Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
mvrodrigues

Proper.exe e Lanmanwrk alguém sabe remover ?

Recommended Posts

Olá amigos,

Ontem a noite eu entrei no site de RevistasGratis e quando entrei no site, o Avast já avisou que existia um vírus e tal, eu ignorei pois o avast detecta muita coisa, se eu for pelo avast, nem counter-strike eu jogaria, pois bem, daí o computador reiniciou e não ligava mais, ficava reiniciando direto, daí entrei em modo de segurança, passei ccleaner, spybot e o avast no boot, removi 7 vírus no boot, alguns no spybot, porém ainda persistem o lanmanwrk que não é tão bom porque eu consegui desativalo no MSCONFIG e o duro é o proper.exe, que eu só consigo trabalhar em paz, quando eu dou o famoso finalizar tarefa nele. Detalhe, no MSCONFIG existem 4 inicializações que eu removo e voltam e provavelmente fazem parte do vírus, e que são elas:

- Winter:bravo:

- Winter

- Autos

- Infos

Também não consigo mais mexer no painel de controle, porque ele bloqueia dizendo que não tenho previlégios de administrador.

Amigos recorri a vocês, porque vocês manjam muito... São muito prestativos e tenho certeza que me ajudariam. O log do HijackThis está abaixo. Se não houver o lanmanwrk e o proper é porque eu os finalizei, mas eles ainda estão aqui.

Logfile of HijackThis v1.99.1

Scan saved at 16:05:45, on 17/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\proper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Admin\Meus documentos\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [undefined] C:\WINDOWS\system32\winter.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [undefined] C:\WINDOWS\system32\winter.exe

O4 - Startup: infos.exe

O4 - Global Startup: autos.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\sof629.txt

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt e um novo log do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eis o log do HiJack

Logfile of HijackThis v1.99.1

Scan saved at 03:17:23, on 19/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\sXe Injected\sXe Injected.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Admin\Meus documentos\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

E agora do combo fix..

ComboFix 08-01-18.3 - Admin 2008-01-17 23:16:44.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1803 [GMT -2:00]

Executando de: C:\Documents and Settings\Admin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Admin\Menu Iniciar\Programas\Inicializar\infos.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\autos.exe

C:\WINDOWS\system32\_svchost.exe

C:\WINDOWS\system32\0x57.exe

C:\WINDOWS\system32\drivers\Jpv40.sys

C:\WINDOWS\system32\lanmandrv.sys

C:\WINDOWS\system32\proper.exe

C:\WINDOWS\system32\winter.exe

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))

.

2008-01-17 23:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-17 21:24 . 2008-01-17 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2008-01-17 21:24 . 2008-01-17 21:24 <DIR> d-------- C:\Arquivos de programas\NCH Swift Sound

2008-01-17 14:00 . 2008-01-17 14:00 1,190 --a------ C:\WINDOWS\mozver.dat

2008-01-17 13:57 . 2008-01-17 13:57 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-17 05:03 . 2007-11-15 21:47 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-01-17 05:03 . 2008-01-17 05:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-01-17 04:35 . 2008-01-17 04:35 <DIR> d-------- C:\Arquivos de programas\Enigma Software Group

2008-01-17 03:23 . 2008-01-17 03:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-01-17 03:22 . 2008-01-17 03:24 <DIR> d-------- C:\Documents and Settings\Admin\.housecall6.6

2008-01-17 03:10 . 2008-01-17 03:10 181 --a------ C:\WINDOWS\wininit.ini

2008-01-17 02:48 . 2008-01-17 02:48 62,976 --a------ C:\nethlpr.exe

2008-01-17 02:48 . 2008-01-17 02:48 60,961 --a------ C:\WINDOWS\system32\dfsj2295.exe

2008-01-17 02:48 . 2008-01-17 02:48 54,272 --a------ C:\50.tmp

2008-01-17 02:48 . 2008-01-17 02:48 28,672 --a------ C:\WINDOWS\system32\dfsj2313.exe

2008-01-17 02:48 . 2008-01-17 02:48 14,336 --a------ C:\winavvr.exe

2008-01-17 02:48 . 2008-01-17 02:48 13,824 --a------ C:\Documents and Settings\Admin\nax.exe

2008-01-17 02:48 . 2008-01-17 02:48 8,704 --a------ C:\WINDOWS\ssh.pif

2008-01-17 02:48 . 2008-01-17 02:48 7,040 --a------ C:\WINDOWS\system32\drivers\ndisaluo.sys

2008-01-17 02:48 . 2008-01-17 02:48 8 --a------ C:\WINDOWS\system32\svchost.t__

2008-01-17 02:48 . 2008-01-17 02:48 4 --a------ C:\51.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\4E.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\4D.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\4C.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\4B.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\49.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\48.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\46.tmp

2008-01-17 02:47 . 2008-01-17 02:47 0 --a------ C:\45.tmp

2008-01-17 02:46 . 2008-01-17 02:48 6,144 --a------ C:\Documents and Settings\Admin\ie_updates3r.exe

2008-01-17 02:45 . 2008-01-17 02:45 54,272 --a------ C:\36.tmp

2008-01-09 18:10 . 2008-01-09 18:10 <DIR> d-------- C:\Documents and Settings\Admin\Dados de aplicativos\teamspeak2

2008-01-04 20:45 . 2008-01-04 20:45 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-01-03 13:32 . 2008-01-03 13:32 <DIR> d-------- C:\Arquivos de programas\Cygnus

2008-01-02 03:23 . 2008-01-17 04:11 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-01 23:24 . 2008-01-04 15:35 <DIR> d-------- C:\Arquivos de programas\Download Direct

2007-12-28 19:52 . 2007-12-28 19:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-12-28 19:52 . 2007-12-28 19:52 <DIR> d-------- C:\Arquivos de programas\Ahead

2007-12-28 19:52 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-12-28 19:52 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-12-28 19:52 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-12-28 19:52 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-12-28 19:52 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-12-28 19:52 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-12-28 19:52 . 2004-03-03 21:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2007-12-28 19:52 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-12-28 19:52 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2007-12-28 19:52 . 2004-03-03 21:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2007-12-24 20:04 . 2008-01-02 00:30 <DIR> d-------- C:\Arquivos de programas\eMule

2007-12-20 02:36 . 2007-12-20 02:36 <DIR> d-------- C:\Arquivos de programas\Ubisoft

2007-12-18 11:10 . 2004-08-04 01:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-12-18 00:35 . 2007-03-07 21:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-12-18 00:35 . 2007-03-07 21:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-12-18 00:35 . 2007-03-07 21:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-18 00:29 --------- d-----w C:\Arquivos de programas\Valve

2008-01-17 21:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-17 21:35 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-01-17 19:00 --------- d-----w C:\Arquivos de programas\sXe Injected

2008-01-17 04:46 12,800 ----a-w C:\WINDOWS\system32\linksave.dll

2008-01-04 23:05 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-26 22:29 --------- d-----w C:\Arquivos de programas\Steam

2007-12-20 04:41 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-12-18 02:38 --------- d-----w C:\Arquivos de programas\Winamp

2007-12-17 21:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith

2007-12-17 21:03 --------- d-----w C:\Arquivos de programas\TechSmith

2007-12-17 20:12 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-03 20:41 --------- d-----w C:\Arquivos de programas\forsage3

2007-12-03 18:10 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-11-27 01:13 --------- d--h--r C:\Documents and Settings\Admin\Dados de aplicativos\SecuROM

2007-11-27 01:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2007-11-27 00:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-11-27 00:43 22,328 ----a-w C:\Documents and Settings\Admin\Dados de aplicativos\PnkBstrK.sys

2007-11-26 18:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-26 18:43 --------- d-----w C:\Documents and Settings\Admin\Dados de aplicativos\AdobeUM

2007-11-24 00:26 --------- d-----w C:\Arquivos de programas\DAEMON Tools

2007-11-23 01:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2007-11-23 00:40 --------- d-----w C:\Arquivos de programas\PowerISO

2007-11-23 00:16 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-11-23 00:13 --------- d-----w C:\Arquivos de programas\D-Tools

2007-11-21 15:04 --------- d-----w C:\Arquivos de programas\Programas SRF

2007-11-18 17:30 --------- d-----w C:\Arquivos de programas\XviD

2007-11-18 17:30 --------- d-----w C:\Arquivos de programas\NimoCodec Pack

2007-11-18 17:30 --------- d-----w C:\Arquivos de programas\ffdshow

2007-11-18 14:55 --------- d-----w C:\Documents and Settings\Admin\Dados de aplicativos\GetRightToGo

2007-11-18 14:55 --------- d-----w C:\Arquivos de programas\FLVPlayer

2007-11-18 14:49 --------- d-----w C:\Arquivos de programas\DivXCodec

2007-11-18 14:49 --------- d-----w C:\Arquivos de programas\DivX

2007-11-18 14:37 --------- d-----w C:\Arquivos de programas\ACE Mega CoDecS Pack

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-02-23 11:25 7774208]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-02-23 11:25 81920]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2007-08-06 22:05 200704]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^infos.exe]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\infos.exe

backup=C:\WINDOWS\pss\infos.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Iniciar^Programas^Inicializar^infos.exe]

path=C:\Documents and Settings\Admin\Menu Iniciar\Programas\Inicializar\infos.exe

backup=C:\WINDOWS\pss\infos.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^autos.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\autos.exe

backup=C:\WINDOWS\pss\autos.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]

C:\Arquivos de programas\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-ra------ 2005-05-03 08:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 01:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-16 09:24 167368 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]

C:\DOCUME~1\Admin\CONFIG~1\Temp\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]

C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-02-23 11:25 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-ra------ 2006-12-19 01:12 16062464 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-ra------ 2006-05-16 08:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

--a------ 2007-11-30 13:47 847872 C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-12-11 23:09 1266936 C:\Arquivos de programas\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]

--a------ 2008-01-09 03:17 504320 C:\Arquivos de programas\sXe Injected\sXe Injected.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]

C:\WINDOWS\system32\winter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 03:28 36352 C:\Arquivos de programas\Winamp\winampa.exe

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-01-09 04:12]

S3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 12:16]

S3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 12:16]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-17 23:20:44

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusÆo: 2008-01-17 23:22:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-18 01:22:08

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\nethlpr.exe
C:\WINDOWS\system32\dfsj2295.exe
C:\50.tmp
C:\WINDOWS\system32\dfsj2313.exe
C:\winavvr.exe
C:\Documents and Settings\Admin\nax.exe
C:\WINDOWS\system32\drivers\ndisaluo.sys
C:\WINDOWS\system32\svchost.t__
C:\51.tmp
C:\4E.tmp
C:\4D.tmp
C:\4C.tmp
C:\4B.tmp
C:\49.tmp
C:\48.tmp
C:\46.tmp
C:\45.tmp
C:\Documents and Settings\Admin\ie_updates3r.exe
C:\36.tmp

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Cole novo log do Combofix e do HijackThis na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ae JoseMelo,

Eu fiz o que tu pediu, mas pediu para apertar 1 para continuar ou 2 abortar..

daí apertei 1 obviamente..

Eis o log que tu pediu..

ComboFix 08-01-18.3 - Admin 2008-01-20 20:24:43.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1680 [GMT -2:00]

Executando de: C:\Documents and Settings\Admin\Meus documentos\ComboFix.exe

Command switches used :: C:\Documents and Settings\Admin\Meus documentos\CFScript.txt.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE

C:\36.tmp

C:\45.tmp

C:\46.tmp

C:\48.tmp

C:\49.tmp

C:\4B.tmp

C:\4C.tmp

C:\4D.tmp

C:\4E.tmp

C:\50.tmp

C:\51.tmp

C:\Documents and Settings\Admin\ie_updates3r.exe

C:\Documents and Settings\Admin\nax.exe

C:\nethlpr.exe

C:\winavvr.exe

C:\WINDOWS\system32\dfsj2295.exe

C:\WINDOWS\system32\dfsj2313.exe

C:\WINDOWS\system32\drivers\ndisaluo.sys

C:\WINDOWS\system32\svchost.t__

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\36.tmp

C:\45.tmp

C:\46.tmp

C:\48.tmp

C:\49.tmp

C:\4B.tmp

C:\4C.tmp

C:\4D.tmp

C:\4E.tmp

C:\50.tmp

C:\51.tmp

C:\Documents and Settings\Admin\ie_updates3r.exe

C:\Documents and Settings\Admin\nax.exe

C:\nethlpr.exe

C:\winavvr.exe

C:\WINDOWS\system32\dfsj2295.exe

C:\WINDOWS\system32\dfsj2313.exe

C:\WINDOWS\system32\drivers\ndisaluo.sys

C:\WINDOWS\system32\svchost.t__

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))

.

2008-01-19 03:24 . 2008-01-19 03:24 166 --a------ C:\key.shm

2008-01-19 03:23 . 2008-01-19 03:23 28,224 --a------ C:\WINDOWS\system32\FnAq3xaE.exe

2008-01-18 01:51 . 2008-01-18 01:51 <DIR> d-------- C:\Arquivos de programas\Google

2008-01-17 23:22 . 2008-01-17 23:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-01-17 23:22 . 2008-01-17 23:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-01-17 23:22 . 2008-01-17 23:22 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-01-17 23:22 . 2008-01-17 23:22 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2008-01-17 23:22 . 2008-01-17 23:22 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais

2008-01-17 23:22 . 2008-01-17 23:22 <DIR> d-------- C:\Documents and Settings\Admin\Configuraþ§es locais

2008-01-17 23:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-17 21:24 . 2008-01-17 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2008-01-17 21:24 . 2008-01-17 21:24 <DIR> d-------- C:\Arquivos de programas\NCH Swift Sound

2008-01-17 14:00 . 2008-01-17 14:00 1,190 --a------ C:\WINDOWS\mozver.dat

2008-01-17 13:57 . 2008-01-17 13:57 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-17 05:03 . 2007-11-15 21:47 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-01-17 05:03 . 2008-01-17 05:04 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-01-17 05:03 . 2007-11-15 19:41 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-01-17 04:35 . 2008-01-17 04:35 <DIR> d-------- C:\Arquivos de programas\Enigma Software Group

2008-01-17 03:23 . 2008-01-17 03:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-01-17 03:22 . 2008-01-17 03:24 <DIR> d-------- C:\Documents and Settings\Admin\.housecall6.6

2008-01-17 03:10 . 2008-01-17 03:10 181 --a------ C:\WINDOWS\wininit.ini

2008-01-17 02:48 . 2008-01-17 02:48 8,704 --a------ C:\WINDOWS\ssh.pif

2008-01-09 18:10 . 2008-01-09 18:10 <DIR> d-------- C:\Documents and Settings\Admin\Dados de aplicativos\teamspeak2

2008-01-04 20:45 . 2008-01-04 20:45 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-01-03 13:32 . 2008-01-03 13:32 <DIR> d-------- C:\Arquivos de programas\Cygnus

2008-01-02 03:23 . 2008-01-19 16:26 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-01 23:24 . 2008-01-04 15:35 <DIR> d-------- C:\Arquivos de programas\Download Direct

2007-12-28 19:52 . 2007-12-28 19:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2007-12-28 19:52 . 2007-12-28 19:52 <DIR> d-------- C:\Arquivos de programas\Ahead

2007-12-28 19:52 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-12-28 19:52 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-12-28 19:52 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-12-28 19:52 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-12-28 19:52 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-12-28 19:52 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-12-28 19:52 . 2004-03-03 21:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2007-12-28 19:52 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-12-28 19:52 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2007-12-28 19:52 . 2004-03-03 21:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2007-12-24 20:04 . 2008-01-02 00:30 <DIR> d-------- C:\Arquivos de programas\eMule

2007-12-20 02:36 . 2007-12-20 02:36 <DIR> d-------- C:\Arquivos de programas\Ubisoft

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-20 18:13 --------- d-----w C:\Arquivos de programas\Valve

2008-01-20 16:55 --------- d-----w C:\Arquivos de programas\sXe Injected

2008-01-19 18:18 --------- d-----w C:\Arquivos de programas\Steam

2008-01-17 21:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-17 21:35 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-01-17 04:46 12,800 ----a-w C:\WINDOWS\system32\linksave.dll

2008-01-04 23:05 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-20 04:41 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-12-18 02:38 --------- d-----w C:\Arquivos de programas\Winamp

2007-12-17 21:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith

2007-12-17 21:03 --------- d-----w C:\Arquivos de programas\TechSmith

2007-12-17 20:12 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-12-03 20:41 --------- d-----w C:\Arquivos de programas\forsage3

2007-12-03 18:10 --------- d-----w C:\Arquivos de programas\Alwil Software

2007-11-27 01:13 --------- d--h--r C:\Documents and Settings\Admin\Dados de aplicativos\SecuROM

2007-11-27 01:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2007-11-27 00:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-11-27 00:43 22,328 ----a-w C:\Documents and Settings\Admin\Dados de aplicativos\PnkBstrK.sys

2007-11-26 18:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-26 18:43 --------- d-----w C:\Documents and Settings\Admin\Dados de aplicativos\AdobeUM

2007-11-24 00:26 --------- d-----w C:\Arquivos de programas\DAEMON Tools

2007-11-23 01:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2007-11-23 00:40 --------- d-----w C:\Arquivos de programas\PowerISO

2007-11-23 00:16 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-11-23 00:13 --------- d-----w C:\Arquivos de programas\D-Tools

2007-11-21 15:04 --------- d-----w C:\Arquivos de programas\Programas SRF

.

((((((((((((((((((((((((((((( snapshot@2008-01-17_23.21.57.89 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-18 01:16:10 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-20 22:24:39 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-18 01:16:10 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-20 22:24:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-18 01:16:10 3,776,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-20 22:24:39 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-18 01:16:10 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-20 22:24:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-20 22:24:39 3,776,512 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-20 22:24:40 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2007-11-21 00:04:14 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe

+ 2008-01-18 03:51:38 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-01-20 22:19:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_614.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-02-23 11:25 7774208]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-02-23 11:25 81920]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2007-08-06 22:05 200704]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^infos.exe]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\infos.exe

backup=C:\WINDOWS\pss\infos.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Iniciar^Programas^Inicializar^infos.exe]

path=C:\Documents and Settings\Admin\Menu Iniciar\Programas\Inicializar\infos.exe

backup=C:\WINDOWS\pss\infos.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^autos.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\autos.exe

backup=C:\WINDOWS\pss\autos.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]

C:\Arquivos de programas\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-ra------ 2005-05-03 08:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 01:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-16 09:24 167368 C:\Arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]

C:\DOCUME~1\Admin\CONFIG~1\Temp\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]

C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-02-23 11:25 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-ra------ 2006-12-19 01:12 16062464 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-ra------ 2006-05-16 08:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

--a------ 2007-11-30 13:47 847872 C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-12-11 23:09 1266936 C:\Arquivos de programas\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]

--a------ 2008-01-09 03:17 504320 C:\Arquivos de programas\sXe Injected\sXe Injected.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]

C:\WINDOWS\system32\winter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 03:28 36352 C:\Arquivos de programas\Winamp\winampa.exe

S3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2008-01-09 04:12]

S3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 12:16]

S3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 12:16]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-20 02:00:02 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 16:00:02 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 17:00:01 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 18:00:01 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 19:00:01 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 20:00:01 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 03:00:01 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 21:00:01 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 22:00:02 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 23:00:03 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 00:00:01 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 01:00:01 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 04:00:01 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 05:00:01 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-20 06:00:01 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 07:00:01 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

"2008-01-19 05:23:41 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\FnAq3xaE.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 20:26:03

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-20 20:26:20

ComboFix-quarantined-files.txt 2008-01-20 22:26:18

ComboFix2.txt 2008-01-18 01:22:10

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 17:45:00, on 22/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Admin\Meus documentos\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Minha máquina ficou diferente..

porque será ?

está mais lenta :/

as vezes trava e o internet explorer não está funcionando corretamente

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o Painel de Controle > Tarefas agendadas e exclua todas as tarefas;

- No mais, o log está limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz isso Jose,

forte abraço cara, ah outra coisa

eu desativei o lanmanwrk no msconfig, porém ele continua no meu computador né ?

Se você acha necessário, você pode me passar como removo ele ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 02:05:13, on 24/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\autos.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Admin\Meus documentos\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [undefined] C:\WINDOWS\system32\winter.exe

O4 - HKLM\..\Run: [sXe Injected] C:\Arquivos de programas\sXe Injected\sXe Injected.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter3.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Arquivos de programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Admin\CONFIG~1\Temp\winlogon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKCU\..\Run: [undefined] C:\WINDOWS\system32\winter.exe

O4 - Startup: infos.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: autos.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

olha o log ae

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

  1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  2. Tecle Y para que a ferramenta inicie o processo de remoção
  3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  5. Uma janela com o relatório do SDFix irá aparecer.
  6. Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt

- Gere novo log do HijackThis e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hey JoseMelo,

Fiz o que tu me pediu, mas vou te lembrar que eu ativei tudo do msconfig, tirei o relatório e desativei novamente ok ? ..

vamos ao REPORT do SDFix

SDFix: Version 1.131

Run by Admin on qui 24/01/2008 at 20:00

Microsoft Windows XP [versão 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\39.TMP - Deleted

C:\3A.TMP - Deleted

C:\3D.TMP - Deleted

C:\3E.TMP - Deleted

C:\3F.TMP - Deleted

C:\40.TMP - Deleted

C:\41.TMP - Deleted

C:\42.TMP - Deleted

C:\43.TMP - Deleted

C:\44.TMP - Deleted

C:\WINDOWS\system32\svchost.tmp - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\explorer.exe

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-24 20:03:50

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:8c,f8,57,89,f6,0c,74,e0,6a,d6,97,79,bb,89,d7,b4,86,a4,6e,7c,f0,..

"p0"="C:\Arquivos de programas\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,63,ac,39,d8,a8,5e,da,c2,9f,6d,cf,00,95,59,1f,93,c5,..

"khjeh"=hex:d3,22,f5,6b,f9,28,ab,34,79,a8,ee,d7,41,2c,38,3e,bf,9e,36,64,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:a9,95,c0,97,a6,1a,df,43,72,ba,a5,a0,0d,b0,a8,4e,f9,16,af,a1,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:bf,4b,ba,b5,c2,1f,6e,17,55,0d,7d,3c,3b,39,d2,b4,9e,5d,9d,b9,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:c2,14,ce,da,34,f7,d7,6a,96,87,33,54,ac,16,52,a1,de,ce,c4,1d,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:fd,33,ab,81,74,55,6e,9d,e2,78,35,06,3b,d9,1e,9c,48,e9,f2,85,09,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:8c,f8,57,89,f6,0c,74,e0,6a,d6,97,79,bb,89,d7,b4,86,a4,6e,7c,f0,..

"p0"="C:\Arquivos de programas\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,63,ac,39,d8,a8,5e,da,c2,9f,6d,cf,00,95,59,1f,93,c5,..

"khjeh"=hex:d3,22,f5,6b,f9,28,ab,34,79,a8,ee,d7,41,2c,38,3e,bf,9e,36,64,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:a9,95,c0,97,a6,1a,df,43,72,ba,a5,a0,0d,b0,a8,4e,f9,16,af,a1,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:bf,4b,ba,b5,c2,1f,6e,17,55,0d,7d,3c,3b,39,d2,b4,9e,5d,9d,b9,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:c2,14,ce,da,34,f7,d7,6a,96,87,33,54,ac,16,52,a1,de,ce,c4,1d,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:fd,33,ab,81,74,55,6e,9d,e2,78,35,06,3b,d9,1e,9c,48,e9,f2,85,09,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:8c,f8,57,89,f6,0c,74,e0,6a,d6,97,79,bb,89,d7,b4,86,a4,6e,7c,f0,..

"p0"="C:\Arquivos de programas\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,63,ac,39,d8,a8,5e,da,c2,9f,6d,cf,00,95,59,1f,93,c5,..

"khjeh"=hex:d3,22,f5,6b,f9,28,ab,34,79,a8,ee,d7,41,2c,38,3e,bf,9e,36,64,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:a9,95,c0,97,a6,1a,df,43,72,ba,a5,a0,0d,b0,a8,4e,f9,16,af,a1,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:bf,4b,ba,b5,c2,1f,6e,17,55,0d,7d,3c,3b,39,d2,b4,9e,5d,9d,b9,9e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

"khjeh"=hex:c2,14,ce,da,34,f7,d7,6a,96,87,33,54,ac,16,52,a1,de,ce,c4,1d,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

"khjeh"=hex:fd,33,ab,81,74,55,6e,9d,e2,78,35,06,3b,d9,1e,9c,48,e9,f2,85,09,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]

"Directory"="C:\Documents and Settings\Admin\Configura\xe7\x00f5es locais\Temporary Internet Files\Content.IE5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]

"CacheLimit"=dword:00791800

"CachePath"="C:\Documents and Settings\Admin\Configura\xe7\x00f5es locais\Temporary Internet Files\Content.IE5\Cache1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]

"CacheLimit"=dword:00791800

"CachePath"="C:\Documents and Settings\Admin\Configura\xe7\x00f5es locais\Temporary Internet Files\Content.IE5\Cache2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]

"CacheLimit"=dword:00791800

"CachePath"="C:\Documents and Settings\Admin\Configura\xe7\x00f5es locais\Temporary Internet Files\Content.IE5\Cache3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]

"CacheLimit"=dword:00791800

"CachePath"="C:\Documents and Settings\Admin\Configura\xe7\x00f5es locais\Temporary Internet Files\Content.IE5\Cache4"

scanning hidden files ...

C:\WINDOWS\Temp\aswUpdSum.ini

C:\WINDOWS\Temp\_av_proI.tm~a03340

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 4

Remaining Services:

------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:

---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 4 Aug 2004 1,667,584 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"

Mon 26 Nov 2007 444 ...HR --- "C:\Documents and Settings\Admin\Dados de aplicativos\SecuROM\UserData\securom_v7_01.bak"

Fri 9 Sep 2005 4,348 A..H. --- "C:\Documents and Settings\Admin\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1key.bak"

Fri 9 Sep 2005 401 A..H. --- "C:\Documents and Settings\Admin\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1lic.bak"

Mon 29 Aug 2005 312 A.SH. --- "C:\Documents and Settings\Admin\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv2key.bak"

Finished!

HiJackThis --

Logfile of HijackThis v1.99.1

Scan saved at 20:06:44, on 24/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Admin\Meus documentos\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Está dos dois aí !

do Report do SDFix e também do HiJackThis

Abraço cara..

Compartilhar este post


Link para o post
Compartilhar em outros sites

Estão limpos, mas é normal eles continuarem no msconfig desativados ?

mesmo assim aparecem ??

valeu por tudo cara :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se ainda aparecem no msconfig desativados é porque você desativou e nesse caso terá que apagar as entradas no startupreg no registro.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você aconselha eu ativá-los novamente e fazer tudo de novo ?

Se eu ativá-los novamente o vírus volta, eu já testei isso..

Ou senão, como faço para removê-los no startupreg ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o editor de registro e localize:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Apague o startupreg

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×