[Resolvido!] fui vitima de falsificação de software

[nina_michely 0]

Usei desta vez o "mal do click"...

e com isso acabei baixando um "troço" para meu pc...

que desconfigurou minha impressora... deuxou meu oc mas lento e minha área de trabalho toda preta

segue analise de log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:56:46, on 16/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\Hpqdirec.exe

C:\WINDOWS\hh.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do PMB.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: UpTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E}: NameServer = 200.142.130.202 200.220.254.43

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 5410 bytes

[nina_michely 0]

Boa noite... confesso que não entendo muito dos termos usados aqui...

mas... gostaria de saber o por que da retirada da palvra HELP!

Minha net, ficou super lenta, não consigo abrir alguns sites...

COMO BOL.. HOTMAIL...meu PC NÃO reconhece mas a impressora e minha área de trabalho esta toda preta..

tento colocar um papel de parete... mas volta ficar preto de novo

Grata, pela atenção

[DigRam 144]

Boa noite... confesso que não entendo muito dos termos usados aqui...

mas... gostaria de saber o por que da retirada da palvra HELP!

Minha net, ficou super lenta, não consigo abrir alguns sites...

COMO BOL.. HOTMAIL...meu PC NÃO reconhece mas a impressora e minha área de trabalho esta toda preta..

tento colocar um papel de parete... mas volta ficar preto de novo

Grata, pela atenção

//////////////\\\\\\\\\\\\\\\

Bom Dia! nina michely

 

09ª Regra: < http://forum.imasters.com.br/index.php?app=core&module=help&do=01&HID=37 >

 

<!> É proibido a abertura de tópicos com títulos:

 

"ME AJUDE"

"PELO AMOR DE DEUS"

"ESTOU DESESPERADO"

"URGENTE"

"SOCORRO"

"HELP"

"PEDIDO"

"IMPLORO"

"PLEASE"

"DUVIDA"

"ATENÇÃO!

 

<!> Ou qualquer coisa similar!

<!> Caixa Alta (todas as letras em maiúsculas),estão proibidas no titulo ou corpo do tópico/post.

<!> Ps: Utilizem títulos curtos e claros,que condizem com sua dúvida.

<!> Ps: A não observância desta regra,terá como efeito a edição dos títulos,tópicos/posts e advertencia ao Membro por MP.

<!> Atentou a razão da edição de seu título ou descrição?

ºººººººººººººººººººººº

ºººººººººººººººººººººº

<@> Baixe: < > Link!

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2010-xx-xx (00-00-00).txt

ºººººººººººººººººººººº

ºººººººººººººººººººººº

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[nina_michely 0]

Boa-noite...

Esta dando erro ao tentar baixar o malware...

os demais demorou em média 09 horas baixando... mas não concluí...

e percebi que agora ... não abre de forma nenhuma o MSN

[DigRam 144]

Boa-noite...

Esta dando erro ao tentar baixar o malware...

os demais demorou em média 09 horas baixando... mas não concluí...

e percebi que agora ... não abre de forma nenhuma o MSN

//////////////\\\\\\\\\\\\\\

Opa! nina_michely

 

<@> Agende o scan,pelo Avast,no boot.

 

<1> Clique direito no ícone: < >

<2> Selecione: "Iniciar o Antivirus Avast!" --> Aguarde!

<3> clique esquerdo na seta,virada para cima,que fica no canto superior-esquerdo na tela do Avast.

<4> Escolha: "Agendar escaneamento no boot..."

<5> Selecione: "Escanear todos os discos locais" --> "Escanear o conteúdo dos arquivos" --> "Opções avançadas".

<6> Em "Solicitar ação",clique em "Agendar".

<7> Confirme a reinicialização do computador! ( Reboot )

<8> Ao reiniciar o computador,dar-se-á início ao scan do Avast.

<@> Ps: Envie à quarentena,tudo o que for detectado.

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<!> Tente,à seguir,baixar e executar as ferramentas que lhe foram pedidas! ( OTL.exe + Malwarebytes )

 

Abraços!

[nina_michely 0]

Bom-dia , meu querido....

Consegui baixar o malwarebytes... segue o log...

mas.. quanto ao OTL.exe... não consegui...

-----------------

-----------------

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3510

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

19/3/2010 22:39:27

mbam-log-2010-03-19 (22-39-15).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 163134

Tempo decorrido: 41 minute(s), 57 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 6

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051282.sys (Malware.Trace) -> No action taken.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051424.sys (Malware.Trace) -> No action taken.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051510.sys (Malware.Trace) -> No action taken.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051653.sys (Malware.Trace) -> No action taken.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051799.sys (Malware.Trace) -> No action taken.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051885.sys (Malware.Trace) -> No action taken.

 

Aguardo novas orientações

[DigRam 144]

Boa Tarde! nina_michely

 

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[nina_michely 0]

Olá... Boa-Tarde...

procurei seguir fielmente os passos recomendos...

mas...

consigo baixar o ComboFix... porém ao executá-lo abre uma janela informando erro... e não conclui

Se possível colocar os lincks para serem abertos diretos por aki.. ao invés de janelas externas... agradeço...

minha net com esse virus esta.. DEMASIADAMENTE lenta...

[nina_michely 0]

Olá... Bom-dia...

depois de várias tentativas consegui baixar o ComboFix...

segue analise do log...

Aguardo próxima orientação...

Grata pela atenção...

------------------

------------------

ComboFix 10-03-20.01 - Administrador 21/03/2010 1:37.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.285 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\KomboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrador\Menu Iniciar\Windows Live Messenger .lnk

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-21 to 2010-03-21 ))))))))))))))))))))))))))))

.

 

2010-03-20 09:54 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-03-20 09:54 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-03-20 09:54 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-03-20 09:54 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-03-20 09:54 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-03-20 09:54 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-03-20 09:54 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-03-20 09:54 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-03-20 09:54 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-03-20 00:35 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-20 00:35 . 2010-03-20 09:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-20 00:35 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 03:34 . 2010-03-18 03:04 -------- d-----w- c:\windows\ie8updates

2010-03-16 23:19 . 2010-03-16 23:19 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2010-03-16 20:54 . 2010-03-16 20:54 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-03-16 20:03 . 2009-12-22 05:41 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-03-16 20:03 . 2009-12-22 05:41 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll

2010-03-15 13:36 . 2010-03-15 13:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-03-15 03:16 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-03-15 03:16 . 2008-10-29 18:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll

2010-03-15 03:16 . 2008-10-29 18:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll

2010-03-15 03:16 . 2008-10-29 18:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll

2010-03-15 03:16 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2010-03-15 03:02 . 2010-03-15 03:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-03-15 02:53 . 2010-03-17 01:01 168737 ----a-w- c:\windows\hpoins37.dat

2010-03-15 02:53 . 2009-07-08 14:40 632 ------w- c:\windows\hpomdl37.dat

2010-03-09 21:01 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-06 01:12 . 2004-11-01 07:14 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys

2010-03-06 01:12 . 2004-11-01 07:14 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-03-05 00:10 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-04 11:05 . 2010-03-04 11:16 -------- d-----w- c:\arquivos de programas\Ares

2010-03-03 21:47 . 2010-03-04 01:04 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-03-02 02:35 . 2010-03-03 02:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-03-01 14:51 . 2010-03-01 14:51 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-03-01 05:52 . 2010-03-01 05:52 -------- d-----w- c:\windows\ServicePackFiles

2010-03-01 04:28 . 2010-03-07 22:50 -------- d-----w- c:\arquivos de programas\Google

2010-03-01 04:27 . 2010-03-01 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-03-01 03:14 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-01 03:14 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-03-01 02:55 . 2009-06-21 22:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-01 01:50 . 2009-07-31 04:59 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-01 01:50 . 2008-08-14 09:48 138368 -c----w- c:\windows\system32\dllcache\afd.sys

2010-03-01 01:50 . 2008-06-20 17:36 247808 -c----w- c:\windows\system32\dllcache\mswsock.dll

2010-03-01 01:50 . 2008-06-20 17:36 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll

2010-03-01 01:50 . 2008-06-20 10:44 360960 -c----w- c:\windows\system32\dllcache\tcpip.sys

2010-03-01 01:50 . 2008-06-20 09:32 225920 -c----w- c:\windows\system32\dllcache\tcpip6.sys

2010-03-01 01:50 . 2006-08-16 12:14 100352 -c----w- c:\windows\system32\dllcache\6to4svc.dll

2010-03-01 01:22 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-01 01:13 . 2009-06-05 07:48 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll

2010-03-01 00:56 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-01 00:56 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-02-25 21:35 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys

2010-02-25 21:35 . 2009-03-30 12:39 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-02-25 21:35 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-02-25 21:35 . 2009-03-30 12:39 110592 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2010-02-25 21:35 . 2009-03-30 12:38 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-02-25 21:35 . 2010-03-21 02:09 -------- d-----w- c:\arquivos de programas\Vivo 3G

2010-02-25 05:04 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-02-25 04:48 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys

2010-02-25 04:45 . 2008-10-15 16:59 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-02-25 04:45 . 2008-10-23 13:00 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll

2010-02-25 04:43 . 2009-11-21 16:42 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-02-25 04:40 . 2009-10-15 17:21 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-02-25 04:35 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-02-25 04:28 . 2010-02-25 04:28 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-25 04:27 . 2010-02-25 04:27 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-25 03:27 . 2010-02-25 03:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-25 03:05 . 2008-05-01 14:32 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-02-25 03:03 . 2009-07-10 13:41 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-02-25 02:47 . 2008-04-21 21:27 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-02-25 01:45 . 2009-07-17 18:57 58880 -c----w- c:\windows\system32\dllcache\atl.dll

2010-02-25 01:41 . 2009-08-21 06:51 450560 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-02-25 01:41 . 2007-12-18 14:42 417792 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-02-24 14:29 . 2009-01-07 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-02-24 03:57 . 2010-02-24 03:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-02-24 03:57 . 2010-02-24 03:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-24 03:50 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\25U7W8UR

2010-02-24 03:45 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\L2SYON1V

2010-02-24 03:16 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\L8RH2D8G

2010-02-24 03:05 . 2010-03-20 17:54 -------- d-----w- C:\ComboFix

2010-02-24 02:47 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\0N317HYS

2010-02-24 02:17 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\I8V6Q857

2010-02-24 01:50 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\TQIJQQTV

2010-02-24 01:21 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\CSJALPDC

2010-02-24 00:53 . 2010-02-24 00:54 -------- d-----w- c:\windows\system32\BBDSYVMX

2010-02-24 00:22 . 2010-02-24 00:23 -------- d-----w- c:\windows\system32\LU7CP6E0

2010-02-23 23:48 . 2010-02-23 23:50 -------- d-----w- c:\windows\system32\6GYBZ89A

2010-02-23 23:21 . 2010-02-23 23:23 -------- d-----w- c:\windows\system32\GQMJ94Z7

2010-02-23 23:16 . 2010-02-23 23:17 -------- d-----w- c:\windows\system32\ZQ8AGIKS

2010-02-23 22:48 . 2010-02-23 22:50 -------- d-----w- c:\windows\system32\78TCYBLR

2010-02-23 22:32 . 2010-02-23 22:34 -------- d-----w- c:\windows\system32\1KTMG022

2010-02-23 22:29 . 2010-02-23 22:30 -------- d-----w- c:\windows\system32\991XVVI8

2010-02-23 22:04 . 2010-02-23 22:05 -------- d-----w- c:\windows\system32\XAX0QIFE

2010-02-23 20:26 . 2003-01-01 05:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2010-02-23 20:23 . 2010-02-23 20:24 -------- d-----w- c:\windows\system32\JGYB4E9C

2010-02-23 19:58 . 2010-02-23 20:00 -------- d-----w- c:\windows\system32\GVFT3155

2010-02-23 18:49 . 2010-02-23 18:51 -------- d-----w- c:\windows\system32\XX9ALJMJ

2010-02-23 18:40 . 2010-02-23 18:45 -------- d-----w- c:\windows\system32\UWOTFQCQ

2010-02-23 17:56 . 2010-02-23 17:57 -------- d-----w- c:\windows\system32\I8J2HXVZ

2010-02-23 14:46 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\9S2FH3TU

2010-02-23 14:44 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\iB

2010-02-23 03:39 . 2010-02-23 03:40 -------- d-----w- c:\documents and settings\Administrador\Contacts

2010-02-23 03:29 . 2009-12-30 14:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-02-23 03:29 . 2010-02-23 03:29 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-02-22 22:16 . 2010-02-22 22:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-20 19:20 . 2010-03-20 19:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sammsoft

2010-03-20 19:20 . 2010-03-20 19:20 -------- d-----w- c:\arquivos de programas\Advanced Registry Optimizer

2010-03-15 13:37 . 2010-01-08 18:01 -------- d-----w- c:\arquivos de programas\HP

2010-03-15 13:37 . 2010-01-08 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-03-15 13:19 . 2010-01-20 11:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HpUpdate

2010-03-15 12:28 . 2010-01-21 12:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2010-03-10 03:54 . 2003-01-01 02:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-03-07 01:01 . 2009-08-21 01:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AdobeUM

2010-03-01 11:34 . 2001-10-28 12:07 58998 ----a-w- c:\windows\system32\perfc016.dat

2010-03-01 11:34 . 2001-10-28 12:07 406986 ----a-w- c:\windows\system32\perfh016.dat

2010-03-01 04:27 . 2003-01-01 05:36 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-02-25 21:35 . 2009-10-03 01:06 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

2010-02-25 21:35 . 2003-01-01 07:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-25 04:29 . 2010-02-17 15:36 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-17 19:29 . 2003-01-01 07:02 -------- d-----w- c:\arquivos de programas\ABBYY FineReader 6.0 Sprint

2010-01-23 16:01 . 2010-01-23 16:01 15256 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2010-01-20 11:20 . 2003-01-01 07:00 -------- d-----w- c:\arquivos de programas\epson

2009-12-31 16:14 . 2004-08-04 04:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:41 . 2004-08-04 05:45 664064 ----a-w- c:\windows\system32\wininet.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\arquivos de programas\Advanced Registry Optimizer\ARO.exe" [2009-12-28 2137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]

"nwiz"="nwiz.exe" [2005-06-15 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2004-11-19 1466480]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-29 333088]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/3/2010 06:54 162640]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/3/2010 06:54 19024]

S2 OseSrv;Office Source Engine Service;c:\windows\System32\svchost.exe -k OseSrv [4/8/2004 02:45 14336]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23/2/2010 00:29 27064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

OseSrv REG_MULTI_SZ OseSrv 2Ó È2Ó … osesclib.dll get.setheo.com in.setheo.com D¢ .?AVbad_exception@std@@

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-21 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: {ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E} = 200.142.130.202 200.220.254.43

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-HijackThis - c:\docume~1\ADMINI~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-21 01:45

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1123561945-1580818891-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,cc,f7,4c,e1,eb,ff,42,ac,24,ef,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,cc,f7,4c,e1,eb,ff,42,ac,24,ef,\

 

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b9,2d,80,51,dd,69,d7,3f,b2,6e,1f,5c,06,36,ae,35,de,3c,e9,5e,79,56,d9,

09,6f,a1,7a,b6,dc,be,a6,5f,58,62,98,37,e0,f2,ce,34,37,7f,68,cf,2b,34,82,fd,\

"??"=hex:e4,4e,6e,26,26,5a,18,00,4b,0f,c5,d1,96,3b,60,e3

.

Tempo para conclusão: 2010-03-21 01:47:55

ComboFix-quarantined-files.txt 2010-03-21 04:47

 

Pré-execução: 5.895.892.992 bytes disponíveis

Pós execução: 6.076.751.872 bytes disponíveis

 

- - End Of File - - 07E6F0DCB1F9A0B59A49A79957143501

[DigRam 144]

Bom Dia! nina_michely

 

<@> Desinstale: SecuROM™

<@> Ps: Utilize o Adicionar e remover programas.

<@> Terminando a desinstalação,baixe e execute este utilitário de limpeza.

 

<!> < SecuROM Removal Tool >

 

<@> Retire-o do zip,ao executá-lo! ( SecuROM Remover.exe )

<@> Aceite a remoção completa,onde teremos: registro,pastas ou arquivos

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Folder::

C:\WINDOWS\system32\UAService7.exe

c:\windows\system32\25U7W8UR

c:\windows\system32\L2SYON1V

c:\windows\system32\L8RH2D8G

c:\windows\system32\0N317HYS

c:\windows\system32\I8V6Q857

c:\windows\system32\TQIJQQTV

c:\windows\system32\CSJALPDC

c:\windows\system32\BBDSYVMX

c:\windows\system32\LU7CP6E0

c:\windows\system32\6GYBZ89A

c:\windows\system32\GQMJ94Z7

c:\windows\system32\ZQ8AGIKS

c:\windows\system32\78TCYBLR

c:\windows\system32\1KTMG022

c:\windows\system32\991XVVI8

c:\windows\system32\XAX0QIFE

c:\windows\system32\JGYB4E9C

c:\windows\system32\GVFT3155

c:\windows\system32\XX9ALJMJ

c:\windows\system32\UWOTFQCQ

c:\windows\system32\I8J2HXVZ

c:\windows\system32\9S2FH3TU

Registry::

[-HKEY_LOCAL_MACHINE\software\SecuROM]

Driver::

"UserAccess7"

"OseSrv"

NetSvc::

"OseSrv"

<@> Ps: É recomendável que esteja desconectada,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < deskfix.reg >

<@> Clique direito em seu link --> Salvar destino como... <-- Indique-o para seu desktop.

<@> Execute-o e confirme a inserção ao registro.

<@> Reinicie o computador!

 

Abraços!

[nina_michely 0]

Não consegui detectar esse "SecuRom" para desintalar!

[DigRam 144]

Não consegui detectar esse "SecuRom" para desintalar!

//////////\\\\\\\\\\

Opa! nina_michely

 

<!> Então...execute somente,a ferramenta de limpeza. ( SecuROM Removal Tool )

 

Abraços!

[nina_michely 0]

olá... Boa-Tarde...

1ª... Ao tentar executar a ferramenta de limpeza...

abre o propant, mas não executa...a janela se abre, porém fecha-se rapidamente...

2ª... Entendi, que era para executar os dois procedimentos... então segue a leitura dos Log's...

Aguardo novas orientações... Estou tendo problemas com esse vírus ...

meu computador não esta abrindo allguns sites... e o MSN não abre

---------------------

---------------------

ComboFix 10-03-23.04 - Administrador 24/03/2010 14:26:59.6.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.186 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\KomboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\windows\system32\0N317HYS"

"c:\windows\system32\1KTMG022"

"c:\windows\system32\25U7W8UR"

"c:\windows\system32\6GYBZ89A"

"c:\windows\system32\78TCYBLR"

"c:\windows\system32\991XVVI8"

"c:\windows\system32\9S2FH3TU"

"c:\windows\system32\BBDSYVMX"

"c:\windows\system32\CSJALPDC"

"c:\windows\system32\GQMJ94Z7"

"c:\windows\system32\GVFT3155"

"c:\windows\system32\I8J2HXVZ"

"c:\windows\system32\I8V6Q857"

"c:\windows\system32\JGYB4E9C"

"c:\windows\system32\L2SYON1V"

"c:\windows\system32\L8RH2D8G"

"c:\windows\system32\LU7CP6E0"

"c:\windows\system32\TQIJQQTV"

"c:\windows\system32\UWOTFQCQ"

"c:\windows\system32\XAX0QIFE"

"c:\windows\system32\XX9ALJMJ"

"c:\windows\system32\ZQ8AGIKS"

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-24 to 2010-03-24 ))))))))))))))))))))))))))))

.

 

2010-03-24 17:00 . 2010-03-24 17:00 -------- d--h--w- c:\windows\PIF

2010-03-24 11:52 . 2010-03-24 11:52 -------- d-----w- C:\KomboFix

2010-03-21 17:48 . 2010-03-21 17:48 -------- d-----w- C:\DCIM

2010-03-21 05:46 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys

2010-03-21 05:46 . 2009-03-30 12:39 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-03-21 05:46 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-03-21 05:46 . 2009-03-30 12:39 110592 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2010-03-21 05:46 . 2009-03-30 12:38 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-03-21 05:46 . 2010-03-24 01:17 -------- d-----w- c:\arquivos de programas\Vivo 3G

2010-03-20 19:21 . 2010-03-20 19:21 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-20 19:20 . 2010-03-20 19:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sammsoft

2010-03-20 19:20 . 2010-03-20 19:20 -------- d-----w- c:\arquivos de programas\Advanced Registry Optimizer

2010-03-20 18:57 . 2010-03-20 19:20 -------- d-----w- C:\32788R22FWJFW(2)

2010-03-20 09:54 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-03-20 09:54 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-03-20 09:54 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-03-20 09:54 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-03-20 09:54 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-03-20 09:54 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-03-20 09:54 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-03-20 09:54 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-03-20 09:54 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-03-20 00:35 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-20 00:35 . 2010-03-20 09:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-20 00:35 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 03:34 . 2010-03-18 03:04 -------- d-----w- c:\windows\ie8updates

2010-03-16 23:19 . 2010-03-16 23:19 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2010-03-16 20:54 . 2010-03-16 20:54 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-03-16 20:03 . 2009-12-22 05:41 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-03-16 20:03 . 2009-12-22 05:41 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll

2010-03-15 13:36 . 2010-03-15 13:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-03-15 03:16 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-03-15 03:16 . 2008-10-29 18:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll

2010-03-15 03:16 . 2008-10-29 18:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll

2010-03-15 03:16 . 2008-10-29 18:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll

2010-03-15 03:16 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2010-03-15 03:02 . 2010-03-15 03:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-03-15 02:53 . 2010-03-17 01:01 168737 ----a-w- c:\windows\hpoins37.dat

2010-03-15 02:53 . 2009-07-08 14:40 632 ------w- c:\windows\hpomdl37.dat

2010-03-09 21:01 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-06 01:12 . 2004-11-01 07:14 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys

2010-03-06 01:12 . 2004-11-01 07:14 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-03-05 00:10 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-04 11:05 . 2010-03-04 11:16 -------- d-----w- c:\arquivos de programas\Ares

2010-03-03 21:47 . 2010-03-21 16:44 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-03-02 02:35 . 2010-03-03 02:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-03-01 14:51 . 2010-03-01 14:51 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-03-01 05:52 . 2010-03-01 05:52 -------- d-----w- c:\windows\ServicePackFiles

2010-03-01 04:28 . 2010-03-07 22:50 -------- d-----w- c:\arquivos de programas\Google

2010-03-01 04:27 . 2010-03-01 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-03-01 03:14 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-01 03:14 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-03-01 02:55 . 2009-06-21 22:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-01 01:50 . 2009-07-31 04:59 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-01 01:50 . 2008-08-14 09:48 138368 -c----w- c:\windows\system32\dllcache\afd.sys

2010-03-01 01:50 . 2008-06-20 17:36 247808 -c----w- c:\windows\system32\dllcache\mswsock.dll

2010-03-01 01:50 . 2008-06-20 17:36 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll

2010-03-01 01:50 . 2008-06-20 10:44 360960 -c----w- c:\windows\system32\dllcache\tcpip.sys

2010-03-01 01:50 . 2008-06-20 09:32 225920 -c----w- c:\windows\system32\dllcache\tcpip6.sys

2010-03-01 01:50 . 2006-08-16 12:14 100352 -c----w- c:\windows\system32\dllcache\6to4svc.dll

2010-03-01 01:22 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-01 01:13 . 2009-06-05 07:48 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll

2010-03-01 00:56 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-01 00:56 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-02-25 05:04 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-02-25 04:48 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys

2010-02-25 04:45 . 2008-10-15 16:59 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-02-25 04:45 . 2008-10-23 13:00 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll

2010-02-25 04:43 . 2009-11-21 16:42 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-02-25 04:40 . 2009-10-15 17:21 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-02-25 04:35 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-02-25 04:28 . 2010-02-25 04:28 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-25 04:27 . 2010-02-25 04:27 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-25 03:27 . 2010-02-25 03:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-25 03:05 . 2008-05-01 14:32 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-02-25 03:03 . 2009-07-10 13:41 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-02-25 02:47 . 2008-04-21 21:27 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-02-25 01:45 . 2009-07-17 18:57 58880 -c----w- c:\windows\system32\dllcache\atl.dll

2010-02-25 01:41 . 2009-08-21 06:51 450560 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-02-25 01:41 . 2007-12-18 14:42 417792 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-02-24 14:29 . 2009-01-07 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-02-24 03:57 . 2010-02-24 03:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-02-24 03:57 . 2010-02-24 03:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-24 03:50 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\25U7W8UR

2010-02-24 03:45 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\L2SYON1V

2010-02-24 03:16 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\L8RH2D8G

2010-02-24 03:05 . 2010-03-20 17:54 -------- d-----w- C:\ComboFix

2010-02-24 02:47 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\0N317HYS

2010-02-24 02:17 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\I8V6Q857

2010-02-24 01:50 . 2010-02-24 04:49 -------- d-----w- c:\windows\system32\TQIJQQTV

2010-02-24 01:21 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\CSJALPDC

2010-02-24 00:53 . 2010-02-24 00:54 -------- d-----w- c:\windows\system32\BBDSYVMX

2010-02-24 00:22 . 2010-02-24 00:23 -------- d-----w- c:\windows\system32\LU7CP6E0

2010-02-23 23:48 . 2010-02-23 23:50 -------- d-----w- c:\windows\system32\6GYBZ89A

2010-02-23 23:21 . 2010-02-23 23:23 -------- d-----w- c:\windows\system32\GQMJ94Z7

2010-02-23 23:16 . 2010-02-23 23:17 -------- d-----w- c:\windows\system32\ZQ8AGIKS

2010-02-23 22:48 . 2010-02-23 22:50 -------- d-----w- c:\windows\system32\78TCYBLR

2010-02-23 22:32 . 2010-02-23 22:34 -------- d-----w- c:\windows\system32\1KTMG022

2010-02-23 22:29 . 2010-02-23 22:30 -------- d-----w- c:\windows\system32\991XVVI8

2010-02-23 22:04 . 2010-02-23 22:05 -------- d-----w- c:\windows\system32\XAX0QIFE

2010-02-23 20:26 . 2003-01-01 05:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2010-02-23 20:23 . 2010-02-23 20:24 -------- d-----w- c:\windows\system32\JGYB4E9C

2010-02-23 19:58 . 2010-02-23 20:00 -------- d-----w- c:\windows\system32\GVFT3155

2010-02-23 18:49 . 2010-02-23 18:51 -------- d-----w- c:\windows\system32\XX9ALJMJ

2010-02-23 18:40 . 2010-02-23 18:45 -------- d-----w- c:\windows\system32\UWOTFQCQ

2010-02-23 17:56 . 2010-02-23 17:57 -------- d-----w- c:\windows\system32\I8J2HXVZ

2010-02-23 14:46 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\9S2FH3TU

2010-02-23 14:44 . 2010-03-01 05:40 -------- d-----w- c:\windows\system32\iB

2010-02-23 03:39 . 2010-02-23 03:40 -------- d-----w- c:\documents and settings\Administrador\Contacts

2010-02-23 03:29 . 2009-12-30 14:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-02-23 03:29 . 2010-02-23 03:29 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-02-22 22:16 . 2010-02-22 22:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-21 14:54 . 2001-10-28 12:07 58998 ----a-w- c:\windows\system32\perfc016.dat

2010-03-21 14:54 . 2001-10-28 12:07 406986 ----a-w- c:\windows\system32\perfh016.dat

2010-03-21 05:46 . 2009-10-03 01:06 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

2010-03-21 05:46 . 2003-01-01 07:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-03-15 13:37 . 2010-01-08 18:01 -------- d-----w- c:\arquivos de programas\HP

2010-03-15 13:37 . 2010-01-08 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-03-15 13:19 . 2010-01-20 11:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HpUpdate

2010-03-15 12:28 . 2010-01-21 12:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2010-03-10 03:54 . 2003-01-01 02:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-03-07 01:01 . 2009-08-21 01:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AdobeUM

2010-03-01 04:27 . 2003-01-01 05:36 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-02-25 04:29 . 2010-02-17 15:36 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-17 19:29 . 2003-01-01 07:02 -------- d-----w- c:\arquivos de programas\ABBYY FineReader 6.0 Sprint

2010-01-23 16:01 . 2010-01-23 16:01 15256 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2009-12-31 16:14 . 2004-08-04 04:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2010-03-21_04.45.33 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 12:07 . 2010-03-01 11:34 50532 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2010-03-21 14:54 50532 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2010-03-21 14:54 374064 c:\windows\system32\perfh009.dat

- 2001-10-28 12:07 . 2010-03-01 11:34 374064 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\arquivos de programas\Advanced Registry Optimizer\ARO.exe" [2009-12-28 2137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]

"nwiz"="nwiz.exe" [2005-06-15 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2004-11-19 1466480]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-29 333088]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/3/2010 06:54 162640]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/3/2010 06:54 19024]

S2 OseSrv;Office Source Engine Service;c:\windows\System32\svchost.exe -k OseSrv [4/8/2004 02:45 14336]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23/2/2010 00:29 27064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

OseSrv REG_MULTI_SZ OseSrv 2Ó È2Ó … osesclib.dll get.setheo.com in.setheo.com D¢ .?AVbad_exception@std@@

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-24 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-24 14:32

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b9,2d,80,51,dd,69,d7,3f,b2,6e,1f,5c,06,36,ae,35,de,3c,e9,5e,79,56,d9,

09,6f,a1,7a,b6,dc,be,a6,5f,58,62,98,37,e0,f2,ce,34,37,7f,68,cf,2b,34,82,fd,\

"??"=hex:e4,4e,6e,26,26,5a,18,00,4b,0f,c5,d1,96,3b,60,e3

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1820)

c:\windows\system32\msi.dll

.

Tempo para conclusão: 2010-03-24 14:34:22

ComboFix-quarantined-files.txt 2010-03-24 17:34

ComboFix2.txt 2010-03-21 04:47

 

Pré-execução: 2.237.853.696 bytes disponíveis

Pós execução: 2.239.528.960 bytes disponíveis

 

- - End Of File - - DE3BAF3F58A73E41073B787076AFDCB0

[/code]...

 

HijackThis...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:59, on 24/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do PMB.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: UpTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E}: NameServer = 200.142.130.202 200.220.254.43

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 4892 bytes

[DigRam 144]

Boa Noite! nina_michely

 

<!> Execute,novamente,o procedimento com o ComboFix ( Post #10 ). Cujo script foi corrigido ou retificado.

<!> Poste ComboFix.txt,após ter arrastado CFScript.txt ao ícone que está no desktop. ( ComboFix.exe )

 

Abraços!

[nina_michely 0]

Bom-dia!!...

Segue ... analise de logf....

Aguardando novas orientações...

...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:05:02, on 26/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\KomboFix15621K\CF15959.cfxxe

C:\KomboFix15621K\ComboFix-Download.cfxxe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\D5PMBF1Y\HiJackThis[1].exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [AROReminder] C:\Arquivos de programas\Advanced Registry Optimizer\ARO.exe -rem

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do PMB.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: UpTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E}: NameServer = 200.142.130.202 200.220.254.43

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 5133 bytes

ComboFix 10-03-25.05 - Administrador 26/03/2010 1:09.7.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.254 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\KomboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\0N317HYS

c:\windows\system32\1KTMG022

c:\windows\system32\25U7W8UR

c:\windows\system32\6GYBZ89A

c:\windows\system32\78TCYBLR

c:\windows\system32\991XVVI8

c:\windows\system32\9S2FH3TU

c:\windows\system32\BBDSYVMX

c:\windows\system32\CSJALPDC

c:\windows\system32\GQMJ94Z7

c:\windows\system32\GVFT3155

c:\windows\system32\I8J2HXVZ

c:\windows\system32\I8V6Q857

c:\windows\system32\JGYB4E9C

c:\windows\system32\L2SYON1V

c:\windows\system32\L8RH2D8G

c:\windows\system32\LU7CP6E0

c:\windows\system32\TQIJQQTV

c:\windows\system32\UWOTFQCQ

c:\windows\system32\XAX0QIFE

c:\windows\system32\XX9ALJMJ

c:\windows\system32\ZQ8AGIKS

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_OSESRV

-------\Legacy_USERACCESS7

-------\Service_OseSrv

-------\Service_UserAccess7

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-26 to 2010-03-26 ))))))))))))))))))))))))))))

.

 

2010-03-24 17:00 . 2010-03-24 17:00 -------- d--h--w- c:\windows\PIF

2010-03-24 11:52 . 2010-03-24 11:52 -------- d-----w- C:\KomboFix

2010-03-21 17:48 . 2010-03-21 17:48 -------- d-----w- C:\DCIM

2010-03-21 05:46 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys

2010-03-21 05:46 . 2009-03-30 12:39 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2010-03-21 05:46 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2010-03-21 05:46 . 2009-03-30 12:39 110592 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2010-03-21 05:46 . 2009-03-30 12:38 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2010-03-21 05:46 . 2010-03-26 00:43 -------- d-----w- c:\arquivos de programas\Vivo 3G

2010-03-20 19:21 . 2010-03-20 19:21 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-20 19:20 . 2010-03-20 19:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sammsoft

2010-03-20 19:20 . 2010-03-20 19:20 -------- d-----w- c:\arquivos de programas\Advanced Registry Optimizer

2010-03-20 18:57 . 2010-03-20 19:20 -------- d-----w- C:\32788R22FWJFW(2)

2010-03-20 09:54 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-03-20 09:54 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-03-20 09:54 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-03-20 09:54 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-03-20 09:54 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-03-20 09:54 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-03-20 09:54 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-03-20 09:54 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-03-20 09:54 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-03-20 00:35 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-20 00:35 . 2010-03-20 09:38 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-20 00:35 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 03:34 . 2010-03-18 03:04 -------- d-----w- c:\windows\ie8updates

2010-03-16 23:19 . 2010-03-16 23:19 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2010-03-16 20:54 . 2010-03-16 20:54 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-03-16 20:03 . 2009-12-22 05:41 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-03-16 20:03 . 2009-12-22 05:41 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll

2010-03-15 13:36 . 2010-03-15 13:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-03-15 03:16 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-03-15 03:16 . 2008-10-29 18:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll

2010-03-15 03:16 . 2008-10-29 18:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll

2010-03-15 03:16 . 2008-10-29 18:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll

2010-03-15 03:16 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2010-03-15 03:02 . 2010-03-15 03:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-03-15 02:53 . 2010-03-17 01:01 168737 ----a-w- c:\windows\hpoins37.dat

2010-03-15 02:53 . 2009-07-08 14:40 632 ------w- c:\windows\hpomdl37.dat

2010-03-09 21:01 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-06 01:12 . 2004-11-01 07:14 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys

2010-03-06 01:12 . 2004-11-01 07:14 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-03-05 00:10 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-04 11:05 . 2010-03-04 11:16 -------- d-----w- c:\arquivos de programas\Ares

2010-03-03 21:47 . 2010-03-21 16:44 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-03-02 02:35 . 2010-03-03 02:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-03-01 14:51 . 2010-03-01 14:51 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-03-01 05:52 . 2010-03-01 05:52 -------- d-----w- c:\windows\ServicePackFiles

2010-03-01 04:28 . 2010-03-07 22:50 -------- d-----w- c:\arquivos de programas\Google

2010-03-01 04:27 . 2010-03-01 04:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-03-01 03:14 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-01 03:14 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-03-01 02:55 . 2009-06-21 22:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-01 01:50 . 2009-07-31 04:59 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-01 01:50 . 2008-08-14 09:48 138368 -c----w- c:\windows\system32\dllcache\afd.sys

2010-03-01 01:50 . 2008-06-20 17:36 247808 -c----w- c:\windows\system32\dllcache\mswsock.dll

2010-03-01 01:50 . 2008-06-20 17:36 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll

2010-03-01 01:50 . 2008-06-20 10:44 360960 -c----w- c:\windows\system32\dllcache\tcpip.sys

2010-03-01 01:50 . 2008-06-20 09:32 225920 -c----w- c:\windows\system32\dllcache\tcpip6.sys

2010-03-01 01:50 . 2006-08-16 12:14 100352 -c----w- c:\windows\system32\dllcache\6to4svc.dll

2010-03-01 01:22 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-01 01:13 . 2009-06-05 07:48 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll

2010-03-01 00:56 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-01 00:56 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-02-25 05:04 . 2008-04-11 18:51 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-02-25 04:48 . 2009-12-31 16:14 352640 -c----w- c:\windows\system32\dllcache\srv.sys

2010-02-25 04:45 . 2008-10-15 16:59 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-02-25 04:45 . 2008-10-23 13:00 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll

2010-02-25 04:43 . 2009-11-21 16:42 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-02-25 04:40 . 2009-10-15 17:21 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-02-25 04:35 . 2008-05-08 12:28 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-02-25 04:28 . 2010-02-25 04:28 -------- d-----w- c:\arquivos de programas\Microsoft

2010-02-25 04:27 . 2010-02-25 04:27 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-02-25 03:27 . 2010-02-25 03:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-02-25 03:05 . 2008-05-01 14:32 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-02-25 03:03 . 2009-07-10 13:41 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-02-25 02:47 . 2008-04-21 21:27 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-02-25 01:45 . 2009-07-17 18:57 58880 -c----w- c:\windows\system32\dllcache\atl.dll

2010-02-25 01:41 . 2009-08-21 06:51 450560 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2010-02-25 01:41 . 2007-12-18 14:42 417792 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2010-02-24 14:29 . 2009-01-07 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-21 14:54 . 2001-10-28 12:07 58998 ----a-w- c:\windows\system32\perfc016.dat

2010-03-21 14:54 . 2001-10-28 12:07 406986 ----a-w- c:\windows\system32\perfh016.dat

2010-03-21 05:46 . 2009-10-03 01:06 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

2010-03-21 05:46 . 2003-01-01 07:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-03-15 13:37 . 2010-01-08 18:01 -------- d-----w- c:\arquivos de programas\HP

2010-03-15 13:37 . 2010-01-08 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-03-15 13:19 . 2010-01-20 11:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HpUpdate

2010-03-15 12:28 . 2010-01-21 12:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2010-03-10 03:54 . 2003-01-01 02:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-03-07 01:01 . 2009-08-21 01:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AdobeUM

2010-03-01 04:27 . 2003-01-01 05:36 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-02-25 04:29 . 2010-02-17 15:36 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-24 03:57 . 2010-02-24 03:57 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2010-02-24 03:57 . 2010-02-24 03:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-23 03:29 . 2010-02-23 03:29 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-02-22 22:16 . 2010-02-22 22:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge

2010-02-17 19:29 . 2003-01-01 07:02 -------- d-----w- c:\arquivos de programas\ABBYY FineReader 6.0 Sprint

2010-01-23 16:01 . 2010-01-23 16:01 15256 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2009-12-31 16:14 . 2004-08-04 04:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 14:20 . 2010-02-23 03:29 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2010-03-21_04.45.33 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 12:07 . 2010-03-01 11:34 50532 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2010-03-21 14:54 50532 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2010-03-21 14:54 374064 c:\windows\system32\perfh009.dat

- 2001-10-28 12:07 . 2010-03-01 11:34 374064 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\arquivos de programas\Advanced Registry Optimizer\ARO.exe" [2009-12-28 2137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]

"nwiz"="nwiz.exe" [2005-06-15 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2004-11-19 1466480]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-29 333088]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/3/2010 06:54 162640]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/3/2010 06:54 19024]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23/2/2010 00:29 27064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

OseSrv REG_MULTI_SZ OseSrv 2Ó È2Ó … osesclib.dll get.setheo.com in.setheo.com D¢ .?AVbad_exception@std@@

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-26 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: {ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E} = 200.142.130.202 200.220.254.43

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-26 01:21

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b9,2d,80,51,dd,69,d7,3f,b2,6e,1f,5c,06,36,ae,35,de,3c,e9,5e,79,56,d9,

09,6f,a1,7a,b6,dc,be,a6,5f,58,62,98,37,e0,f2,ce,34,37,7f,68,cf,2b,34,82,fd,\

"??"=hex:e4,4e,6e,26,26,5a,18,00,4b,0f,c5,d1,96,3b,60,e3

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1704)

c:\windows\system32\msi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\WgaTray.exe

c:\windows\SOUNDMAN.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-03-26 01:25:20 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-26 04:25

ComboFix2.txt 2010-03-24 17:34

ComboFix3.txt 2010-03-21 04:47

 

Pré-execução: 15 pasta(s) 10.247.606.272 bytes disponíveis

Pós execução: 16 pasta(s) 10.209.783.808 bytes disponíveis

 

- - End Of File - - 5BF8964D6A99B838710D4F1561F0ECF5

[DigRam 144]

Bom Dia! nina_michely

 

<@> Baixe: < WGANotify_Remover_1.0.exe >

<@> Salve-o no desktop.

<@> Abra o WGANotify_Remover... e clique em "Remove" -> Reinicie o computador e repita a operação!

<@> Ps: Caso não resolva,procure executar esse arquivo:

 

<!> C:\WINDOWS\system32\WgaTray.exe

 

<@> Siga com sua instalação e,no caminho,rejeite a EULA.

<@> Ps: Como essa notificação surge ao ser instalada a WGA,e constatando SO não original,você será impedida de receber atualizações da Microsoft.

<@> Ps: Procure regularizar essa situação,adquirindo produtos originais.

00000000000000000000

00000000000000000000

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

00000000000000000000

00000000000000000000

<@> Vá em Iniciar --> Executar --> Digite ou cole: sfc /scannow --> Clique OK.

 

< >

 

<@> Será pedido a colocação do CD-ROM,do Windows XP,no drive.

<@> Aguarde a conclusão do reparo! --> Reinicie!

<@> Ps: Informe a situação de seu computador,e quais problemas permanecem.

 

Abraços!

[nina_michely 0]

Boa-Tardeeeeeeeeeee.....

Bom... pelo menos a mensagem que estava sobre a falsificação... saiu da área de trabalho...

conseguir implantar uma imagem...consegui também abrir meus e-mails...

massssss..... o MSN... ficou desconfigurado.. somente consigo entra se for pelo HOTMAIL...

[DigRam 144]

Boa-Tardeeeeeeeeeee.....

Bom... pelo menos a mensagem que estava sobre a falsificação... saiu da área de trabalho...

conseguir implantar uma imagem...consegui também abrir meus e-mails...

massssss..... o MSN... ficou desconfigurado.. somente consigo entra se for pelo HOTMAIL...

////////////////\\\\\\\\\\\\\\\\

Bom Dia! nina_michely

 

<@> Utilize a função oculta,que executa reparos,no Windows Live Messenger.

<@> Vá em Adicionar e remover programas,e desinstale o WLM. ( Windows Live Messenger )

<@> Sendo que,durante o processo,escolha: "Reparar" --> Aguarde!

<@> Ps: Caso não funcione,desinstale-o e baixe esta versão mais estável: < WLM 8.5 >

<@> Salve-o em Arquivos de programas --> Siga com sua instalação!

<@> Aguardo retorno!

 

Abraços!

[nina_michely 0]

Olá...

Bom-diaaaaaaaaaaaaaaaaa.....

Nossa... meu caro... você, decididamente sabe o que faz...

e decididamente... entende... desse Trêm...

Muitooooooooo... Obrigadaaaaaaaaaaaaa...

Problema Resolvido....

Obrigada pela paciência e atenção dispensada

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.