Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

muhrninho

[Resolvido!] Problema com wmsncs.exe ao iniciar o windows

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

muhrninho    0

muhrninho
Postado

Bom dia,

 

De há uns dias para cá sempre que inicio o windows aparece uma mensagem a dizer que o ficheiro wmsncs.exe não foi encontrado, pesquizei e é um vírus mas tanto o antivirus como o spybot não detectam nada. Em seguida está o meu log do hijackthis.

 

 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:43:18, on 11-10-2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\explorer.exeC:\PROGRA~1\Kanguru\Kanguru.exeC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Programas\COMODO\SafeSurf\cssurf.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\COMODO\Firewall\cfp.exeC:\Programas\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Stardock\ObjectDock\ObjectDock.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exeC:\Programas\MSN Messenger\usnsvc.exeC:\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgrounds.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesF2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe"O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programas\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programas\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~1\Kanguru\Kanguru.exeO4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -rO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -sO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221737038748O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{7C150A96-C5DA-4278-9B31-C3AC5E072FFA}: NameServer = 62.169.67.172 62.169.67.171O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dllO20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeO23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programas\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

muhrninho    0

muhrninho
Postado

Aqui vai o relatório

 

 ComboFix 08-10-11.01 - mi_ 2008-10-11 21:43:12.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.2070.18.1525 [GMT 1:00]Executando de: C:\Documents and Settings\mi_\Ambiente de trabalho\ComboFix.exe * Criado um novo ponto de restauro[COLOR=RED][B]ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR].(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\h@tkeysh@@k.dllC:\WINDOWS\system32\wmsoft63114.exe.((((((((((((((((   Arquivos/Ficheiros criados de 2008-09-11 to 2008-10-11  )))))))))))))))))))))))))))).2008-10-11 17:58 . 2008-10-11 17:59	<DIR>	d--h-----	C:\Programas\Lphant2008-10-11 11:18 . 2008-10-11 11:42	<DIR>	d--------	C:\Programas\ScanSpyware v3.82008-10-10 00:23 . 2008-10-10 00:23	<DIR>	d--------	C:\Programas\MSXML 4.02008-10-09 00:19 . 2008-10-09 11:47	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Nero2008-10-09 00:08 . 2008-10-09 00:08	4,767	--a------	C:\WINDOWS\Irremote.ini2008-10-09 00:06 . 2008-10-09 00:06	<DIR>	d--------	C:\Programas\Windows Sidebar2008-10-08 23:56 . 2008-10-09 00:07	<DIR>	d--------	C:\Programas\Nero2008-10-08 23:55 . 2008-10-09 00:18	<DIR>	d--------	C:\Programas\Ficheiros comuns\Nero2008-10-08 23:55 . 2008-10-09 00:02	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Nero2008-10-06 23:57 . 2008-10-06 23:57	529	--a------	C:\WINDOWS\[u]0[/u]2008-10-06 23:57 . 2008-10-06 23:57	82	--a------	C:\WINDOWS\999992008-10-06 23:56 . 2008-10-06 23:56	<DIR>	d--------	C:\Programas\Oak Systems2008-10-04 12:00 . 2008-10-05 13:38	<DIR>	d--------	C:\Documents and Settings\mi_\Phone Browser2008-10-04 12:00 . 2008-10-04 12:00	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Nokia Multimedia Player2008-10-04 12:00 . 2008-10-05 13:38	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Datalayer2008-10-04 11:58 . 2008-10-04 11:58	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Nokia2008-10-04 11:20 . 2008-10-04 11:20	554	--a------	C:\WINDOWS\eReg.dat2008-10-04 11:03 . 2008-10-04 11:03	<DIR>	d--------	C:\Programas\Maxis2008-10-03 11:53 . 2008-10-03 11:53	<DIR>	d--------	C:\Programas\SystemRequirementsLab2008-10-01 12:24 . 2008-10-01 12:41	<DIR>	d--------	C:\Programas\Spybot - Search & Destroy2008-10-01 12:24 . 2008-10-01 12:41	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-09-30 18:51 . 2008-09-30 18:51	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Toribash2008-09-30 18:38 . 2008-09-30 18:38	<DIR>	d--------	C:\Games2008-09-30 10:35 . 2008-10-11 11:43	<DIR>	d--------	C:\HiJackThis2008-09-28 13:35 . 2008-09-28 23:13	<DIR>	d--------	C:\Programas\Radical Games2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Programas\SUPERAntiSpyware2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Programas\Ficheiros comuns\Wise Installation Wizard2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\SUPERAntiSpyware.com2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com2008-09-25 12:02 . 2008-09-25 12:03	<DIR>	d--------	C:\Programas\SpywareBlaster2008-09-25 12:02 . 2008-09-27 10:53	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP2008-09-22 23:26 . 2008-09-22 23:27	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-09-21 12:13 . 2008-10-07 11:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WinZip2008-09-20 11:11 . 2008-09-20 11:11	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\SPORE2008-09-19 23:10 . 2008-09-19 23:10	<DIR>	d--------	C:\Programas\Electronic Arts2008-09-19 18:32 . 2008-09-19 18:32	<DIR>	d--------	C:\Programas\MSBuild2008-09-19 18:32 . 2008-09-19 18:32	<DIR>	d--------	C:\Programas\Microsoft Works2008-09-19 18:32 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-09-19 18:27 . 2008-09-19 18:31	<DIR>	d--------	C:\WINDOWS\SHELLNEW2008-09-19 18:27 . 2008-09-19 18:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-09-19 18:26 . 2008-09-19 18:26	<DIR>	dr-h-----	C:\MSOCache2008-09-19 13:07 . 2008-09-19 13:07	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Media Player Classic2008-09-19 13:06 . 2008-09-19 13:06	<DIR>	d--------	C:\Programas\K-Lite Codec Pack2008-09-19 12:48 . 2008-09-19 12:48	<DIR>	d--------	C:\Programas\NOS2008-09-19 12:48 . 2008-09-19 12:51	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\NOS2008-09-19 11:14 . 2008-09-19 11:14	<DIR>	d--------	C:\Programas\Ficheiros comuns\Adobe AIR2008-09-19 11:13 . 2008-09-19 11:13	<DIR>	d--------	C:\Programas\Ficheiros comuns\Adobe2008-09-19 00:29 . 2008-09-19 00:29	<DIR>	d--------	C:\WINDOWS\l2schemas2008-09-19 00:10 . 2007-08-13 18:54	33,792	--a--c---	C:\WINDOWS\system32\dllcache\custsat.dll2008-09-18 23:55 . 2008-04-14 17:09	651,264	---------	C:\WINDOWS\system32\dot3ui.dll2008-09-18 23:33 . 2008-06-14 18:33	272,640	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-09-18 23:32 . 2008-05-08 15:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-09-18 23:31 . 2008-04-11 20:05	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll2008-09-18 23:31 . 2008-05-01 15:35	331,776	-----c---	C:\WINDOWS\system32\dllcache\msadce.dll2008-09-18 23:05 . 2008-09-18 23:05	<DIR>	d--------	C:\Programas\COMODO2008-09-18 23:05 . 2008-09-18 23:05	<DIR>	d--------	C:\Programas\AskSBar2008-09-18 23:05 . 2008-09-18 23:05	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Comodo2008-09-18 23:05 . 2008-09-18 23:26	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\comodo2008-09-18 23:05 . 2008-09-18 23:05	249,592	--a------	C:\WINDOWS\system32\cssdll32.dll2008-09-18 23:05 . 2008-09-18 23:05	143,104	--a------	C:\WINDOWS\system32\guard32.dll2008-09-18 23:05 . 2008-09-18 23:05	87,056	--a------	C:\WINDOWS\system32\drivers\cmdguard.sys2008-09-18 23:05 . 2008-09-18 23:05	24,208	--a------	C:\WINDOWS\system32\drivers\cmdhlp.sys2008-09-18 23:00 . 2008-09-19 10:53	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-09-18 21:53 . 2008-09-18 21:53	<DIR>	d--------	C:\Programas\KONAMI2008-09-18 21:46 . 2008-09-18 21:46	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ubisoft2008-09-18 21:44 . 2008-09-18 21:44	2,337,865	--a------	C:\WINDOWS\system32\pbsvc.exe2008-09-18 21:44 . 2008-09-18 21:44	107,832	--a------	C:\WINDOWS\system32\PnkBstrB.exe2008-09-18 21:44 . 2008-09-18 21:44	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe2008-09-18 21:44 . 2008-09-18 21:44	22,328	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-09-18 21:44 . 2008-09-18 21:44	22,328	--a------	C:\Documents and Settings\mi_\Application Data\PnkBstrK.sys2008-09-18 21:34 . 2008-09-18 21:34	<DIR>	d--------	C:\Programas\Ubisoft2008-09-18 18:37 . 2008-09-18 18:37	<DIR>	d--------	C:\Programas\DIFX2008-09-18 18:36 . 2008-09-18 18:36	<DIR>	d--------	C:\Programas\Nokia2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Programas\Ficheiros comuns\PCSuite2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Programas\Ficheiros comuns\Nokia2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\PC Suite2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\PC Suite2008-09-18 18:36 . 2008-09-18 18:36	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Downloaded Installations2008-09-18 18:36 . 2006-05-29 08:26	127,488	--a------	C:\WINDOWS\system32\drivers\nmwcd.sys2008-09-18 18:36 . 2006-05-29 08:26	50,688	--a------	C:\WINDOWS\system32\nmwcdcls.dll2008-09-18 18:36 . 2006-05-29 08:26	30,720	--a------	C:\WINDOWS\system32\nmwcdcocls.dll2008-09-18 18:36 . 2006-05-29 08:26	13,312	--a------	C:\WINDOWS\system32\drivers\nmwcdcm.sys2008-09-18 18:36 . 2006-05-29 08:26	13,312	--a------	C:\WINDOWS\system32\drivers\nmwcdcj.sys2008-09-18 18:36 . 2006-05-29 08:26	8,704	--a------	C:\WINDOWS\system32\drivers\nmwcdc.sys2008-09-18 18:36 . 2006-05-29 08:26	4,608	--a------	C:\WINDOWS\system32\nmwcdlog.dll2008-09-18 18:28 . 2008-09-18 18:28	<DIR>	d--------	C:\Programas\Windows Media Connect 22008-09-18 18:27 . 2008-09-18 21:44	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-09-18 18:27 . 2008-09-18 18:27	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF2008-09-18 14:49 . 2008-10-01 22:31	<DIR>	d--------	C:\Documents and Settings\mi_\Contacts2008-09-18 14:46 . 2008-09-18 14:46	0	--a------	C:\WINDOWS\nsreg.dat2008-09-18 14:36 . 2008-09-18 14:36	<DIR>	d--------	C:\Programas\Stardock2008-09-18 14:36 . 2008-09-18 14:36	<DIR>	d--------	C:\Programas\Lavalys2008-09-18 14:36 . 2008-09-18 14:36	<DIR>	d--------	C:\Programas\Ficheiros comuns\Stardock2008-09-18 14:35 . 2008-09-18 14:35	<DIR>	d--------	C:\Programas\Google2008-09-18 14:34 . 2008-10-11 17:15	<DIR>	d--------	C:\Programas\eMule2008-09-18 14:34 . 2008-09-18 14:34	<DIR>	d--------	C:\Programas\CCleaner2008-09-18 14:33 . 2008-09-18 14:33	<DIR>	d--------	C:\WINDOWS\PrimoPDF2008-09-18 14:33 . 2008-09-18 14:33	<DIR>	d--------	C:\Programas\activePDF2008-09-18 14:33 . 2006-12-11 21:12	176,235	--a------	C:\WINDOWS\system32\Primomonnt.dll2008-09-18 14:31 . 2008-09-19 00:49	<DIR>	d--------	C:\Programas\MSN Messenger2008-09-18 14:27 . 2008-09-18 14:27	<DIR>	d--------	C:\Programas\Alwil Software2008-09-18 14:27 . 2003-03-18 21:20	1,060,864	--a------	C:\WINDOWS\system32\MFC71.dll2008-09-18 14:27 . 2003-03-18 20:14	499,712	--a------	C:\WINDOWS\system32\MSVCP71.dll2008-09-18 14:27 . 2003-02-21 04:42	348,160	--a------	C:\WINDOWS\system32\MSVCR71.dll2008-09-18 14:02 . 2008-09-18 14:02	<DIR>	d--------	C:\WINDOWS\nview2008-09-18 14:02 . 2008-05-16 14:01	446,464	--a------	C:\WINDOWS\system32\nvudisp.exe2008-09-18 14:02 . 2008-10-11 21:50	186,824	--a------	C:\WINDOWS\system32\nvapps.xml2008-09-18 14:02 . 2008-05-16 14:01	18,070	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-09-18 14:01 . 2008-09-18 14:01	<DIR>	d--------	C:\NVIDIA2008-09-18 14:01 . 2008-05-16 11:48	446,464	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-09-18 13:41 . 2008-09-18 13:41	664	--a------	C:\WINDOWS\system32\d3d9caps.dat2008-09-18 13:41 . 2008-09-18 13:41	552	--a------	C:\WINDOWS\system32\d3d8caps.dat2008-09-18 13:29 . 2008-09-18 13:29	<DIR>	d--------	C:\Programas\ASUS2008-09-18 13:29 . 2008-09-18 13:29	<DIR>	d--------	C:\Program Files2008-09-18 13:29 . 2006-01-10 09:50	24,576	-ra------	C:\WINDOWS\system32\AsIO.dll2008-09-18 13:29 . 2007-12-17 10:14	12,400	-ra------	C:\WINDOWS\system32\drivers\AsIO.sys2008-09-18 13:29 . 2008-01-04 13:34	11,832	--a------	C:\WINDOWS\system32\drivers\AsInsHelp64.sys2008-09-18 13:29 . 2008-01-04 13:34	10,216	--a------	C:\WINDOWS\system32\drivers\AsInsHelp32.sys2008-09-18 13:29 . 2008-09-18 13:29	670	--a------	C:\WINDOWS\setup.iss2008-09-18 13:27 . 2008-09-18 13:27	<DIR>	d--------	C:\Programas\Marvell2008-09-18 13:26 . 2008-09-18 13:26	<DIR>	d--------	C:\WINDOWS\system32\Atheros_L1e2008-09-18 13:26 . 2008-02-02 16:54	36,864	-ra------	C:\WINDOWS\system32\drivers\l1e51x86.sys2008-09-18 13:25 . 2008-09-18 13:25	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-09-18 13:25 . 2008-09-18 13:25	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-09-18 13:25 . 2008-09-18 13:25	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-11 18:17	2,983	----a-w	C:\WINDOWS\E220AutoRunLog.tmp2008-09-30 23:00	---------	d-----w	C:\Programas\Kanguru2008-09-18 12:16	315,392	----a-w	C:\WINDOWS\HideWin.exe2008-09-18 10:54	---------	d-----w	C:\Programas\microsoft frontpage2008-09-18 10:51	---------	d-----w	C:\Programas\Serviços online2008-07-25 08:34	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll2008-07-25 08:34	683,520	----a-w	C:\WINDOWS\system32\divx.dll2008-07-23 16:50	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll2008-07-18 21:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll2008-07-18 21:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe2008-07-18 21:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll2008-07-18 21:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll2008-07-18 21:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll2008-07-18 21:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll2008-07-18 21:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll2008-07-18 21:08	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll2006-06-24 06:48	32,768	----a-r	C:\WINDOWS\inf\UpdateUSB.exe.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas.REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HUAWEI E620 Data Card"="C:\PROGRA~1\Kanguru\Kanguru.exe" [2006-10-06 679936]"Six Engine"="C:\Program Files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]"COMODO SafeSurf"="C:\Programas\COMODO\SafeSurf\cssurf.exe" [2008-09-18 278264]"COMODO Firewall Pro"="C:\Programas\COMODO\Firewall\cfp.exe" [2008-09-18 1655552]"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]C:\Documents and Settings\mi_\Menu Iniciar\Programas\Arranque\Stardock ObjectDock.lnk - C:\Programas\Stardock\ObjectDock\ObjectDock.exe [2008-09-18 3450608][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-07-23 16:28 352256 C:\Programas\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001"AntiVirusDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="wmsncs.exe"= wmsncs.exe:SYSTEM"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\Programas\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="C:\\Programas\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Programas\\MSN Messenger\\msnmsgr.exe"="C:\\Programas\\MSN Messenger\\livecall.exe"="C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programas\\Lphant\\eLePhantClient.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8080:TCP"= 8080:TCP:PORT1"8081:TCP"= 8081:TCP:PORT2"1013:TCP"= 1013:TCP:BS"4799:TCP"= 4799:TCP:FD"1288:TCP"= 1288:TCP:FD"3232:TCP"= 3232:TCP:FDR0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-06-10 150568]R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-18 87056]R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-18 24208]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programas\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]\Shell\AutoRun\command - E:\AutoRun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46b74041-8577-11dd-ab36-806d6172696f}]\Shell\AutoRun\command - D:\.\Bin\ASSETUP.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc4c3ec-8570-11dd-ab38-b175dc5697dc}]\Shell\AutoRun\command - E:\AutoRun.exe..------- Scan Suplementar -------.FireFox -: Profile - C:\Documents and Settings\mi_\Application Data\Mozilla\Firefox\Profiles\suyxigjp.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.newgrounds.com/FF -: plugin - C:\Documents and Settings\mi_\Application Data\Mozilla\Firefox\Profiles\suyxigjp.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dllFF -: plugin - C:\Programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF -: plugin - C:\Programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF -: plugin - C:\Programas\Mozilla Firefox\plugins\np_gp.dllFF -: plugin - C:\Programas\Mozilla Firefox\plugins\NPAskSBr.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-11 21:49:55Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros/arquivos ocultos ...Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.------------------------ Outros Processos em Execução ------------------------.C:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\rundll32.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\wscntfy.exe.**************************************************************************.Tempo para conclusão: 2008-10-11 21:52:04 - Máquina reiniciouComboFix-quarantined-files.txt  2008-10-11 20:52:01Pré-execução: 76.873.805.824 bytes livresPós execução: 76,844,843,008 bytes livres272	--- E O F ---	2008-10-09 23:23:26

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\eReg.dat

C:\WINDOWS\nsreg.dat

E:\AutoRun.exe

D:\.\Bin\ASSETUP.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46b74041-8577-11dd-ab36-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc4c3ec-8570-11dd-ab38-b175dc5697dc}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post

Link para o post
Compartilhar em outros sites

muhrninho    0

muhrninho
Postado

Em seguida vão os logs do combofix e do hijackthis:

 

nota: desde que usei o combofix pela 1ª vez que não recebo mais a mensagem que recebia de inicio.

 

Log do Combofix:

 

 ComboFix 08-10-11.01 - mi_ 2008-10-12 11:34:10.2 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.2070.18.1602 [GMT 1:00]Executando de: C:\Documents and Settings\mi_\Ambiente de trabalho\ComboFix.exeComandos utilizados :: C:\Documents and Settings\mi_\Ambiente de trabalho\CFScript.txt * Criado um novo ponto de restauro[COLOR=RED][B]ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR]FILE ::C:\WINDOWS\eReg.datC:\WINDOWS\nsreg.datD:\.\Bin\ASSETUP.exeE:\AutoRun.exe.(((((((((((((((((((((((((((((((((((((   Outras Exclusões   ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\eReg.datC:\WINDOWS\nsreg.dat.((((((((((((((((   Arquivos/Ficheiros criados de 2008-09-12 to 2008-10-12  )))))))))))))))))))))))))))).2008-10-11 17:58 . 2008-10-11 17:59	<DIR>	d--h-----	C:\Programas\Lphant2008-10-11 11:18 . 2008-10-11 11:42	<DIR>	d--------	C:\Programas\ScanSpyware v3.82008-10-10 00:23 . 2008-10-10 00:23	<DIR>	d--------	C:\Programas\MSXML 4.02008-10-09 00:19 . 2008-10-09 11:47	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Nero2008-10-09 00:08 . 2008-10-09 00:08	4,767	--a------	C:\WINDOWS\Irremote.ini2008-10-09 00:06 . 2008-10-09 00:06	<DIR>	d--------	C:\Programas\Windows Sidebar2008-10-08 23:56 . 2008-10-09 00:07	<DIR>	d--------	C:\Programas\Nero2008-10-08 23:55 . 2008-10-09 00:18	<DIR>	d--------	C:\Programas\Ficheiros comuns\Nero2008-10-08 23:55 . 2008-10-09 00:02	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Nero2008-10-06 23:57 . 2008-10-06 23:57	529	--a------	C:\WINDOWS\[u]0[/u]2008-10-06 23:57 . 2008-10-06 23:57	82	--a------	C:\WINDOWS\999992008-10-06 23:56 . 2008-10-06 23:56	<DIR>	d--------	C:\Programas\Oak Systems2008-10-04 12:00 . 2008-10-05 13:38	<DIR>	d--------	C:\Documents and Settings\mi_\Phone Browser2008-10-04 12:00 . 2008-10-04 12:00	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Nokia Multimedia Player2008-10-04 12:00 . 2008-10-05 13:38	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Datalayer2008-10-04 11:58 . 2008-10-04 11:58	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Nokia2008-10-04 11:03 . 2008-10-04 11:03	<DIR>	d--------	C:\Programas\Maxis2008-10-03 11:53 . 2008-10-03 11:53	<DIR>	d--------	C:\Programas\SystemRequirementsLab2008-10-01 12:24 . 2008-10-01 12:41	<DIR>	d--------	C:\Programas\Spybot - Search & Destroy2008-10-01 12:24 . 2008-10-01 12:41	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-09-30 18:51 . 2008-09-30 18:51	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Toribash2008-09-30 18:38 . 2008-09-30 18:38	<DIR>	d--------	C:\Games2008-09-30 10:35 . 2008-10-11 11:43	<DIR>	d--------	C:\HiJackThis2008-09-28 13:35 . 2008-09-28 23:13	<DIR>	d--------	C:\Programas\Radical Games2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Programas\SUPERAntiSpyware2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Programas\Ficheiros comuns\Wise Installation Wizard2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\SUPERAntiSpyware.com2008-09-25 21:28 . 2008-09-25 21:28	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com2008-09-25 12:02 . 2008-09-25 12:03	<DIR>	d--------	C:\Programas\SpywareBlaster2008-09-25 12:02 . 2008-09-27 10:53	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP2008-09-22 23:26 . 2008-09-22 23:27	<DIR>	d--------	C:\WINDOWS\system32\Adobe2008-09-21 12:13 . 2008-10-07 11:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WinZip2008-09-20 11:11 . 2008-09-20 11:11	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\SPORE2008-09-19 23:10 . 2008-09-19 23:10	<DIR>	d--------	C:\Programas\Electronic Arts2008-09-19 18:32 . 2008-09-19 18:32	<DIR>	d--------	C:\Programas\MSBuild2008-09-19 18:32 . 2008-09-19 18:32	<DIR>	d--------	C:\Programas\Microsoft Works2008-09-19 18:32 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-09-19 18:27 . 2008-09-19 18:31	<DIR>	d--------	C:\WINDOWS\SHELLNEW2008-09-19 18:27 . 2008-09-19 18:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-09-19 18:26 . 2008-09-19 18:26	<DIR>	dr-h-----	C:\MSOCache2008-09-19 13:07 . 2008-09-19 13:07	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Media Player Classic2008-09-19 13:06 . 2008-09-19 13:06	<DIR>	d--------	C:\Programas\K-Lite Codec Pack2008-09-19 12:48 . 2008-09-19 12:48	<DIR>	d--------	C:\Programas\NOS2008-09-19 12:48 . 2008-09-19 12:51	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\NOS2008-09-19 11:14 . 2008-09-19 11:14	<DIR>	d--------	C:\Programas\Ficheiros comuns\Adobe AIR2008-09-19 11:13 . 2008-09-19 11:13	<DIR>	d--------	C:\Programas\Ficheiros comuns\Adobe2008-09-19 00:29 . 2008-09-19 00:29	<DIR>	d--------	C:\WINDOWS\l2schemas2008-09-19 00:10 . 2007-08-13 18:54	33,792	--a--c---	C:\WINDOWS\system32\dllcache\custsat.dll2008-09-18 23:55 . 2008-04-14 17:09	651,264	---------	C:\WINDOWS\system32\dot3ui.dll2008-09-18 23:33 . 2008-06-14 18:33	272,640	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-09-18 23:32 . 2008-05-08 15:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-09-18 23:31 . 2008-04-11 20:05	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll2008-09-18 23:31 . 2008-05-01 15:35	331,776	-----c---	C:\WINDOWS\system32\dllcache\msadce.dll2008-09-18 23:05 . 2008-09-18 23:05	<DIR>	d--------	C:\Programas\COMODO2008-09-18 23:05 . 2008-09-18 23:05	<DIR>	d--------	C:\Programas\AskSBar2008-09-18 23:05 . 2008-09-18 23:05	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\Comodo2008-09-18 23:05 . 2008-09-18 23:26	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\comodo2008-09-18 23:05 . 2008-09-18 23:05	249,592	--a------	C:\WINDOWS\system32\cssdll32.dll2008-09-18 23:05 . 2008-09-18 23:05	143,104	--a------	C:\WINDOWS\system32\guard32.dll2008-09-18 23:05 . 2008-09-18 23:05	87,056	--a------	C:\WINDOWS\system32\drivers\cmdguard.sys2008-09-18 23:05 . 2008-09-18 23:05	24,208	--a------	C:\WINDOWS\system32\drivers\cmdhlp.sys2008-09-18 23:00 . 2008-09-19 10:53	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-09-18 21:53 . 2008-09-18 21:53	<DIR>	d--------	C:\Programas\KONAMI2008-09-18 21:46 . 2008-09-18 21:46	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ubisoft2008-09-18 21:44 . 2008-09-18 21:44	2,337,865	--a------	C:\WINDOWS\system32\pbsvc.exe2008-09-18 21:44 . 2008-09-18 21:44	107,832	--a------	C:\WINDOWS\system32\PnkBstrB.exe2008-09-18 21:44 . 2008-09-18 21:44	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe2008-09-18 21:44 . 2008-09-18 21:44	22,328	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-09-18 21:44 . 2008-09-18 21:44	22,328	--a------	C:\Documents and Settings\mi_\Application Data\PnkBstrK.sys2008-09-18 21:34 . 2008-09-18 21:34	<DIR>	d--------	C:\Programas\Ubisoft2008-09-18 18:37 . 2008-09-18 18:37	<DIR>	d--------	C:\Programas\DIFX2008-09-18 18:36 . 2008-09-18 18:36	<DIR>	d--------	C:\Programas\Nokia2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Programas\Ficheiros comuns\PCSuite2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Programas\Ficheiros comuns\Nokia2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Documents and Settings\mi_\Application Data\PC Suite2008-09-18 18:36 . 2008-09-18 18:37	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\PC Suite2008-09-18 18:36 . 2008-09-18 18:36	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Downloaded Installations2008-09-18 18:36 . 2006-05-29 08:26	127,488	--a------	C:\WINDOWS\system32\drivers\nmwcd.sys2008-09-18 18:36 . 2006-05-29 08:26	50,688	--a------	C:\WINDOWS\system32\nmwcdcls.dll2008-09-18 18:36 . 2006-05-29 08:26	30,720	--a------	C:\WINDOWS\system32\nmwcdcocls.dll2008-09-18 18:36 . 2006-05-29 08:26	13,312	--a------	C:\WINDOWS\system32\drivers\nmwcdcm.sys2008-09-18 18:36 . 2006-05-29 08:26	13,312	--a------	C:\WINDOWS\system32\drivers\nmwcdcj.sys2008-09-18 18:36 . 2006-05-29 08:26	8,704	--a------	C:\WINDOWS\system32\drivers\nmwcdc.sys2008-09-18 18:36 . 2006-05-29 08:26	4,608	--a------	C:\WINDOWS\system32\nmwcdlog.dll2008-09-18 18:28 . 2008-09-18 18:28	<DIR>	d--------	C:\Programas\Windows Media Connect 22008-09-18 18:27 . 2008-09-18 21:44	<DIR>	d--------	C:\WINDOWS\system32\LogFiles2008-09-18 18:27 . 2008-09-18 18:27	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF2008-09-18 14:49 . 2008-10-01 22:31	<DIR>	d--------	C:\Documents and Settings\mi_\Contacts2008-09-18 14:36 . 2008-09-18 14:36	<DIR>	d--------	C:\Programas\Stardock2008-09-18 14:36 . 2008-09-18 14:36	<DIR>	d--------	C:\Programas\Lavalys2008-09-18 14:36 . 2008-09-18 14:36	<DIR>	d--------	C:\Programas\Ficheiros comuns\Stardock2008-09-18 14:35 . 2008-09-18 14:35	<DIR>	d--------	C:\Programas\Google2008-09-18 14:34 . 2008-10-11 17:15	<DIR>	d--------	C:\Programas\eMule2008-09-18 14:34 . 2008-09-18 14:34	<DIR>	d--------	C:\Programas\CCleaner2008-09-18 14:33 . 2008-09-18 14:33	<DIR>	d--------	C:\WINDOWS\PrimoPDF2008-09-18 14:33 . 2008-09-18 14:33	<DIR>	d--------	C:\Programas\activePDF2008-09-18 14:33 . 2006-12-11 21:12	176,235	--a------	C:\WINDOWS\system32\Primomonnt.dll2008-09-18 14:31 . 2008-09-19 00:49	<DIR>	d--------	C:\Programas\MSN Messenger2008-09-18 14:27 . 2008-09-18 14:27	<DIR>	d--------	C:\Programas\Alwil Software2008-09-18 14:27 . 2003-03-18 21:20	1,060,864	--a------	C:\WINDOWS\system32\MFC71.dll2008-09-18 14:27 . 2003-03-18 20:14	499,712	--a------	C:\WINDOWS\system32\MSVCP71.dll2008-09-18 14:27 . 2003-02-21 04:42	348,160	--a------	C:\WINDOWS\system32\MSVCR71.dll2008-09-18 14:02 . 2008-09-18 14:02	<DIR>	d--------	C:\WINDOWS\nview2008-09-18 14:02 . 2008-05-16 14:01	446,464	--a------	C:\WINDOWS\system32\nvudisp.exe2008-09-18 14:02 . 2008-10-12 11:16	186,824	--a------	C:\WINDOWS\system32\nvapps.xml2008-09-18 14:02 . 2008-05-16 14:01	18,070	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-09-18 14:01 . 2008-09-18 14:01	<DIR>	d--------	C:\NVIDIA2008-09-18 14:01 . 2008-05-16 11:48	446,464	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-09-18 13:41 . 2008-09-18 13:41	664	--a------	C:\WINDOWS\system32\d3d9caps.dat2008-09-18 13:41 . 2008-09-18 13:41	552	--a------	C:\WINDOWS\system32\d3d8caps.dat2008-09-18 13:29 . 2008-09-18 13:29	<DIR>	d--------	C:\Programas\ASUS2008-09-18 13:29 . 2008-09-18 13:29	<DIR>	d--------	C:\Program Files2008-09-18 13:29 . 2006-01-10 09:50	24,576	-ra------	C:\WINDOWS\system32\AsIO.dll2008-09-18 13:29 . 2007-12-17 10:14	12,400	-ra------	C:\WINDOWS\system32\drivers\AsIO.sys2008-09-18 13:29 . 2008-01-04 13:34	11,832	--a------	C:\WINDOWS\system32\drivers\AsInsHelp64.sys2008-09-18 13:29 . 2008-01-04 13:34	10,216	--a------	C:\WINDOWS\system32\drivers\AsInsHelp32.sys2008-09-18 13:29 . 2008-09-18 13:29	670	--a------	C:\WINDOWS\setup.iss2008-09-18 13:27 . 2008-09-18 13:27	<DIR>	d--------	C:\Programas\Marvell2008-09-18 13:26 . 2008-09-18 13:26	<DIR>	d--------	C:\WINDOWS\system32\Atheros_L1e2008-09-18 13:26 . 2008-02-02 16:54	36,864	-ra------	C:\WINDOWS\system32\drivers\l1e51x86.sys2008-09-18 13:25 . 2008-09-18 13:25	<DIR>	d--------	C:\WINDOWS\system32\Lang2008-09-18 13:25 . 2008-09-18 13:25	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav2008-09-18 13:25 . 2008-09-18 13:25	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav2008-09-18 13:16 . 2008-09-18 13:16	<DIR>	d--------	C:\Programas\Realtek2008-09-18 13:16 . 2008-09-28 13:52	<DIR>	d--h-----	C:\Programas\InstallShield Installation Information.(((((((((((((((((((((((((((((((((((((   Relatório Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-11 18:17	2,983	----a-w	C:\WINDOWS\E220AutoRunLog.tmp2008-09-30 23:00	---------	d-----w	C:\Programas\Kanguru2008-09-18 12:16	315,392	----a-w	C:\WINDOWS\HideWin.exe2008-09-18 10:54	---------	d-----w	C:\Programas\microsoft frontpage2008-09-18 10:51	---------	d-----w	C:\Programas\Serviços online2008-07-25 08:34	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll2008-07-25 08:34	683,520	----a-w	C:\WINDOWS\system32\divx.dll2008-07-23 16:50	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll2008-07-18 21:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll2008-07-18 21:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe2008-07-18 21:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll2008-07-18 21:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll2008-07-18 21:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll2008-07-18 21:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll2008-07-18 21:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll2008-07-18 21:08	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll2006-06-24 06:48	32,768	----a-r	C:\WINDOWS\inf\UpdateUSB.exe.(((((((((((((((((((((((((((((   snapshot@2008-10-11_21.51.48.10   ))))))))))))))))))))))))))))))))))))))))).+ 2008-10-12 10:16:52	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_480.dat.((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))..*Nota* entradas vazias e legítimas por defeito não são mostradas.REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HUAWEI E620 Data Card"="C:\PROGRA~1\Kanguru\Kanguru.exe" [2006-10-06 679936]"Six Engine"="C:\Program Files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]"COMODO SafeSurf"="C:\Programas\COMODO\SafeSurf\cssurf.exe" [2008-09-18 278264]"COMODO Firewall Pro"="C:\Programas\COMODO\Firewall\cfp.exe" [2008-09-18 1655552]"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]C:\Documents and Settings\mi_\Menu Iniciar\Programas\Arranque\Stardock ObjectDock.lnk - C:\Programas\Stardock\ObjectDock\ObjectDock.exe [2008-09-18 3450608][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-07-23 16:28 352256 C:\Programas\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001"AntiVirusDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="wmsncs.exe"= wmsncs.exe:SYSTEM"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\Programas\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="C:\\Programas\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Programas\\MSN Messenger\\msnmsgr.exe"="C:\\Programas\\MSN Messenger\\livecall.exe"="C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programas\\Lphant\\eLePhantClient.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8080:TCP"= 8080:TCP:PORT1"8081:TCP"= 8081:TCP:PORT2"1013:TCP"= 1013:TCP:BS"4799:TCP"= 4799:TCP:FD"1288:TCP"= 1288:TCP:FD"3232:TCP"= 3232:TCP:FDR0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-06-10 150568]R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-18 87056]R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-18 24208]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programas\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-12 11:38:54Windows 5.1.2600 Service Pack 3 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros/arquivos ocultos ...Varredura completada com sucessoarquivos/ficheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2008-10-12 11:39:35ComboFix-quarantined-files.txt  2008-10-12 10:39:32ComboFix2.txt  2008-10-11 20:52:05Pré-execução: 77.597.163.520 bytes livresPós execução: 77,582,479,360 bytes livres250	--- E O F ---	2008-10-09 23:23:26

 

Log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:48:45, on 12-10-2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Programas\COMODO\SafeSurf\cssurf.exeC:\Programas\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\COMODO\Firewall\cmdagent.exeC:\Programas\Stardock\ObjectDock\ObjectDock.exeC:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Programas\Alwil Software\Avast4\ashMaiSv.exeC:\Programas\Alwil Software\Avast4\ashWebSv.exeC:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exeC:\Programas\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\explorer.exeC:\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgrounds.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programas\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programas\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [HUAWEI E620 Data Card] C:\PROGRA~1\Kanguru\Kanguru.exeO4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -rO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Programas\COMODO\SafeSurf\cssurf.exe" -sO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221737038748O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programas\COMODO\Firewall\cmdagent.exeO23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programas\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programas\Ficheiros comuns\Nero\Nero BackItUp 4\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe--End of file - 7022 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado
Muito obrigado pela paciência! :worship:

Afinal o que é que se passava?

 

 

Virus em Pen drive

 

- Se você usa algum pen drive, mp3 ou mp4 aconselho a formata para que não ocorra uma nova reinfecção;

 

Abs

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito