Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
taicanb

A CPU NTVDM encontrou uma instrução não permitida, por favor analisem o log...

Recommended Posts

quando abro alguns programas está aparecendo essa mensagem, e outros nem abrem mais...

aqui o log

Logfile of HijackThis v1.99.1

Scan saved at 02:50:26, on 16/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Vongo\VongoService.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Vongo\Tray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Documents and Settings\USER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.2:3128

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\USER\LOCALS~1\Temp\MsgPlusUninst.bat"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ComboFix 07-09-14.2 - "USER" 2007-09-16 21:37:33.3 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.606 [GMT -3:00]

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    D:\Autorun.inf

    .

    ((((((((((((((((((((((((( Files Created from 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))

    .

    2007-09-16 21:30 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2007-09-16 13:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Activision

    2007-09-16 13:02 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

    2007-09-16 13:02 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

    2007-09-16 04:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

    2007-09-16 03:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

    2007-09-16 02:32 <DIR> d-------- C:\!KillBox

    2007-09-16 02:07 <DIR> d-------- C:\pw

    2007-09-16 02:07 <DIR> d-------- C:\Program Files\PW

    2007-09-16 02:07 <DIR> d-------- C:\Program Files\LevelUpGames

    2007-09-16 02:07 <DIR> d-------- C:\Program Files\Gravity

    2007-09-16 02:07 <DIR> d-------- C:\Program Files\Buena Vista Games

    2007-09-13 19:36 <DIR> d-------- C:\WINDOWS\l2schemas

    2007-09-13 19:36 <DIR> d-------- C:\Program Files\Windows Sidebar

    2007-09-13 19:34 <DIR> d-------- C:\Program Files\Alky for Applications

    2007-09-13 18:45 <DIR> d-------- C:\DOCUME~1\USER\APPLIC~1\ViStart

    2007-09-04 01:53 <DIR> d-------- C:\Program Files\Tomb Raider - Legend

    2007-09-04 00:34 <DIR> d-------- C:\Program Files\CCleaner

    2007-09-02 19:07 <DIR> d-------- C:\Program Files\Bonjour

    2007-09-02 19:00 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

    2007-08-30 08:17 <DIR> d-------- C:\DOCUME~1\USER\APPLIC~1\Ahead

    2007-08-30 08:14 <DIR> d-------- C:\Program Files\Nero

    2007-08-30 08:14 <DIR> d-------- C:\Program Files\Common Files\Ahead

    2007-08-23 11:00 <DIR> d-------- C:\DOCUME~1\USER\APPLIC~1\Netscape

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-09-16 21:36 --------- d-------- C:\DOCUME~1\USER\APPLIC~1\Skype

    2007-09-16 13:03 --------- d-------- C:\DOCUME~1\USER\APPLIC~1\Activision

    2007-09-16 13:01 --------- d--h----- C:\Program Files\InstallShield Installation Information

    2007-09-16 12:58 --------- d-------- C:\Program Files\Activision

    2007-09-16 03:45 --------- d-------- C:\Program Files\MessengerPlus! 3

    2007-09-16 03:33 --------- d-------- C:\Program Files\eMule

    2007-09-16 02:35 --------- d-------- C:\Program Files\Yahoo!

    2007-09-06 07:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe

    2007-09-06 07:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-09-06 07:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

    2007-09-06 07:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-09-06 07:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-09-06 07:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

    2007-09-06 07:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-08-12 23:30 --------- d-------- C:\Program Files\Microsoft Works

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

    2007-07-27 23:20 --------- d-------- C:\DOCUME~1\USER\APPLIC~1\Corel

    2007-07-27 23:17 --------- d-------- C:\Program Files\Corel

    2007-07-27 23:17 --------- d-------- C:\Program Files\Common Files\Corel

    2007-06-26 12:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

    2007-06-26 11:35 810496 --a------ C:\WINDOWS\system32\wininet(2).dll

    2007-06-26 11:35 665600 --a------ C:\WINDOWS\system32\wininet(3)(2).dll

    2007-06-26 11:35 665600 --------- C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

    2007-06-26 03:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

    2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

    2007-06-19 10:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll

    2005-09-24 12:49 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 01:56]

    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 02:58]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 01:03]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-29 02:00]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-29 02:00]

    "nwiz"="nwiz.exe" [2006-06-29 02:00 C:\WINDOWS\system32\nwiz.exe]

    "MsmqIntCert"="regsvr32 /s mqrt.dll" []

    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 21:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 02:01]

    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 02:55]

    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 21:30]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 21:30]

    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 16:33]

    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 21:02]

    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 15:23]

    "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 14:52]

    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 07:06]

    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-10 03:41]

    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 01:00]

    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-28 14:52]

    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 19:29]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\

    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-07 18:40:06]

    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

    HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 13:39:30]

    C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\

    Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32]

    C:\DOCUME~1\USER\STARTM~1\Programs\Startup\

    Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

    Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32]

    C:\WINDOWS\system32\config\SYSTEM~1\STARTM~1\Programs\Startup\

    Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe

    R2 MSMQTriggers;Message Queuing Triggers;C:\WINDOWS\system32\mqtgsvc.exe

    R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

    R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys

    R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys

    R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys

    S3 XDva009;XDva009;\??\C:\WINDOWS\system32\XDva009.sys

    S4 Evgtuseinp;Evgtuseinp;C:\WINDOWS\system32\nvsvc32.exe

    .

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-09-16 21:41:03

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???@X??????Y?@?????<?@

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2007-09-16 21:41:34

    C:\ComboFix-quarantined-files.txt ... 2007-09-16 21:41

    .

    --- E O F ---

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Log limpo :)

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Registro > Procurar erros > Corrigir Erros

    - Desative e ative novamente a Restauração do Sistema

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×