Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
0xx79

Analise este log, por favor!

Posts recomendados

Logfile of HijackThis v1.99.1

Scan saved at 23:24:08, on 3/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ICO.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Corel\Corel Photo Album 6\MediaDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\HpqToaster.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\TIM Web Movel\TIM Web Movel.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijack this\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {90A15A89-20DD-4E31-994A-ECC71E555A8D} - C:\WINDOWS\system32\cdmode.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Arquivos de programas\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus Photo R290 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKL.EXE /FU "C:\WINDOWS\TEMP\E_S215.tmp" /EF "HKCU"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Analisar com LeechGet - file://C:\Arquivos de programas\LeechGet 2004\\Parser.html

O8 - Extra context menu item: Download usando Assistente LeechGet - file://C:\Arquivos de programas\LeechGet 2004\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://C:\Arquivos de programas\LeechGet 2004\\AddUrl.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{42B76ACF-AF8A-4D61-8D47-E764E4A83A26}: NameServer = 189.40.238.6 189.40.238.7

O17 - HKLM\System\CCS\Services\Tcpip\..\{95C69A74-69A1-42BB-8163-51A9F50F5AE8}: NameServer = 200.165.132.154,200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{42B76ACF-AF8A-4D61-8D47-E764E4A83A26}: NameServer = 189.40.238.6 189.40.238.7

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-01-04.1 - Administrador 2008-01-06 8:50:36.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.567 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.bat

C:\autorun.inf

C:\autorun.vbs

C:\WINDOWS\system32\autorun.bat

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\autorun.reg

D:\autorun.bat

D:\Autorun.inf

D:\autorun.vbs

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))

.

2008-01-06 08:50 . 2008-01-06 08:50 <DIR> d-------- C:\Temp\WPDNSE

2008-01-06 08:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-04 16:32 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys

2008-01-04 16:32 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys

2008-01-04 16:27 . 2008-01-04 16:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-04 16:27 . 2008-01-04 16:27 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-04 16:26 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys

2008-01-04 16:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys

2008-01-04 16:26 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys

2008-01-04 16:26 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys

2008-01-04 16:26 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys

2008-01-04 16:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys

2008-01-04 16:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys

2008-01-03 19:27 . 2008-01-03 19:27 <DIR> d-------- C:\Temp\CDM

2008-01-03 19:19 . 2008-01-03 19:19 <DIR> d-------- C:\Temp\{2C965AC3-DA79-44FC-98B1-D1E5E8AE93C2}

2008-01-03 18:27 . 2005-12-16 11:48 90,112 --------- C:\WINDOWS\system32\hpqnt.dll

2008-01-03 18:27 . 2006-05-12 13:44 45,056 --a------ C:\WINDOWS\system32\hpBat.cpl

2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Arquivos de programas\Sony

2008-01-03 10:46 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll

2008-01-03 10:08 . 2008-01-03 23:24 <DIR> d-------- C:\hijack this

2008-01-03 10:00 . 2008-01-03 10:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-03 10:00 . 2008-01-03 10:00 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-03 10:00 . 2008-01-03 10:00 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-03 10:00 . 2008-01-03 10:00 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-03 08:58 . 2006-06-14 17:21 560 -rahs---- C:\autorun.reg

2008-01-03 08:29 . 2008-01-06 08:32 <DIR> d-------- C:\Temp\_avast4_

2008-01-03 08:29 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-03 08:29 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-03 08:29 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-03 08:29 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-03 08:29 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-03 08:29 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-03 08:28 . 2008-01-03 08:28 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-01-03 08:28 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-03 08:28 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-03 07:28 . 2008-01-03 07:28 <DIR> d-------- C:\Arquivos de programas\Broadcom

2008-01-03 07:28 . 2006-11-01 08:55 604,928 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS

2007-12-27 22:42 . 2007-12-28 09:02 <DIR> d-------- C:\Arquivos de programas\EPSON Print CD

2007-12-27 22:40 . 2007-12-27 22:40 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Corel Photo Album

2007-12-27 22:37 . 2007-12-27 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2007-12-27 22:37 . 2007-12-27 22:37 <DIR> d-------- C:\Arquivos de programas\Corel

2007-12-27 22:37 . 2007-12-27 22:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-27 22:37 . 2007-12-27 22:39 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-12-27 22:32 . 2007-12-27 22:33 <DIR> d-------- C:\Temp\{AF333514-E607-4673-A3B4-A17A789DF6E2}

2007-12-27 22:32 . 2007-12-27 22:42 <DIR> d-------- C:\Arquivos de programas\EPSON

2007-12-27 22:32 . 2006-10-30 17:10 455,600 -ra------ C:\Temp\_is213.exe

2007-12-27 22:16 . 2007-12-27 22:17 <DIR> d-------- C:\Temp\{2C4E225F-9C77-4D5D-A7EC-D751389C045D}

2007-12-27 22:16 . 2006-10-30 17:10 455,600 -ra------ C:\Temp\_is15D.exe

2007-12-27 22:12 . 2007-12-27 22:12 <DIR> d-------- C:\Temp\{1E45B7AC-606A-473F-9E65-E4F6555D7323}

2007-12-27 22:12 . 2007-12-27 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

2007-12-27 22:12 . 2007-12-27 22:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2007-12-27 22:12 . 2006-10-30 17:10 455,600 -ra------ C:\Temp\_isCD.exe

2007-12-27 22:11 . 2007-12-27 22:40 44 --a------ C:\WINDOWS\EPSPR290.ini

2007-12-27 21:42 . 2007-12-27 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-12-27 21:42 . 2007-12-27 21:42 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2007-12-27 16:03 . 2007-12-27 16:03 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Sonic Foundry

2007-12-27 16:02 . 2007-12-27 16:02 <DIR> d-------- C:\Program Files

2007-12-27 16:02 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll

2007-12-27 16:02 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll

2007-12-27 16:02 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2007-12-27 16:02 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx

2007-12-27 16:02 . 2008-01-03 10:46 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2007-12-27 14:51 . 2007-12-27 14:51 <DIR> d-------- C:\Temp\Cddb

2007-12-25 13:38 . 2007-12-25 13:38 118 --a------ C:\WINDOWS\system32\MRT.INI

2007-12-25 13:37 . 2007-12-27 16:35 <DIR> d-------- C:\Temp\NDP20-KB928365-v2-X86

2007-12-24 15:30 . 2007-12-24 15:30 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Leadertech

2007-12-24 07:44 . 2007-12-24 07:44 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-12-24 01:25 . 2007-12-24 01:25 <DIR> d-------- C:\Temp\WER0d6d.dir00

2007-12-24 01:02 . 2007-12-24 01:02 <DIR> d-------- C:\Temp\WER4ebc.dir00

2007-12-23 23:18 . 2007-12-23 23:18 <DIR> d-------- C:\Temp\WERedcf.dir00

2007-12-23 18:56 . 2007-12-23 18:57 <DIR> d-------- C:\Temp\WERa699.dir00

2007-12-23 18:43 . 2007-12-23 18:44 <DIR> d-------- C:\Temp\WERab6a.dir00

2007-12-23 18:24 . 2007-12-23 18:24 <DIR> d-------- C:\Temp\WER389e.dir00

2007-12-23 16:51 . 2007-12-23 16:51 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2007-12-23 12:01 . 2007-12-25 15:11 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-12-22 18:47 . 2007-12-22 18:48 3,072,054 --a------ C:\WINDOWS\wallpaper.bmp

2007-12-22 15:20 . 2007-12-22 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-12-22 14:53 . 2007-12-22 14:53 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-12-21 05:54 . 2006-11-30 14:58 18,704 -ra------ C:\WINDOWS\system32\drivers\se44nd5.sys

2007-12-21 05:53 . 2006-11-30 14:58 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys

2007-12-21 05:53 . 2006-11-30 14:58 90,800 -ra------ C:\WINDOWS\system32\drivers\se44unic.sys

2007-12-21 05:53 . 2006-11-30 14:58 88,624 -ra------ C:\WINDOWS\system32\drivers\se44mgmt.sys

2007-12-21 05:53 . 2006-11-30 14:58 86,432 -ra------ C:\WINDOWS\system32\drivers\se44obex.sys

2007-12-21 05:53 . 2006-11-30 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys

2007-12-21 05:53 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys

2007-12-21 05:53 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys

2007-12-21 05:53 . 2006-11-30 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se44cr.sys

2007-12-21 01:18 . 2007-12-30 16:43 <DIR> d-------- C:\Downloads

2007-12-21 01:17 . 19,456 C:\WINDOWS\system32\drivers\qieseiew.dat

2007-12-21 01:17 . 4,736 C:\Temp\onhfkipe.dat

2007-12-21 00:56 . 2001-10-28 09:06 84,992 --a------ C:\WINDOWS\system32\cdmode.dll

2007-12-20 23:10 . 2007-12-21 05:54 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Teleca

2007-12-20 23:09 . 2007-12-20 23:09 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony Ericsson

2007-12-20 23:08 . 2007-12-20 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Ericsson

2007-12-20 23:08 . 2007-12-20 23:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Sony Ericsson Shared

2007-12-20 23:07 . 2007-12-20 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Teleca

2007-12-20 23:07 . 2007-12-20 23:07 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2007-12-20 23:07 . 2007-12-20 23:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-12-20 23:05 . 2007-12-20 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2007-12-20 23:05 . 2007-12-20 23:06 <DIR> d-------- C:\Arquivos de programas\QuickTime

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-17 14:43 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-12-17 14:43 --------- d-----w C:\Arquivos de programas\Java

2007-12-17 14:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-17 14:38 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-17 14:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-17 14:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-17 12:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-12-17 12:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2006-07-30 23:20 959 --sha-r C:\WINDOWS\system32\autorun.bin

2002-12-10 09:00 1,089,536 --sha-r C:\WINDOWS\system32\autorun.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90A15A89-20DD-4E31-994A-ECC71E555A8D}]

2001-10-28 09:06 84992 --a------ C:\WINDOWS\system32\cdmode.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-05-17 13:11 5729136]

"LeechGet"="" []

"EPSON Stylus Photo R290 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKL.exe" [2007-04-13 04:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]

"HP Software Update"="c:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 15:36 57344 C:\WINDOWS\system32\ICO.EXE]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]

"nTrayFw"="C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]

"nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-12-20 23:05 155648]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"Corel Photo Downloader"="C:\Arquivos de programas\Corel\Corel Photo Album 6\MediaDetect.exe" [2007-02-21 02:15 112208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2004-08-04 00:45 101376 C:\WINDOWS\system32\advpack.dll]

R0 vpcbcurl;vpcbcurl;C:\WINDOWS\system32\drivers\qieseiew.dat []

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Administrador\Desktop\Everest 4.10.1091\kerneld.wnt []

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 11:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

S3 Sinistro1;Sinistro1;C:\Documents and Settings\Administrador\Desktop\bruno\shak3\2.2\Sinistro.sys []

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ecc024c-af65-11dc-862e-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ecc024e-af65-11dc-862e-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b34cd7-af40-11dc-862b-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b34cda-af40-11dc-862b-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-06 08:53:00

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-06 8:53:35

ComboFix-quarantined-files.txt 2008-01-06 10:53:18

.

2008-01-06 10:02:21 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Faça o download do ComboFix e salve-o na área de trabalho;

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;


Driver::
vpcbcurl
RootKit::
C:\WINDOWS\system32\drivers\qieseiew.dat
File::
C:\WINDOWS\system32\cdmode.dll
C:\Temp\onhfkipe.dat

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Cole novo log do Combofix e do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-01-04.1 - Administrador 2008-01-07 3:02:25.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.781 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

FILE

C:\Temp\onhfkipe.dat

C:\WINDOWS\system32\cdmode.dll

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Temp\onhfkipe.dat

C:\WINDOWS\system32\cdmode.dll

C:\WINDOWS\system32\drivers\qieseiew.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_VPCBCURL

-------\vpcbcurl

((((((((((((((((((((((( Ficheiros criados de 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))

.

2008-01-07 03:05 . 2008-01-07 03:05 <DIR> d-------- C:\Temp\WPDNSE

2008-01-06 09:03 . 2008-01-06 09:03 <DIR> d-------- C:\Temp\_avast4_

2008-01-06 08:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-04 16:32 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys

2008-01-04 16:32 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys

2008-01-04 16:27 . 2008-01-04 16:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-04 16:27 . 2008-01-04 16:27 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-04 16:26 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys

2008-01-04 16:26 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys

2008-01-04 16:26 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys

2008-01-04 16:26 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys

2008-01-04 16:26 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys

2008-01-04 16:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys

2008-01-04 16:26 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys

2008-01-03 18:27 . 2005-12-16 11:48 90,112 --------- C:\WINDOWS\system32\hpqnt.dll

2008-01-03 18:27 . 2006-05-12 13:44 45,056 --a------ C:\WINDOWS\system32\hpBat.cpl

2008-01-03 10:46 . 2008-01-03 10:46 <DIR> d-------- C:\Arquivos de programas\Sony

2008-01-03 10:46 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll

2008-01-03 10:00 . 2008-01-03 10:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-03 10:00 . 2008-01-03 10:00 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-03 10:00 . 2008-01-03 10:00 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-03 10:00 . 2008-01-03 10:00 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-03 08:58 . 2006-06-14 17:21 560 -rahs---- C:\autorun.reg

2008-01-03 08:29 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-03 08:29 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-03 08:29 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-03 08:29 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-03 08:29 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-03 08:29 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-03 08:28 . 2008-01-03 08:28 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-01-03 08:28 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-03 08:28 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-03 07:28 . 2008-01-03 07:28 <DIR> d-------- C:\Arquivos de programas\Broadcom

2008-01-03 07:28 . 2006-11-01 08:55 604,928 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS

2007-12-27 22:42 . 2007-12-28 09:02 <DIR> d-------- C:\Arquivos de programas\EPSON Print CD

2007-12-27 22:40 . 2007-12-27 22:40 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Corel Photo Album

2007-12-27 22:37 . 2007-12-27 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2007-12-27 22:37 . 2007-12-27 22:37 <DIR> d-------- C:\Arquivos de programas\Corel

2007-12-27 22:37 . 2007-12-27 22:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-12-27 22:37 . 2007-12-27 22:39 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-12-27 22:32 . 2007-12-27 22:42 <DIR> d-------- C:\Arquivos de programas\EPSON

2007-12-27 22:12 . 2007-12-27 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

2007-12-27 22:12 . 2007-12-27 22:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2007-12-27 22:11 . 2007-12-27 22:40 44 --a------ C:\WINDOWS\EPSPR290.ini

2007-12-27 21:42 . 2007-12-27 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-12-27 21:42 . 2007-12-27 21:42 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2007-12-27 16:03 . 2007-12-27 16:03 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Sonic Foundry

2007-12-27 16:02 . 2007-12-27 16:02 <DIR> d-------- C:\Program Files

2007-12-27 16:02 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll

2007-12-27 16:02 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll

2007-12-27 16:02 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2007-12-27 16:02 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx

2007-12-27 16:02 . 2008-01-03 10:46 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2007-12-25 13:38 . 2007-12-25 13:38 118 --a------ C:\WINDOWS\system32\MRT.INI

2007-12-24 15:30 . 2007-12-24 15:30 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Leadertech

2007-12-24 07:44 . 2007-12-24 07:44 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2007-12-23 16:51 . 2007-12-23 16:51 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2007-12-23 12:01 . 2007-12-25 15:11 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-12-22 18:47 . 2007-12-22 18:48 3,072,054 --a------ C:\WINDOWS\wallpaper.bmp

2007-12-22 15:20 . 2007-12-22 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-12-22 14:53 . 2007-12-22 14:53 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-12-21 05:54 . 2006-11-30 14:58 18,704 -ra------ C:\WINDOWS\system32\drivers\se44nd5.sys

2007-12-21 05:53 . 2006-11-30 14:58 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys

2007-12-21 05:53 . 2006-11-30 14:58 90,800 -ra------ C:\WINDOWS\system32\drivers\se44unic.sys

2007-12-21 05:53 . 2006-11-30 14:58 88,624 -ra------ C:\WINDOWS\system32\drivers\se44mgmt.sys

2007-12-21 05:53 . 2006-11-30 14:58 86,432 -ra------ C:\WINDOWS\system32\drivers\se44obex.sys

2007-12-21 05:53 . 2006-11-30 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys

2007-12-21 05:53 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys

2007-12-21 05:53 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys

2007-12-21 05:53 . 2006-11-30 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se44cr.sys

2007-12-21 01:18 . 2007-12-30 16:43 <DIR> d-------- C:\Downloads

2007-12-20 23:10 . 2007-12-21 05:54 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Teleca

2007-12-20 23:09 . 2007-12-20 23:09 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony Ericsson

2007-12-20 23:08 . 2007-12-20 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Ericsson

2007-12-20 23:08 . 2007-12-20 23:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Sony Ericsson Shared

2007-12-20 23:07 . 2007-12-20 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Teleca

2007-12-20 23:07 . 2007-12-20 23:07 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2007-12-20 23:07 . 2007-12-20 23:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-12-20 23:05 . 2007-12-20 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2007-12-20 23:05 . 2007-12-20 23:06 <DIR> d-------- C:\Arquivos de programas\QuickTime

2007-12-20 23:04 . 2007-12-20 23:04 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2007-12-20 23:01 . 2007-12-20 23:01 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2007-12-20 22:59 . 2007-12-20 22:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2007-12-20 22:59 . 2007-12-20 22:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeAUM

2007-12-20 22:57 . 2006-11-30 11:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se44bus.sys

2007-12-20 22:57 . 2006-11-30 11:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44whnt.sys

2007-12-20 22:57 . 2006-11-30 11:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44wh.sys

2007-12-20 19:32 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-12-20 19:32 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-12-20 19:31 . 2007-12-20 19:32 <DIR> d-------- C:\Arquivos de programas\TIM Web Movel

2007-12-20 19:31 . 2007-04-20 10:56 100,992 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys

2007-12-20 19:31 . 2007-04-20 10:56 24,448 -ra------ C:\WINDOWS\system32\drivers\ewdcsc.sys

2007-12-20 10:31 . 2007-12-20 23:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-12-20 10:31 . 2007-12-20 10:31 <DIR> d-------- C:\Arquivos de programas\TT24

2007-12-19 17:40 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-12-19 17:40 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2007-12-19 17:36 . 2007-12-19 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2007-12-19 17:33 . 2007-12-19 17:36 <DIR> d-------- C:\WINDOWS\nview

2007-12-19 17:33 . 2006-07-20 20:58 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-12-19 17:33 . 2008-01-07 03:06 51,048 --a------ C:\WINDOWS\system32\nvapps.xml

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-17 14:43 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2007-12-17 14:43 --------- d-----w C:\Arquivos de programas\Java

2007-12-17 14:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2007-12-17 14:38 --------- d-----w C:\Arquivos de programas\Serviços on-line

2007-12-17 14:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2007-12-17 14:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-12-17 12:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-12-17 12:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\ODBC

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2006-07-30 23:20 959 --sha-r C:\WINDOWS\system32\autorun.bin

2002-12-10 09:00 1,089,536 --sha-r C:\WINDOWS\system32\autorun.exe

.

((((((((((((((((((((((((((((( snapshot@2008-01-06_ 8.53.06,42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2000-08-31 10:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

- 2008-01-06 10:04:31 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-01-07 05:01:36 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-01-06 10:04:31 71,382 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-01-07 05:01:36 70,980 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-01-06 10:04:31 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-01-07 05:01:36 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-01-06 10:04:31 434,408 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-01-07 05:01:36 433,840 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-01-07 05:05:39 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6e8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-05-17 13:11 5729136]

"LeechGet"="" []

"EPSON Stylus Photo R290 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKL.exe" [2007-04-13 04:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]

"HP Software Update"="c:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 15:36 57344 C:\WINDOWS\system32\ICO.EXE]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]

"nTrayFw"="C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]

"nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-12-20 23:05 155648]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

"Corel Photo Downloader"="C:\Arquivos de programas\Corel\Corel Photo Album 6\MediaDetect.exe" [2007-02-21 02:15 112208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2004-08-04 00:45 101376 C:\WINDOWS\system32\advpack.dll]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Administrador\Desktop\Everest 4.10.1091\kerneld.wnt []

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 11:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

S3 Sinistro1;Sinistro1;C:\Documents and Settings\Administrador\Desktop\bruno\shak3\2.2\Sinistro.sys []

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ecc024c-af65-11dc-862e-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ecc024e-af65-11dc-862e-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b34cd7-af40-11dc-862b-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b34cda-af40-11dc-862b-001b7853658e}]

\Shell\AutoRun\command - F:\AutoRun.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-07 03:05:58

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusÆo: 2008-01-07 3:09:20 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-07 05:08:42

.

2008-01-06 10:02:21 --- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 03:20:22, on 7/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ICO.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Corel\Corel Photo Album 6\MediaDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\HpqToaster.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arthur Setings\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [nTrayFw] C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Arquivos de programas\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus Photo R290 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKL.EXE /FU "C:\WINDOWS\TEMP\E_S215.tmp" /EF "HKCU"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Analisar com LeechGet - file://C:\Arquivos de programas\LeechGet 2004\\Parser.html

O8 - Extra context menu item: Download usando Assistente LeechGet - file://C:\Arquivos de programas\LeechGet 2004\\Wizard.html

O8 - Extra context menu item: Download usando LeechGet - file://C:\Arquivos de programas\LeechGet 2004\\AddUrl.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{95C69A74-69A1-42BB-8163-51A9F50F5AE8}: NameServer = 200.165.132.154,200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Atualize o Internet Explorer:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=pt-br

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...