3d9caps.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B5E975-8976-4943-AA0B-272B628D802C}]

2010-08-29 11:47 17920 ----a-w- c:\windows\System32\Soundupkd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91ED7996-EB0A-4ECD-9CFE-775EE686CC72}]

2010-08-29 11:47 174080 ----a-w- c:\windows\System32\shdoflash.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"CertificateRegistration"="aetcrss1.exe" [2007-10-17 163840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GBPLUGIN\gbiehcef.dll" [2009-07-01 293928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-07-27 11:18 335136 ----a-w- c:\program files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-07-01 18:08 293928 ------w- c:\program files\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):e3,5a,86,5a,a0,3e,ca,01

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 133104]

R3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\DRIVERS\D301bus.sys [2007-07-06 83328]

R3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\DRIVERS\D301mdfl.sys [2007-07-06 14976]

R3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\DRIVERS\D301mdm.sys [2007-07-06 109824]

R3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\DRIVERS\d301nd5.sys [2007-07-06 24832]

R3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\DRIVERS\d301unic.sys [2007-07-06 105728]

R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2008-04-04 87424]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 WSDPrintDevice;Suporte de Impressão WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-07-27 45472]

S1 aswSP;aswSP; [x]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-07-27 55072]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 73344]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 43904]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]

2007-10-18 16:06 77824 ----a-w- c:\windows\System32\aetsprov.dll

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]

 

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]

 

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{5A7F5423-81A0-48F2-A857-65CC3954BD9F}.job

- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.globo.com/

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br\www

TCP: {72A0FB4D-CA14-41DC-84DF-EDFC0FB9923B} = 200.223.0.83 200.202.193.75

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-01 09:52

Windows 6.0.6002 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant]

"ImagePath"="a"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(664)

c:\windows\system32\aetsprov.dll

.

Tempo para conclusão: 2010-09-01 09:55:49

ComboFix-quarantined-files.txt 2010-09-01 12:55

ComboFix2.txt 2010-09-01 01:08

 

Pré-execução: 48.514.560.000 bytes disponíveis

Pós execução: 48.471.056.384 bytes disponíveis

 

Current=2 Default=2 Failed=1 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - F12B6DDBCB86B4B7696849383C0D22CD

 

 

Se puder me ajudar agradeço.

Roseane

[wings 22]

Leia o procedimento que solicitei....

[Roseane 0]

Leia o procedimento que solicitei....

 

 

Olá, fiz o procedimento que me solicitou e vou colar abaixo o relatório.

 

 

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by ROSEANE at 2010-09-02 01:01:19

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 46 GB (32%) free of 146 GB

Total RAM: 2037 MB (48% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:02:00, on 02/09/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\System32\aetcrss1.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\explorer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Oi\Velox3G\Velox3G.exe

C:\Windows\system32\wuauclt.exe

C:\Users\ROSEANE\Desktop\RSIT.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\trend micro\ROSEANE.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Soundupkd.Soundupkdcls - {16B5E975-8976-4943-AA0B-272B628D802C} - C:\Windows\System32\Soundupkd.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: shdoflash.shdoc - {91ED7996-EB0A-4ECD-9CFE-775EE686CC72} - C:\Windows\System32\shdoflash.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{269BC719-5178-4C5F-B5F8-F5198250CBEB}: NameServer = 200.223.0.83 200.202.193.75

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = barceloscia.com.br

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\Windows\system32\MNSFramework.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11672 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{5A7F5423-81A0-48F2-A857-65CC3954BD9F}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B5E975-8976-4943-AA0B-272B628D802C}]

Soundupkd.Soundupkdcls - C:\Windows\System32\Soundupkd.dll [2010-08-29 17920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91ED7996-EB0A-4ECD-9CFE-775EE686CC72}]

shdoflash.shdoc - C:\Windows\System32\shdoflash.dll [2010-08-29 174080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2010-07-27 335136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll [2009-07-01 293928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]

"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-11-24 167936]

"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]

"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]

"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]

"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]

"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

"CertificateRegistration"=C:\Windows\system32\aetcrss1.exe [2007-10-17 163840]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2010-07-27 335136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll [2009-07-01 293928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll [2009-07-01 293928]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2010-07-27 335136]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.scr - open -

.scr - install -

.scr - config -

 

======List of files/folders created in the last 3 months======

 

2010-09-02 01:01:20 ----D---- C:\Program Files\trend micro

2010-09-02 01:01:19 ----D---- C:\rsit

2010-09-02 00:50:10 ----D---- C:\Users\ROSEANE\AppData\Roaming\HPAppData

2010-09-01 14:32:48 ----A---- C:\Windows\system32\drivers\ZTEusbser6k.sys

2010-09-01 14:32:48 ----A---- C:\Windows\system32\drivers\ZTEusbnmea.sys

2010-09-01 14:32:48 ----A---- C:\Windows\system32\drivers\ZTEusbmdm6k.sys

2010-09-01 10:53:43 ----SD---- C:\ComboFix

2010-09-01 10:53:06 ----D---- C:\32788R22FWJFW

2010-09-01 10:48:41 ----A---- C:\ComboFix.txt

2010-09-01 10:47:31 ----SHD---- C:\$RECYCLE.BIN

2010-08-31 21:51:00 ----D---- C:\Windows\ERDNT

2010-08-31 16:51:52 ----D---- C:\Users\ROSEANE\AppData\Roaming\Malwarebytes

2010-08-31 16:51:23 ----D---- C:\ProgramData\Malwarebytes

2010-08-31 16:51:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-08-31 10:15:32 ----A---- C:\Windows\NeroDigital.ini

2010-08-26 14:43:10 ----A---- C:\Windows\system32\igfxres.dll

2010-08-25 22:26:42 ----A---- C:\Windows\system32\Soundupkd.dll

2010-08-25 22:26:42 ----A---- C:\Windows\system32\shdoflash.dll

2010-08-12 10:15:57 ----A---- C:\Windows\system32\drivers\tcpip.sys

2010-08-12 10:15:47 ----A---- C:\Windows\system32\mshtml.dll

2010-08-12 10:15:47 ----A---- C:\Windows\system32\iertutil.dll

2010-08-12 10:15:46 ----A---- C:\Windows\system32\ieframe.dll

2010-08-12 10:15:45 ----A---- C:\Windows\system32\urlmon.dll

2010-08-12 10:15:45 ----A---- C:\Windows\system32\msfeeds.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\wininet.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\occache.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\mstime.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\ieUnatt.exe

2010-08-12 10:15:38 ----A---- C:\Windows\system32\ieui.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\iesysprep.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\iesetup.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\iepeers.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\iedkcs32.dll

2010-08-12 10:15:38 ----A---- C:\Windows\system32\ie4uinit.exe

2010-08-12 10:15:37 ----A---- C:\Windows\system32\msfeedssync.exe

2010-08-12 10:15:37 ----A---- C:\Windows\system32\jsproxy.dll

2010-08-12 10:15:37 ----A---- C:\Windows\system32\iernonce.dll

2010-08-12 10:15:31 ----A---- C:\Windows\system32\iccvid.dll

2010-08-12 10:15:30 ----A---- C:\Windows\system32\schannel.dll

2010-08-12 10:15:23 ----A---- C:\Windows\system32\win32k.sys

2010-08-12 10:15:21 ----A---- C:\Windows\system32\rtutils.dll

2010-08-12 10:14:59 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-08-12 10:14:58 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-08-12 10:14:56 ----A---- C:\Windows\system32\msxml3.dll

2010-08-12 10:14:53 ----A---- C:\Windows\system32\drivers\srv2.sys

2010-08-12 10:14:53 ----A---- C:\Windows\system32\drivers\srv.sys

2010-08-03 12:40:04 ----A---- C:\Windows\system32\shell32.dll

2010-07-21 12:38:29 ----D---- C:\Program Files\VIVO INTERNET

2010-06-26 07:33:21 ----A---- C:\Windows\system32\PresentationHostProxy.dll

2010-06-26 07:33:20 ----A---- C:\Windows\system32\PresentationHost.exe

2010-06-26 07:33:19 ----A---- C:\Windows\system32\netfxperf.dll

2010-06-26 07:33:19 ----A---- C:\Windows\system32\mscoree.dll

2010-06-26 07:33:18 ----A---- C:\Windows\system32\dfshim.dll

2010-06-24 13:37:29 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2010-06-24 13:37:29 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-06-21 15:05:38 ----A---- C:\Windows\system32\TransCripto.dll

2010-06-21 15:05:38 ----A---- C:\Windows\system32\Signet32.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\Vb5db.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\Todgub7.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\tdbgpp7.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\Msrepl35.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\Msrd2x35.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\Msjter35.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\Msjint35.dll

2010-06-21 15:05:37 ----A---- C:\Windows\system32\Msjet35.dll

2010-06-21 15:05:36 ----A---- C:\Windows\system32\tishare6.dll

2010-06-21 15:05:36 ----A---- C:\Windows\system32\tibase6.dll

2010-06-21 15:05:27 ----A---- C:\Windows\system32\WiseDLL.dll

2010-06-21 14:51:20 ----D---- C:\Program Files\A.E.T. Europe B.V

2010-06-21 14:27:10 ----D---- C:\Program Files\Gemalto

2010-06-10 07:04:04 ----A---- C:\Windows\system32\atmfd.dll

2010-06-10 07:03:59 ----A---- C:\Windows\system32\atmlib.dll

2010-06-09 23:33:49 ----A---- C:\Windows\system32\asycfilt.dll

 

======List of files/folders modified in the last 3 months======

 

2010-09-02 01:01:49 ----D---- C:\Windows\Temp

2010-09-02 01:01:20 ----D---- C:\Program Files

2010-09-02 00:50:34 ----AD---- C:\Windows\system32\drivers

2010-09-02 00:50:32 ----D---- C:\ProgramData\GbPlugin

2010-09-02 00:24:02 ----D---- C:\Windows\inf

2010-09-02 00:24:02 ----AD---- C:\Windows\System32

2010-09-02 00:24:02 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-09-02 00:14:42 ----D---- C:\Windows

2010-09-01 15:49:19 ----D---- C:\Windows\system32\catroot

2010-09-01 15:46:01 ----SHD---- C:\Windows\Installer

2010-09-01 15:46:01 ----D---- C:\Config.Msi

2010-09-01 15:45:45 ----D---- C:\Program Files\Common Files\microsoft shared

2010-09-01 15:44:47 ----D---- C:\Program Files\Microsoft

2010-09-01 15:44:17 ----SHD---- C:\System Volume Information

2010-09-01 14:32:45 ----D---- C:\Users\ROSEANE\AppData\Roaming\Oi

2010-09-01 10:44:56 ----A---- C:\Windows\system.ini

2010-09-01 10:40:35 ----D---- C:\Windows\AppPatch

2010-09-01 10:40:33 ----D---- C:\Program Files\Common Files

2010-09-01 10:03:25 ----D---- C:\Windows\system32\catroot2

2010-08-31 22:04:49 ----D---- C:\Windows\system32\drivers\etc

2010-08-31 22:03:16 ----D---- C:\Program Files\pdfforge Toolbar

2010-08-31 19:10:19 ----D---- C:\Windows\ShellNew

2010-08-31 19:06:40 ----D---- C:\Windows\Prefetch

2010-08-31 16:51:23 ----D---- C:\ProgramData

2010-08-31 14:44:20 ----D---- C:\Windows\Minidump

2010-08-31 14:44:09 ----SD---- C:\Windows\Downloaded Program Files

2010-08-31 14:44:05 ----D---- C:\Program Files\Windows Live Safety Center

2010-08-29 21:07:20 ----D---- C:\Windows\Tasks

2010-08-29 19:34:59 ----D---- C:\Windows\system32\Tasks

2010-08-25 22:26:46 ----RSD---- C:\Windows\Media

2010-08-13 15:05:51 ----D---- C:\Windows\Microsoft.NET

2010-08-13 15:05:38 ----RSD---- C:\Windows\assembly

2010-08-13 14:55:10 ----D---- C:\Windows\winsxs

2010-08-13 08:22:52 ----D---- C:\Windows\system32\migration

2010-08-13 08:22:52 ----D---- C:\Program Files\Internet Explorer

2010-08-13 08:22:51 ----D---- C:\Program Files\Movie Maker

2010-08-13 07:19:26 ----D---- C:\ProgramData\Microsoft Help

2010-08-13 06:42:06 ----D---- C:\Program Files\Windows Mail

2010-08-03 15:09:31 ----A---- C:\Windows\system32\mrt.exe

2010-08-02 11:30:40 ----D---- C:\Program Files\GbPlugin

2010-07-21 12:41:29 ----D---- C:\Windows\ModemLogs

2010-06-28 17:57:12 ----A---- C:\Windows\system32\aswBoot.exe

2010-06-26 10:06:19 ----D---- C:\Windows\ehome

2010-06-21 15:05:37 ----D---- C:\Arquivos de Programas RFB

2010-06-11 08:20:16 ----A---- C:\Windows\vbaddin.ini

2010-06-11 08:15:28 ----D---- C:\Windows\system32\wbem

2010-06-04 22:52:14 ----D---- C:\Program Files\Microsoft Silverlight

2010-06-04 09:16:54 ----SD---- C:\ProgramData\Microsoft

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 GbpKm;Gbp KernelMode; C:\Windows\system32\drivers\gbpkm.sys [2010-07-27 45472]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]

R3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496]

R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2006-10-18 73344]

R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2006-10-18 43904]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]

R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-09-01 104960]

R3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-09-01 104960]

R3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-09-01 104960]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]

S3 catchme;catchme; \??\C:\Users\ROSEANE\AppData\Local\Temp\catchme.sys []

S3 D301bus;GW01 USB WMC Bus Driver (WDM); C:\Windows\system32\DRIVERS\D301bus.sys [2007-07-06 83328]

S3 D301mdfl;GW01 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\D301mdfl.sys [2007-07-06 14976]

S3 D301mdm;GW01 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\D301mdm.sys [2007-07-06 109824]

S3 d301nd5;GW01 USB WMC Ethernet GW (NDIS); C:\Windows\system32\DRIVERS\d301nd5.sys [2007-07-06 24832]

S3 d301unic;GW01 USB WMC Ethernet GW (WDM); C:\Windows\system32\DRIVERS\d301unic.sys [2007-07-06 105728]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 GemCCID;GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [2008-04-04 87424]

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-12-12 148992]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []

S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]

S3 NETw4v32;Driver do Adaptador Intel® Wireless WiFi Link para Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 2222080]

S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]

S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]

S3 WSDPrintDevice;Suporte de Impressão WSD via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]

S4 vsdatant;vsdatant; a []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-24 270431]

R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-24 118877]

R2 GbpSv;Gbp Service; C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-07-27 55072]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]

R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 MNSFramework;MNS Framework; C:\Windows\system32\MNSFramework.exe [2007-09-17 185336]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 133104]

S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

 

-----------------EOF-----------------

[wings 22]

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Abra o bloco de notas e cole nele o código abaixo:

 

File::

c:\windows\system32\Soundupkd.dll

c:\windows\system32\shdoflash.dll

Folder::

c:\program files\pdfforge Toolbar

c:\program files\Application Updater

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B5E975-8976-4943-AA0B-272B628D802C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91ED7996-EB0A-4ECD-9CFE-775EE686CC72}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SearchSettings"=-

Driver::

Application Updater

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório C:\combofix.txt

[Roseane 0]

Olá, fiz o procedimento indicado, porém apresentou alguns erros:

 

Quando arrastei o arquivo CFScript.txt para o ComboFix apareceram estas msn:

 

1) ComboFix detectou o seguinte programa de proteção residente(s) ativo:

antivirus: Norton Internet Security

antispyware: Norton Internet Security

Falava que estes programas podem interferir na execução do comboFix e pedia para eu desabilitar antes de começar.

Eu não tenho o Norton instalado, parece que vem no computador, mas eu já desistalei todas as pastas e ainda assim deu outra msn.

 

2) antivirus: Norton Internet Security

antispyware: Norton Internet Security

O programa de proteção residente(s) continua ativo, mas o ComboFix deverá continuar a rodar. Saiba que isso é por sua conta e risco.

Depois deu outra msn.

 

3) Apareceu uma tela dizendo q ñ conseguia encontrar algum arquivo (cheio de letras e números), só q eu ñ sei qual era pq a tela logo desapareceu.

Depois não fazia mas nada.

 

 

Arrastei novamente o arquivo CFScript.txt para o ComboFix, outras msn apareceram:

 

1) A 1a. e 2a. anteriores iguais.

 

2) A 3a. também só que agora o arquivo tinha NOME no lugar de números e letras, eu tb não consegui ver pq a tela desaparece muito rápido.

 

3) Então apareceu uma tela preta com o nome Administrador:

'c.bat' nòo ú reconhecido como um comando interno

ou externo, um programa operBvel ou um arquivo de lotes.

C:\ComboFix>_

 

Como eu não sabia o que fazer apenas fechei a tela.

 

 

Arrastei novamente o arquivo CFScript.txt para o ComboFix, outras msn apareceram:

 

1) A 1a. e 2a. anteriores iguais.

 

Depois executou o ComboFix normal, várias etapas, disse que estava deletando aguns arquivos e reiniciou sozinho o meu pc.

Daí gerou o seguinte relatório:

 

ComboFix 10-09-01.03 - ROSEANE 02/09/2010 7:46.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.2037.935 [GMT -3:00]

Executando de: c:\users\ROSEANE\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\ROSEANE\Desktop\CFScript.txt

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

FILE ::

"c:\windows\system32\shdoflash.dll"

"c:\windows\system32\Soundupkd.dll"

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Application Updater

c:\program files\Application Updater\ApplicationUpdater.exe

c:\program files\Application Updater\config.ini

c:\program files\pdfforge Toolbar

c:\program files\pdfforge Toolbar\IE\1.1.2\config.ini

c:\program files\pdfforge Toolbar\Res\amazon.gif

c:\program files\pdfforge Toolbar\Res\ebay.gif

c:\program files\pdfforge Toolbar\Res\icon_settings.gif

c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif

c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif

c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif

c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif

c:\program files\pdfforge Toolbar\Res\search-button-hover.gif

c:\program files\pdfforge Toolbar\Res\search-button.gif

c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif

c:\program files\pdfforge Toolbar\Res\search-chevron.gif

c:\program files\pdfforge Toolbar\Res\search_amazon.gif

c:\program files\pdfforge Toolbar\Res\search_ebay.gif

c:\program files\pdfforge Toolbar\Res\search_yahoo.gif

c:\program files\pdfforge Toolbar\Res\widgets.xml

c:\program files\pdfforge Toolbar\SearchSettings.exe

c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll

c:\program files\pdfforge Toolbar\sscfg.ini

c:\windows\system32\shdoflash.dll

c:\windows\system32\Soundupkd.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Application Updater

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-02 to 2010-09-02 ))))))))))))))))))))))))))))

.

 

2010-09-02 10:55 . 2010-09-02 10:55 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-02 10:55 . 2010-09-02 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-02 10:39 . 2010-09-02 10:41 -------- d-----w- C:\32788R22FWJFW

2010-09-02 10:28 . 2010-09-02 10:28 -------- d-----w- c:\users\ROSEANE\AppData\Roaming\HPAppData

2010-09-02 04:01 . 2010-09-02 04:02 -------- d-----w- c:\program files\trend micro

2010-09-01 17:32 . 2010-09-01 17:32 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-09-01 17:32 . 2010-09-01 17:32 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-09-01 17:32 . 2010-09-01 17:32 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-08-31 19:51 . 2010-08-31 19:51 -------- d-----w- c:\users\ROSEANE\AppData\Roaming\Malwarebytes

2010-08-31 19:51 . 2010-09-01 01:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-31 19:51 . 2010-08-31 19:51 -------- d-----w- c:\programdata\Malwarebytes

2010-08-26 17:43 . 2008-01-02 19:37 180224 ----a-w- c:\windows\system32\igfxres.dll

2010-08-12 13:14 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-12 13:14 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-12 13:14 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-12 13:14 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-12 13:14 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-02 10:12 . 2007-09-19 14:26 -------- d-----w- c:\programdata\GbPlugin

2010-09-01 18:44 . 2009-04-05 12:34 -------- d-----w- c:\program files\Microsoft

2010-09-01 17:32 . 2009-06-22 00:40 -------- d-----w- c:\users\ROSEANE\AppData\Roaming\Oi

2010-08-31 17:44 . 2009-11-30 02:15 -------- d-----w- c:\program files\Windows Live Safety Center

2010-08-13 10:19 . 2007-03-13 20:48 -------- d-----w- c:\programdata\Microsoft Help

2010-08-13 09:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-02 14:30 . 2008-03-18 00:27 -------- d-----w- c:\program files\GbPlugin

2010-07-27 23:47 . 2010-07-21 15:38 -------- d-----w- c:\program files\VIVO INTERNET

2010-07-27 11:20 . 2009-07-09 12:28 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-06-28 20:57 . 2010-06-29 20:36 38848 ----a-w- c:\windows\avastSS.scr

2010-06-28 20:57 . 2010-02-01 17:36 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-02-01 17:38 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-02-01 17:38 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-02-01 17:38 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-02-01 17:38 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-28 20:32 . 2010-02-01 17:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-26 06:05 . 2010-08-12 13:15 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-08-12 13:15 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-12 13:15 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-12 13:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-12 13:15 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-12 13:15 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-16 16:04 . 2010-08-12 13:15 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-11 16:16 . 2010-08-12 13:15 274944 ----a-w- c:\windows\system32\schannel.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"CertificateRegistration"="aetcrss1.exe" [2007-10-17 163840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GBPLUGIN\gbiehcef.dll" [2009-07-01 293928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-07-27 11:18 335136 ----a-w- c:\program files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-07-01 18:08 293928 ------w- c:\program files\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):e3,5a,86,5a,a0,3e,ca,01

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 133104]

R3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\DRIVERS\D301bus.sys [2007-07-06 83328]

R3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\DRIVERS\D301mdfl.sys [2007-07-06 14976]

R3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\DRIVERS\D301mdm.sys [2007-07-06 109824]

R3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\DRIVERS\d301nd5.sys [2007-07-06 24832]

R3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\DRIVERS\d301unic.sys [2007-07-06 105728]

R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2008-04-04 87424]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 WSDPrintDevice;Suporte de Impressão WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-07-27 45472]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-07-27 55072]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 73344]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 43904]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]

2007-10-18 16:06 77824 ----a-w- c:\windows\System32\aetsprov.dll

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]

 

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 17:38]

 

2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{5A7F5423-81A0-48F2-A857-65CC3954BD9F}.job

- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.globo.com/

uInternet Settings,ProxyServer = 10.0.0.100:3128

uInternet Settings,ProxyOverride = <local>

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br\www

TCP: {A91DA54D-EEB6-4ACC-911B-65D7B6A370FD} = 200.223.0.83 200.202.193.75

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-02 08:00

Windows 6.0.6002 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant]

"ImagePath"="a"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(640)

c:\windows\system32\aetsprov.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\MNSFramework.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\conime.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Alwil Software\Avast5\AvastUI.exe

c:\windows\System32\aetcrss1.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-09-02 08:10:25 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-09-02 11:10

ComboFix2.txt 2010-09-01 13:48

 

Pré-execução: 48.319.877.120 bytes disponíveis

Pós execução: 47.880.863.744 bytes disponíveis

 

Current=2 Default=2 Failed=1 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - 519ACCAE90D28F79243BE514D2D35007

 

 

Depois disso percebi que arquivo CFScript.txt desapareceu do Desktop.

 

O que fazer agora???

[wings 22]

OK...o log está limpo.

 

1.

*Clique em [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Baixe e instale o CCleaner

*Abra o programa e na aba [Windows], desça até a opção [Avançado] e selecione:

 

[X]Dados Prefetch antigos

*Clique [Executar Limpeza]

*Clique [Registro] > [Procurar erros] > [Corrigir Erros Selecionados] > [Corrigir Todos os Erros Selecionados]

 

Um abraço.

[Roseane 0]

Oi, fiz o procedimento do ComboFix mas não está aparecendo a msn: "ComboFix está desinstalado"

Daí mandei pesquisar se existe alguma pasta e ainda existe, ou seja, não está desinstalando.

 

Também não consegui baixar o CCleaner.

[wings 22]

1.

*Desative temporariamente seu antivírus

*Baixe o Supresstools e salve-o no desktop

*Execute o Supresstools

*Clique [supression] > [OK]

*Cole o relatório C:\Report.txt

[Roseane 0]

Ok executei o Supresstools

Segue o relatório C:\Report.txt

 

 

Rapport Supress'tools

Supress'tools a été éxécuté le 02/09/2010 à 23 : 31

Par ROSEANE

Système d'exploitation : WIN_VISTA / X86 / Service Pack 2

Mode | Suppression |

 

 

¤¤¤¤¤¤¤ C:\ ¤¤¤¤¤¤¤

 

ComboFix.txt Supprimé

Qoobox Supprimé !

 

¤¤¤¤¤¤¤ C:\Users\ROSEANE\Desktop\ ¤¤¤¤¤¤¤

 

ComboFix.exe Supprimé !

 

¤¤¤¤¤¤¤ C:\Users\ROSEANE\Documents\Téléchargements ¤¤¤¤¤¤¤

 

 

¤¤¤¤¤¤¤ C:\Windows\ ¤¤¤¤¤¤¤

 

mbr.exe Supprimé !

 

¤¤¤¤¤¤¤ C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\ ¤¤¤¤¤¤¤

 

 

¤¤¤¤¤¤¤ C:\Program Files\ ¤¤¤¤¤¤¤

 

trend micro\ Supprimé !

 

¤¤¤¤¤¤¤ C:\Windows\Prefetch\ ¤¤¤¤¤¤¤

 

SETUP.EXE-95E2E6CD.pf Supprimé !

SETUP.EXE-EF4D4A07.pf Supprimé !

 

¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤

 

 

((((((((((((((( EOF )))))))))))))))

[wings 22]

Delete o Supresstools e o arquivo C:\Report.txt

 

Um abraço.

[Roseane 0]

Ainda existem os seguintes arquivos no meu C:\.

ComboFix (Pasta)

ndis_combofix (Arquivo DAT)

ComboFix-Download (Arquivo CFXXE)

 

O que eu faço, só deletar, ou executo algo?

Pq não vi nenhum botão de desinstalar neles.

[wings 22]

*Baixe o ToolsCleaner e salve-o no desktop

*Clique com o botão direito do mouse em ToolsCleaner2 e selecione "Executar como administrador"

*Clique [Recherche] e aguarde o término

*Clique [supression]

*Cole o relatório C:\TCleaner.txt

 

Caso permaneça algo...delete!

 

Delete também o ToolsCleaner2 e seu relatório.

 

Um abraço.

[Roseane 0]

Olá, segue o relatório C:\TCleaner.txt

 

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

 

--> Recherche:

 

C:\Combofix: trouvé !

 

---------------------------------

--> Suppression:

 

C:\Combofix: supprimé !

 

 

Ainda permaneceram os seguintes arquivos no meu C:\.

ComboFix (Pasta)

ndis_combofix (Arquivo DAT) --------- ok deletei

ComboFix-Download (Arquivo CFXXE) --- ok deletei

 

Só não consegui deletar esta pasta: ComboFix (Pasta)

Aparece a seguinte msm: você precisa de permissão para executar esta ação.

 

Já o ToolsCleaner2 e seu relatório eu consegui deletar.

[wings 22]

*Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Desmarque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme > Reinicie o PC

 

 

*Delete a pasta

 

 

*Clique em Iniciar > Painel de Controle > Contas de Usuários > Ativar ou Desativar Contas de Usuários > Confirme > Continuar > Marque "Utilizar o Controle de Conta de Usuário (UAC) para ajudar a proteger o computador" > OK > Confirme

 

 

Um abraço.

[Roseane 0]

Olá, boa noite.

Eu consegui deletar a pasta assim que liguei o computador agora.

Agradeço por toda a sua ajuda e principalmente atenção.

Muito obrigada por tudo, meu note está ok.

Bjs, Roseane.

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.